Learning Objectives:
- Master systemd service management for controlling system processes and daemons
- Implement comprehensive user and permission management strategies
- Set up system monitoring and log analysis for proactive maintenance
- Develop skills for troubleshooting service failures and system issues
Systemd is Arch Linux's init system and service manager, responsible for starting services, managing dependencies, and maintaining system state. Understanding systemd is essential for effective system administration.
Understanding Systemd Units: Systemd manages various types of units including services (.service), mount points (.mount), timers (.timer), and sockets (.socket). Each unit has a configuration file defining its behavior and dependencies.
Essential Systemctl Commands: Master these fundamental service management operations:
Service Status and Information:
# Check service status
systemctl status service-name
# List all active services
systemctl list-units --type=service
# List all installed services (active and inactive)
systemctl list-units --type=service --all
# Show service dependencies
systemctl list-dependencies service-name
# Display service configuration
systemctl show service-name
Service Control Operations:
# Start a service immediately
sudo systemctl start service-name
# Stop a running service
sudo systemctl stop service-name
# Restart a service (stop then start)
sudo systemctl restart service-name
# Reload service configuration without stopping
sudo systemctl reload service-name
# Enable service to start at boot
sudo systemctl enable service-name
# Disable service from starting at boot
sudo systemctl disable service-name
# Enable and start service in one command
sudo systemctl enable --now service-name
Advanced Service Management: Handle complex service scenarios and troubleshooting:
Service Masking and Unmasking:
# Mask service (prevent it from being started)
sudo systemctl mask service-name
# Unmask service
sudo systemctl unmask service-name
# Check if service is masked
systemctl is-enabled service-name
Service Failure Analysis:
# Show failed services
systemctl --failed
# Reset failed state
sudo systemctl reset-failed service-name
# View service logs
journalctl -u service-name
# Follow service logs in real-time
journalctl -u service-name -f
Creating Custom Services: Create your own systemd services for applications and scripts:
# Create service file
sudo nano /etc/systemd/system/myapp.service
Example service configuration:
[Unit]
Description=My Custom Application
After=network.target
[Service]
Type=simple
User=myuser
WorkingDirectory=/opt/myapp
ExecStart=/opt/myapp/start.sh
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target
Service Management Best Practices:
- Always check service status after making changes
- Use
systemctl daemon-reloadafter modifying service files - Test services in non-production environments first
- Monitor service logs for errors and warnings
- Document custom service configurations
Effective user management ensures system security while providing appropriate access to resources. Arch Linux uses traditional Unix permission models enhanced with modern access control systems.
User Account Management: Create and manage user accounts with appropriate privileges:
Creating User Accounts:
# Create user with home directory
sudo useradd -m -s /bin/bash username
# Create user with specific UID and groups
sudo useradd -m -u 1001 -G wheel,audio,video username
# Set user password
sudo passwd username
# Create system user (for services)
sudo useradd -r -s /bin/nologin service-user
User Account Modification:
# Add user to group
sudo usermod -aG groupname username
# Change user's default shell
sudo usermod -s /bin/zsh username
# Lock user account
sudo usermod -L username
# Unlock user account
sudo usermod -U username
# Change user's home directory
sudo usermod -d /new/home/path username
Group Management: Organize users and permissions through group membership:
# Create new group
sudo groupadd groupname
# Delete group
sudo groupdel groupname
# List user's groups
groups username
# List all groups
getent group
# Add user to group temporarily
newgrp groupname
Sudo Configuration: Configure sudo access for administrative privileges:
# Edit sudoers file safely
sudo visudo
# Add user to wheel group (common sudo group)
sudo usermod -aG wheel username
Common sudoers configurations:
# Allow wheel group members to use sudo
%wheel ALL=(ALL) ALL
# Allow user to run specific commands without password
username ALL=(ALL) NOPASSWD: /usr/bin/systemctl
# Allow group to run commands as specific user
%developers ALL=(www-data) ALL
File Permissions and Ownership: Manage file access through permissions and ownership:
Permission Management:
# Change file permissions (numeric)
chmod 755 filename
chmod 644 filename
# Change file permissions (symbolic)
chmod u+x filename # Add execute for owner
chmod g-w filename # Remove write for group
chmod o=r filename # Set read-only for others
# Change ownership
sudo chown user:group filename
# Change ownership recursively
sudo chown -R user:group directory/
# Change group ownership only
sudo chgrp groupname filename
Special Permissions:
# Set sticky bit (typically on directories)
chmod +t directory/
# Set setuid bit (run as file owner)
chmod u+s executable
# Set setgid bit (run as file group)
chmod g+s executable
# View special permissions
ls -la filename
Proactive system monitoring prevents issues and helps diagnose problems quickly. Arch Linux provides comprehensive logging and monitoring tools.
Journalctl Log Management: Journalctl is systemd's log management tool, providing centralized access to all system logs:
Basic Log Viewing:
# View all logs
journalctl
# View logs from current boot
journalctl -b
# View logs from previous boot
journalctl -b -1
# View logs for specific service
journalctl -u service-name
# Follow logs in real-time
journalctl -f
# View logs for specific time period
journalctl --since "2024-01-01" --until "2024-01-02"
Advanced Log Filtering:
# View logs by priority (0=emergency, 7=debug)
journalctl -p err
# View logs for specific user
journalctl _UID=1000
# View kernel messages
journalctl -k
# View logs with specific fields
journalctl _SYSTEMD_UNIT=sshd.service
# Export logs to file
journalctl -u service-name > service.log
Log Management and Maintenance:
# Check journal disk usage
journalctl --disk-usage
# Clean old logs (keep 2 weeks)
sudo journalctl --vacuum-time=2weeks
# Limit journal size
sudo journalctl --vacuum-size=100M
# Configure persistent logging
sudo mkdir -p /var/log/journal
sudo systemctl restart systemd-journald
System Performance Monitoring: Monitor system resources and performance:
Process and Resource Monitoring:
# Install monitoring tools
sudo pacman -S htop iotop nethogs
# View running processes
htop
# Monitor disk I/O
sudo iotop
# Monitor network usage by process
sudo nethogs
# View system resource usage
top
free -h
df -h
System Information Commands:
# View system information
uname -a
hostnamectl
timedatectl
# Check system uptime and load
uptime
# View memory usage
cat /proc/meminfo
# View CPU information
cat /proc/cpuinfo
lscpu
# View hardware information
lshw -short
lspci
lsusb
Service Inventory: Create a comprehensive list of all services running on your system. Understand what each service does and whether it's necessary for your use case.
User Management Practice: Set up a test user account with specific group memberships and sudo privileges. Practice modifying permissions and troubleshooting access issues.
Log Analysis Skills: Spend time exploring journalctl commands and practice filtering logs by different criteria. Set up log monitoring for critical services.
Custom Service Creation: Create a simple custom service for a script or application you use regularly. Test the service startup, shutdown, and failure recovery.
Monitoring Setup: Install and configure system monitoring tools. Set up alerts or regular checks for disk space, memory usage, and service health.
You've now mastered the core system administration skills needed to manage an Arch Linux system effectively. Understanding systemd service management, user administration, and system monitoring provides the foundation for maintaining a stable, secure system.
These administrative skills are essential for both personal systems and server environments. The ability to manage services, users, and system resources efficiently will serve you well as your Linux expertise grows.
In the next module, we'll focus on network configuration and security, building on your administrative skills to create a properly secured and networked system.