sysadmin · June 17, 2026 · 14 min read

systemd and journalctl.
enable on boot, mask, and read the logs.

httpd is not surviving reboots and cost webadmin two hours after a kernel patch. Set it up properly with systemd, mask a daemon that should never run, and read its logs through journalctl.

// what we’re getting into
  1. The ticket
  2. Concept review. systemctl and targets.
  3. Install and enable httpd in one shot
  4. Mask the daemon that should never run
  5. Read the logs with journalctl
  6. Confirm the boot target
  7. Inspect and override unit files
  8. Exam questions
  9. Final checklist: confirm everything works

The ticket: the web service runs but does not survive reboots. A kernel-patch reboot last week left httpd down and cost two hours. webadmin wants four things. Install httpd and enable it on boot in one command. Mask an old ntp-style daemon so it can never start, even by accident. Show how to read httpd logs through journalctl instead of digging in /var/log/httpd/. And confirm the default boot target is text, not a GUI.

The real problem: starting a service and enabling it are two different things, and the reboot survival everyone assumes comes from enable, not start. Masking is also stronger than disabling, and the difference matters here.

What we are doing: the service lifecycle with systemctl, log reading with journalctl, and boot targets.

The ticket

bash
id webadmin
systemctl --version
sudo dnf repolist | head -3

Concept review. systemctl and targets.

bash
man systemctl journalctl systemd.unit
systemctl
start / stop / restart / reload   lifecycle
enable / disable                 boot persistence
enable --now                     enable AND start in one command
mask / unmask                    block a unit entirely
is-active / is-enabled           scriptable checks
get-default / set-default        boot target
daemon-reload                    reload unit files after editing

Targets replaced the old runlevels. multi-user.target is text and networked, the old runlevel 3. graphical.target is the GUI, runlevel 5. rescue.target is single user, and emergency.target is minimal recovery. This server should sit on multi-user so no GUI ever loads.

Install and enable httpd in one shot

The key command is enable —now. enable makes it start at boot, and —now also starts it immediately, so you do not need a separate start. This is the shortcut the exam expects you to know cold.

bash
sudo dnf install -y httpd
sudo systemctl enable --now httpd

systemctl is-active httpd     # active
systemctl is-enabled httpd    # enabled
sudo systemctl status httpd

Mask the daemon that should never run

Masking symlinks the unit to /dev/null, so it cannot start at all, not even when something else depends on it. That is stronger than disable, which only stops auto-start but still allows a manual start. Practice on chronyd, then unmask it, since you actually want chrony later.

bash
sudo systemctl mask chronyd
sudo systemctl start chronyd    # fails: Unit chronyd.service is masked

sudo systemctl unmask chronyd
sudo systemctl start chronyd

Read the logs with journalctl

The journal replaces hunting through log files. Filter by unit, count, priority, boot, and time.

bash
sudo journalctl -u httpd            # all httpd logs
sudo journalctl -u httpd -n 50      # last 50 lines
sudo journalctl -u httpd -f         # follow live, Ctrl+C to stop
sudo journalctl -u httpd -b         # since the current boot
sudo journalctl -u httpd -p err     # errors only
sudo journalctl -u httpd --since "1 hour ago"
sudo journalctl -u httpd --since today

Confirm the boot target

bash
sudo systemctl get-default          # expect multi-user.target
# to change it (do not unless needed):
# sudo systemctl set-default multi-user.target
sudo systemctl list-units --type=target | head

Inspect and override unit files

Never edit a shipped unit file directly. systemctl edit creates a drop-in override, and after any unit change you reload the daemon.

bash
systemctl cat httpd
sudo systemctl edit httpd    # creates a drop-in override.conf
sudo systemctl daemon-reload
sudo systemctl restart httpd

Exam questions

Write the command first.

Q1. Enable httpd to start at boot and start it immediately, in a single command.

Q2. Mask the cups service so it cannot be started by anyone, and verify.

Q3. Show all error-level httpd log entries since the last boot, newest first.

Answers.

bash
# A1
sudo systemctl enable --now httpd
# A2
sudo systemctl mask cups
systemctl is-enabled cups    # masked
sudo systemctl start cups    # fails: Unit cups.service is masked
# A3
sudo journalctl -u httpd -p err -b -r    # -p err level, -b since boot, -r newest first

Final checklist: confirm everything works

If every check passes, the ticket is done.

bash
# 1. httpd installed, enabled, and running
systemctl is-active httpd; systemctl is-enabled httpd

# 2. masking demonstrated and reversed
# 3. journalctl filters practiced: -u, -p, -b, --since
# 4. default target is multi-user (no GUI)
sudo systemctl get-default

# 5. all three exam commands written before peeking
# 6. tracker entry checked off

Reply to webadmin: httpd is enabled and running, and it will survive reboots because it is enabled, not just started. The masking pattern is documented for future use. Default target is multi-user, so no GUI will load.

next post
More in The Ticket Queue