I want to run Firefox as different users (Kubuntu 24.04). I've created extra users, then I do $ xhost +SI:localuser:NEW_USER $ sudo -u NEW_USER firefox I get this error message: /user.slice/user-1000.slice/user@1000.service/app.slice/app-org.kde.konsole-32c90ac053c74c8b88698b978c0ba6b5.scope is not a snap cgroup Digging, I've come across these: how to make it possible using SSH and using systemd-run The SSH method works, but I don't want to go that route. Now, I run this command: systemd-run --uid=1001 --slice=user-1001.slice /bin/sh /path/test.sh test.sh writes into a file that only user uid 1001 has access to, and then starts firefox. Checking, content gets written, but Firefox doesn't run. Checking with ps, there's no firefox process. How can I get Firefox (installed as a snap) to run as a different user?

If the environment variable DISPLAY is set and I do `/bin/su - root` from a user shell in an X terminal, then a login shell for root is setup and the DISPLAY environment variable is still present. If I do `/usr/bin/systemd-run --quiet --setenv DISPLAY -t /bin/bash -c 'echo "DISPLAY is ${DISPLAY}" ; export DISPLAY=${DISPLAY} ; DISPLAY=${DISPLAY} /bin/su - root'` [Yes having both the export and the DISPLAY= before the command is probably overkill.] then when the login shell for root arrives, the DISPLAY environmental variable is not set, even though it was present and correctly echoed from the systemd-run process before the shell started up. (And I have tried doing --setenv DISPLAY=some_other_value just to check that a distinct value is being passed.) Testing the complicated `/bin/bash -c 'echo "DISPLAY is ${DISPLAY}" ; export DISPLAY=${DISPLAY} ; DISPLAY=${DISPLAY} /bin/su - root'` on its own just to check that starting the /bin/su -root from a bash command works, the display environmental variable is present in the root login shell. Omitting the bash invocation and just using /bin/su with the systemd-run command does not work and I include the bash invocation because of the answer to the earlier question systemd-run does not set environment variables when using --setenv So why is the DISPLAY not kept when the su login shell is started from systemd-run even though it has been correctly passed to the systemd-run environment with the setenv parameter? For reference, this is on openSUSE Leap 15.6 with systemd 254 (254.20+suse.113.gf7f6a3454e).

I've got a few things that I don't want to update while my graphical session is running, but would be happy to have them updated on shutdown (after my graphical session ended, while network is still up), *once*. So, I don't want to write a service file, enable it, and then have it run at *every* shutdown. Now, I thought, OK, systemd-run to the rescue:

systemd-run \
           --property=Type=oneshot \
           --property=DefaultDependencies=no \
           --property=Requires=network.service \
           --property=WantedBy=shutdown.target \
           /usr/bin/dnf5 update -y package1 packge2…

But that fails with

Failed to start transient service unit: Dependency type WantedBy may not be created transiently.

Is there another way to this?

I'm wanting to use cgroups and systemd-run to insulate the rest of my system from rogue programs that wake the OOM killer. In particular, clangd is hogging all my memory and then some, and then triggering the OOM Killer. That's a separate problem and a separate question. (Although any answers welcome) This question is about why my usage of systemd-run isn't working. If I wrap it like so...

-run --user --scope -p MemoryHigh=3G clangd --clang-tidy --malloc-trim --log=info --background-index -j 8 --pch-storage=disk --background-index-priority=low

It doesn't stop it from going hog wild and the OOM killer killing my gnome session and making me log in again! I have tried MemoryMax=5G and it doesn't make a difference. Details of my setup are.... * Ubuntu Noble 24.04 LTS * clangd 18.1.3 * MemTotal: 16101600 kB * SwapTotal: 5242876 kB * Linux version 6.8.0-41-generic (buildd@lcy02-amd64-100) (x86_64-linux-gnu-gcc-13 (Ubuntu 13.2.0-23ubuntu4) 13.2.0, GNU ld (GNU Binutils for Ubuntu) 2.42) #41-Ubuntu SMP PREEMPT_DYNAMIC Fri Aug 2 20:41:06 UTC 202

systemd-run --version
systemd 255 (255.4-1ubuntu8.4)
+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified

References I'm using... * https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#Memory%20Accounting%20and%20Control * https://www.freedesktop.org/software/systemd/man/latest/systemd-run.html#

when running systemd-run --pty --same-dir --wait --service-type=exec I get all the command output in journal. While nice, it is not something I want/can afford all the time. for example, if I want root to run ls as

systemd-run --user  --nice=+1 --same-dir --collect --service-type=exec --pty --wait --unit MYSYSRUND ls -la

how can I avoid the output of ls being on journal? metadata is fine.

I am trying to run commands from a root shell as other users. I am trying to remove sudo from it:

systemd-run --user --pty --same-dir --wait --service-type=exec sudo -u ubuntu make

I tried:

systemd-run --pty --same-dir --wait --service-type=exec --uid=1000 make

(removed --user as it only works on system context, added --uid= despite it being equivalent to unit's User= it only works on uid, and removed sudo -u ubuntu from the cmd) > Failed to start transient service unit: Transport endpoint is not connected Only mentions I've found of this cryptic error are about machinectl container/vms/remotes not being started. But in my case i'm using the systemd system of the very host. What is the correct way to use --uid parameter on systemd-run?

I use systemd-run --user a lot to run things. I want to be able to list only those transient units, but there seems to be no option to systemctl --user list-units to do it. I also cannot list the Transient propery in systemctl --user list-units --output json, so this is also not working for me. How do I list only transient jobs (Transient=yes)?

Why can't I pass a command group to systemd-run like this?

$ systemd-run --on-active=1 { cp file1 file2 && echo hi; }
Failed to find executable {: No such file or directory

I tried various combinations of quoting, braces, and subshells but to no avail. I feel like this might be a problem with the shell-linux divide. I looked into https://www.freedesktop.org/software/systemd/man/systemd.service.html#Command%20lines but couldn't find a solution there either. I could of course put the commands into a script, but I really want to know what I am missing here. Any ideas? --- Context, because maybe there is a different solution entirely: I am trying to create a solution to reset network settings after a certain countdown by copying back a previously created backup file, unless another command deletes it first (when the new network settings are successful). I am attempting a solution with a transient timer with systemd-run that executes two commands, where the restart is only executed when cp succeeds: systemd-run --on-active=300 { cp /etc/systemd/network/10-wired.network.backup /etc/systemd/network/10-wired.network && systemctl restart systemd-networkd; }

I'd like to limit the resource consumption of temporary commands with cgroup created by systemd-run, similar to what cgcreate does instead, but I'm not sure if that makes sense? I'd like to make sure I'm trying this correctly, thank you all!

┌──[root@liruilongs.github.io]-[~]
└─$ systemd-run -p  MemoryLimit=5M  -p CPUShares=100 --unit=sleep-50 --slice=test sleep 50
Running as unit sleep-50.service.

┌──[root@liruilongs.github.io]-[~]
└─$ systemctl status sleep-50.service
● sleep-50.service - /usr/bin/sleep 50
   Loaded: loaded (/run/systemd/system/sleep-50.service; static; vendor preset: disabled)
  Drop-In: /run/systemd/system/sleep-50.service.d
           └─50-CPUShares.conf, 50-Description.conf, 50-ExecStart.conf, 50-MemoryLimit.conf, 50-Slice.conf
   Active: active (running) since 六 2022-10-29 01:29:29 CST; 10s ago
 Main PID: 33234 (sleep)
   Memory: 92.0K (limit: 5.0M)
   CGroup: /test.slice/sleep-50.service
           └─33234 /usr/bin/sleep 50

10月 29 01:29:29 liruilongs.github.io systemd: Started /usr/bin/sleep 50.

┌──[root@liruilongs.github.io]-[~]
└─$ systemctl cat sleep-50.service
# /run/systemd/system/sleep-50.service
# Transient stub

# /run/systemd/system/sleep-50.service.d/50-CPUShares.conf
[Service]
CPUShares=100
# /run/systemd/system/sleep-50.service.d/50-Description.conf
[Unit]
Description=/usr/bin/sleep 50
# /run/systemd/system/sleep-50.service.d/50-ExecStart.conf
[Service]
ExecStart=
ExecStart=@/usr/bin/sleep "/usr/bin/sleep" "50"
# /run/systemd/system/sleep-50.service.d/50-MemoryLimit.conf
[Service]
MemoryLimit=5242880
# /run/systemd/system/sleep-50.service.d/50-Slice.conf
[Service]
Slice=test.slice
┌──[root@liruilongs.github.io]-[~]
└─$ systemctl status sleep-50.service
Unit sleep-50.service could not be found.
┌──[root@liruilongs.github.io]-[~]
└─$

What is the best way of using systemd-run in place of a simple sudo -u xxx at -f backupJ-447.cmd 03:10 Our org has gone systemd mad and no longer installs 'at', 'batch' and cron is depricated on our new systems. I need a way to scheule occasional "one-off" file copies to happen in the middle of the night. I tried the following sudo systemd-run --unit=backupJ-477.cmd --on-calendar 03:10 sudo -u xxx /home/me/backupJ-477.cmd But the job is permanent and runs every night. If I delete the job its unit name is somehow still persistent and cant be reused. If I dont give it a unit name I end up with dozens of random unit or job numbers which I cant review to see what they do/did.

I am using different methods for different programs to control their resource management. When I used **systemd-run** for **gimp**(GNU image manipulation program), when picture's memory requirement is higher than limit(i.e. 300MB which I set), program crashed and closed. Is there any **systemd-run** method which provides both using it safely without crashing and limiting its memory to a limit? I used below command to start it with systemd-run in its shortcut (i.e. its desktop file ) :

systemd-run --scope -p MemoryLimit=300M gimp-2.8 %U

I'm trying to execute a command under some resource limits. This correctly limits my-bin to just 1 CPU core. I'm able to verify with htop.

$ sudo systemd-run -p AllowedCPUs=0 -- ./my-bin

However, this doesn't work. htop shows all cores active.

$ systemd-run --user -p AllowedCPUs=0 -- ./my-bin

Seems like my user slice is under the correct controllers. I set Delegate=yes for my user slice. I followed this [guide](https://wiki.archlinux.org/index.php/cgroups#Switching_to_cgroups_v2) .

$ cat /sys/fs/cgroup/user.slice/user-1000.slice/cgroup.controllers    
cpuset cpu io memory pids

Here's my version info.

$ systemctl --version
systemd 247 (247.2-1-arch)
+PAM +AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYP
T +GNUTLS +ACL +XZ +LZ4 +ZSTD +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 
default-hierarchy=hybrid

Is there some configuration I missed? Or am I misunderstanding how this is supposed to work?

I saw a few files/dir are inaccessible even to the root user: find: ‘/run/user/1000/gvfs’: Permission denied. So I went a level deeper and ran ls -l; below is the output. /run/user/125# ll ls: cannot access 'gvfs': Permission denied total 4 drwx------ 12 gdm gdm 340 Sep 3 10:20 ./ drwxr-xr-x 4 root root 80 Sep 3 10:19 ../ srw-rw-rw- 1 gdm gdm 0 Sep 3 10:19 bus= drwx------ 3 gdm gdm 60 Sep 3 10:19 dbus-1/ drwx------ 2 gdm gdm 60 Sep 3 10:19 dconf/ drwx--x--x 2 gdm gdm 60 Sep 3 10:19 gdm/ prw-rw-r-- 1 gdm gdm 0 Sep 3 10:19 gnome-session-leader-fifo| drwx------ 3 gdm gdm 60 Sep 3 10:19 gnome-shell/ drwx------ 2 gdm gdm 140 Sep 3 10:19 gnupg/ d????????? ? ? ? ? ? gvfs/ -rw------- 1 gdm gdm 318 Sep 3 10:19 ICEauthority d--------- 3 gdm gdm 160 Sep 3 10:19 inaccessible/ drwx------ 2 gdm gdm 100 Sep 3 10:19 keyring/ srw-rw-rw- 1 gdm gdm 0 Sep 3 10:19 pk-debconf-socket= drwx------ 2 gdm gdm 80 Sep 3 10:19 pulse/ srw-rw-rw- 1 gdm gdm 0 Sep 3 10:19 snapd-session-agent.socket= drwxr-xr-x 3 gdm gdm 100 Sep 3 10:19 systemd/ Why do we see ? against file/dir gvfs?

At the time of Linux installation, i have mentioned only one filesystem (/dev/sda1 -> ext4 -> / ). But for dev, run, proc, sys - Linux is creating addition FS which is inferable from mount. $ mount sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime) proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) udev on /dev type devtmpfs (rw,nosuid,noexec,relatime,size=12138104k,nr_inodes=3034526,mode=755) devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000) tmpfs on /run type tmpfs (rw,nosuid,nodev,noexec,relatime,size=2433824k,mode=755) /dev/sda4 on / type ext4 (rw,relatime,errors=remount-ro) ... I am aware that /proc is a Virtual FS and is in memory and not on any HDD/SSD. Could some one explain what is the case with /dev, /run and /sys. Do they exist on HDD (if so what is there location if it can be meaningfully traced). Based on already asked Q - Why inode numbers of /dev and /run are same as that of /?

I would like to replace my Xsession with my custom program (kiosk-like setup), previously I was just setting STARTUP variable in my .xsessionrc file like: STARTUP='/path/to/my/program' Now I want to wrap my program as a systemd service to utilize some systemd features like journal logging, configurable automatic restarts, etc. As with previous setup I would prefer to avoid to run 3rd-party session and window managers, but I still have to run something to keep session active, so I've used: STARTUP='systemd-run --user --scope /path/to/my/program' However it's still not a convenient systemd unit and finally I've ended up with: STARTUP='systemd-run --user --scope --unit my-session sleep inf' and defined a service unit for my program to run: [Unit] Description=My service BindsTo=my-session.scope Requisite=my-session.scope After=my-session.scope [Service] Type=exec ExecStart=/path/to/my/program Restart=always [Install] WantedBy=my-session.scope In general this setup works like a charm however relying on scope name that is generated on the fly seems clunky for me and moreover sometimes it's required to do implicit cleanup on session restart like: systemctl reset-failed my.service my-session.scope because systemd complains that my-session.scope already exists. So, I'm looking for a way to run systemd service synchronously as systemd-run --scope does but same time re-using existing unit file and not generating one on the fly. P.S.: I've tried following approach but it doesnt work correctly (interrupting systemctl doesnt interrupt the service managed): systemctl start --wait my-session.target

I have a buggy program which uses 100% CPU even when it's idle. Since fixing it isn't practical at the moment, I'd like to just limit it to be able to use no more than 10% CPU. However no matter what I do, the process always chews up 100% of one CPU. I found instructions on the [Arch Wiki](https://wiki.archlinux.org/index.php/Cgroups) that tell me to create a file containing this: # cpulimit.slice [Slice] CPUQuota=10% Apparently I can then launch a shell using these limits, like this: systemd-run --slice=cpulimit.slice --uid=myuser --shell This seems to work and after entering in my sudo password I get a shell, so I run a simple test that will use 100% CPU and I can stop with Ctrl+C: while true; do true; done I expect this to use no more than 10% CPU since it's running inside the slice, however it always uses 100% CPU! What am I doing wrong?