Jack Wallen walks you through everything you need to know about masked services in Linux.
Have you ever gone to start or stop a service in Linux using the
systemctl command only to see a warning such as:
Failed to start postgresql.service: Unit postgresql.service is masked
You know you installed the Postgresql database server and it was working properly, yet somehow you no longer have control over the service. You can’t manage it in any way. What happened?
First of all, masks are a different way of disabling a service. Here’s the difference: When you disable a service with
sudo systemctl disable, all symlinks for the service are removed. When masking a service, the symlinks are moved and then point to /dev/null. When you simply disable a service, it can still be started manually. When you mask a service, it cannot be started manually. In other words, masking a service renders the service permanently unusable until it’s unmasked.
This could have potential security implications. Say, for instance, that you install a piece of software with a systemd service and you find out there’s a vulnerability in the service. You might not want to remove the application, but you certainly don’t want it running until the vulnerability is fixed. You could mask the service, wait for the vulnerability to be patched, patch the software and unmask the service.
SEE: Linux turns 30: Celebrating the open source operating system (free PDF) (TechRepublic)
One thing to understand is that sometimes a service can wind up getting masked by the installation of another piece of software. With that in mind, how do you find out if a service is masked? You can use a command like:
systemctl list-unit-files | grep masked
Issue the above command and you’ll probably be surprised at how many services are masked on your system. I found 23 masked services on my Pop!_OS desktop instance, one of which was mysql.service. If I want to use MySQL on that machine, I’ll have to first unmask the service.
How to mask a service in Linux
The first thing we’ll do is learn how to mask a service in Linux. Let’s stick with our MySQL example. Open a terminal window and mask the MySQL service with the command:
sudo systemctl mask mysql
If MySQL wasn’t already masked, it will now show up as such if you run the
systemctl list-unit-files | grep masked command again. At this point, the MySQL service cannot start either automatically or manually. Attempt to start the service with the command:
sudo systemctl start mysql
You should see the error:
Failed to start mysql.service: Unit mysql.service is masked.
How to unmask a service in Linux
Now that you’ve masked a service, how do you unmask it? As you’ve probably guessed, the command would be:
sudo systemctl unmask mysql
Now, when you start MySQL it’ll work as expected.
And there you have it, pretty much all you need to know to manage masked services in Linux. You might not need this skill daily, but you’ll be glad you have it when and if the time comes.
Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.