文件目录
# 查看目录文件 ls /usr/lib/systemd/system/ # 搜索 ls /usr/lib/systemd/system | grep fpm php-fpm.service
常用操作
# help systemctl -h systemctl -l | grep fpm systemctl list-unit-files | grep fpm php-fpm.service enabled # Unit File Commands # 开机时启动该服务 systemctl enable php-fpm # 撤销开机启动 systemctl disable php-fpm # Reenable one or more unit files systemctl reenable php-fpm php-fpm-8.0.23 # 验证一下是否为开机启动 systemctl is-enabled php-fpm # Unit Commands # Start (activate) one or more units systemctl start php-fpm # Show runtime status of one or more units systemctl status php-fpm # Reload one or more units systemctl reload php-fpm # Start or restart one or more units systemctl restart php-fpm # Send signal to processes of a unit systemctl kill php-fpm # Stop (deactivate) one or more units systemctl stop php-fpm #显示全部已经启动的服务 systemctl list-units --type=service # Reset failed state for all, one, or more units systemctl reset-failed
配置文件示例
PHP安装后生成的配置文件
/usr/lib/systemd/system/php-fpm-8.0.24.service
# It's not recommended to modify this file in-place, because it # will be overwritten during upgrades. If you want to customize, # the best way is to use the "systemctl edit" command. [Unit] Description=The PHP FastCGI Process Manager After=network.target [Service] Type=simple PIDFile=/usr/local/php/8.0.24/var/run/php-fpm.pid ExecStart=/usr/local/php/8.0.24/sbin/php-fpm --nodaemonize --fpm-config /usr/local/php/8.0.24/etc/php-fpm.conf ExecReload=/bin/kill -USR2 $MAINPID # Set up a new file system namespace and mounts private /tmp and /var/tmp directories # so this service cannot access the global directories and other processes cannot # access this service's directories. PrivateTmp=true # Mounts the /usr, /boot, and /etc directories read-only for processes invoked by this unit. ProtectSystem=full # Sets up a new /dev namespace for the executed processes and only adds API pseudo devices # such as /dev/null, /dev/zero or /dev/random (as well as the pseudo TTY subsystem) to it, # but no physical devices such as /dev/sda. PrivateDevices=true # Explicit module loading will be denied. This allows to turn off module load and unload # operations on modular kernels. It is recommended to turn this on for most services that # do not need special file systems or extra kernel modules to work. ProtectKernelModules=true # Kernel variables accessible through /proc/sys, /sys, /proc/sysrq-trigger, /proc/latency_stats, # /proc/acpi, /proc/timer_stats, /proc/fs and /proc/irq will be made read-only to all processes # of the unit. Usually, tunable kernel variables should only be written at boot-time, with the # sysctl.d(5) mechanism. Almost no services need to write to these at runtime; it is hence # recommended to turn this on for most services. ProtectKernelTunables=true # The Linux Control Groups (cgroups(7)) hierarchies accessible through /sys/fs/cgroup will be # made read-only to all processes of the unit. Except for container managers no services should # require write access to the control groups hierarchies; it is hence recommended to turn this on # for most services ProtectControlGroups=true # Any attempts to enable realtime scheduling in a process of the unit are refused. RestrictRealtime=true # Restricts the set of socket address families accessible to the processes of this unit. # Protects against vulnerabilities such as CVE-2016-8655 RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX # Takes away the ability to create or manage any kind of namespace RestrictNamespaces=true [Install] WantedBy=multi-user.target
Type:定义启动时的进程行为
- Type=simple:默认值,执行ExecStart指定的命令,启动主进程
参考
