Whenever we update a critical library such as OpenSSL, we need to restart any daemons that use the library. Systemd with PID 1 itself also uses OpenSSL. How do you restart the systemd daemon without rebooting Linux and other services such as Nginx, SSHD, Firewalld? Here are some tips.

We can use various commands to determine if services or Linux daemons need restarting when critical libs are installed. On many Linux distro, services are automatically restarted. For example, when OpenSSL update is installed but services such as PHP-cgi or Apache/Nginx will not restart. So we need to hunt down those services and restart those services, including systemd.
Tutorial details
Difficulty level Easy
Root privileges Yes
Requirements Linux with systemd and lsof command
Est. reading time 4 minutes

Applying security updates for systemd and other apps on Linux

First thing first apply update using your package manger such as apt command/apt-get command/dnf command/yum command/apk command/zypper command and so on. For instance:
sudo apt update && sudo apt upgrade
sudo dnf update
sudo zypper ref && sudo zypper up
doas apk update && doas apk upgrade

How to get a list of services that needs restarting on Linux and systemd

Now that updates are applied, we can check if CentOS / RHEL / Fedora needs a complete reboot and service restart:
sudo needs-restarting
We can use the needrestart command to checks which daemons need to be restarted after library upgrades on a Debian or Ubuntu/Mint Linux:
sudo needrestart
On OpenSUSE/Suse Enterprise Linux, we can install the lsof package and use the zypper ps to list all such services that need restarting:
sudo zypper ps
How to restart systemd without rebooting Linux when critical libraries installed
So I need to restart nginx, firewalld, systemd-udevd and other services on OpenSUSE Linux. Unfortunately, not every Linux distro has tools to determine such a state. Fear not. We can use the lsof command to list all such services. The syntax is:
sudo lsof | grep -i deleted
sudo lsof | grep -i 'lib-name'
sudo lsof | grep libssl

Here is how to find all services using libssl to restart after an OpenSSL update using combination of grep command, awk command and other commands:
sudo lsof | grep libssl | awk '{print $1}' | sort | uniq
# this page suggested a better command #
sudo lsof | grep 'DEL.*lib' | cut -f 1 -d ' ' | sort -u

Here is what I got on my OpenSUSE Linux server running on Linode:

firewalld
nginx
polkitd
(sd-pam)
sshd
systemd
systemd-u

Restarting systemd without rebooting Linux system

We use the systemctl command as follows to restart services one-by-one:
sudo systemctl restart nginx
sudo systemctl restart firewalld

We can use bash for loop as follows:

for s in systemd-udevd  firewalld  polkit  sshd nginx
do
    sudo systemctl restart "$s"
done

Verify it again using commands as per your distro or the lsof command:
# Debian based distro #
sudo needs-restarting
# RHEL based distro #
sudo needrestart
# OpenSUSE/SUSE Enterprise Linux #
sudo zypper ps
# All other Linux distro #
sudo lsof | grep 'DEL.*lib' | cut -f 1 -d ' ' | sort -u

systemd

Unluckily systemd still not restarted as it got PID # 1. How do we deal with that?

How to restart systemd with PID # 1 without rebooting Linux box

Run the following command
sudo systemctl daemon-reexec
And verify it again:
sudo lsof | grep 'DEL.*lib' | cut -f 1 -d ' ' | sort -u
And voila. It worked. From the systemctl man page:

daemon-reexec – Reexecute the systemd manager. This will serialize the manager state, reexecute the process and deserialize the state again. This command is of little use except for debugging and package upgrades. Sometimes, it might be helpful as a heavy-weight daemon-reload. While the daemon is being reexecuted, all sockets systemd listening on behalf of user configuration will stay accessible.

A note about Linux containers

We can use the above commands with LXD too. I simply restart my lxd instance:
lxc restart www-2
However, if you are using podman or Docker, you need to rebuild your containers to grab the latest libs and deploy them in production.

Summing up

Developers and Linux sysadmin must know how to hunt down outdated libs and restart those services to patch your system. Things are not always straightforward and black and white. Hence, I wrote this quick guide. However, when kernel update is applied, you must reboot the Linux system. Some distro, such as Ubuntu and others, allows rebootless Linux kernel updates too as paid service.


🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 1 comment so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf ncdu pydf
File Managementcat tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
1 comment… add one
  • Susana Zsófika Mar 27, 2021 @ 10:36

    I reboot my Ubuntu installed on Sony laptop. Too much command. I want to do my Javascript and HTML code.

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum