Systemd is a modern SysV-style init and rc replacement for Linux systems which makes use of many modern Linux kernel features. It provides a system and service manager that runs as PID 1 and starts the rest of the system. Systemd is what is responsible for controlling how services are started, stopped, restarted and otherwise managed on modern Linux distributions.

<img alt="" data-ezsrc="https://kirelos.com/wp-content/uploads/2020/04/echo/run-systemd-unit-without-sudo-or-root.png" data-ez ezimgfmt="rs rscb8 src ng ngcb8 srcset" src="data:image/svg xml,”>

The standard Systemd Service unit files that come with the Linux system or installed by third party applications usually run as root or system user account. This guide will show you how you can run a Systemd Service without root as a standard user Logged into the system.

Systemd Service unit

A Systemd unit file contains configuration directives that describe the unit and define its behavior. In this guide, we will write a systemd unit file that can be managed by logged in user without sudo.

Run Systemd Service as standard Logged in user

A user Systemd service should be placed in ~/.config/systemd/user/ directory if you want to have full ownership as normal user. Create it if it doesn’t exist.

mkdir -p  ~/.config/systemd/user/

We’ll create a test service which runs Syncthing application.

curl -s https://api.github.com/repos/syncthing/syncthing/releases/latest | grep browser_download_url | grep linux-amd64 | cut -d '"' -f 4 | wget -qi -
tar xvf syncthing-linux-amd64*.tar.gz
sudo cp syncthing-linux-amd64-*/syncthing  /usr/local/bin/

Let’s confirm our application binary is available.

$ syncthing --version
syncthing v1.4.0 "Fermium Flea" (go1.13.8 linux-amd64) [email protected] 2020-03-06 19:52:22 UTC

Create a systemd service unit file under the directory.

$ vim  ~/.config/systemd/user/syncthing.service
[Unit]
Description=Syncthing - Open Source Continuous File Synchronization
Documentation=man:syncthing(1)

[Service]
ExecStart=/usr/local/bin/syncthing -no-browser -no-restart -logflags=0
Restart=on-failure
SuccessExitStatus=3 4
RestartForceExitStatus=3 4

# Hardening
SystemCallArchitectures=native
MemoryDenyWriteExecute=true
NoNewPrivileges=true

[Install]
WantedBy=default.target

Reload systemd.

$ systemctl --user daemon-reload

Confirm the service is available.

$ systemctl --user list-unit-files syncthing.service
UNIT FILE         STATE   
syncthing.service disabled

1 unit files listed.

You can start the service then after creation.

$ systemctl --user enable --now syncthing.service
Created symlink /home/vagrant/.config/systemd/user/default.target.wants/syncthing.service → /home/vagrant/.config/systemd/user/syncthing.service.

Let’s check the status of our service.

$ systemctl --user status syncthing.service 
● syncthing.service - Syncthing - Open Source Continuous File Synchronization
   Loaded: loaded (/home/vagrant/.config/systemd/user/syncthing.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2020-04-03 17:18:54 UTC; 5s ago
     Docs: man:syncthing(1)
 Main PID: 22628 (syncthing)
   CGroup: /user.slice/user-1000.slice/[email protected]/syncthing.service
           ├─22628 /usr/local/bin/syncthing -no-browser -no-restart -logflags=0
           └─22632 /usr/local/bin/syncthing -no-browser -no-restart -logflags=0

The option used is:

  • –user – Connect to user service manager

That’s the same process you’ll use to create any other Systemd service that you want to manage without privilege escalation or creating a different system user to run the service.

More on Systemd:

Preserve Systemd Journals Logging with Persistent Storage

How To Run Java Jar Application with Systemd on Linux