Why do I get 'Failed to connect to bus: No such file or directory'?

This error occurs when systemctl cannot communicate with the systemd daemon over D-Bus. This is extremely common when trying to run systemctl inside a standard Docker container or older WSL1 environments, as they do not run systemd as the init process (PID 1). It can also happen if you run systemctl as a non-root user without a proper dbus session.

How do I clear the systemctl failed list?

Once you have fixed a broken service, it may still appear in the `systemctl --failed` list until the systemd state is cleared. You can clear this list and reset the failed status counters by running the command: `sudo systemctl reset-failed`.

What does 'Failed to start service: Unit not found' mean?

This error means systemd cannot find the `.service` file you are trying to manage. This usually happens due to a typo in the service name (e.g., typing 'ngix' instead of 'nginx'), or because the software was uninstalled, not installed correctly, or you created a custom service file but forgot to run `sudo systemctl daemon-reload`.

How do I fix 'Interactive authentication required' when using systemctl?

This is a 'systemctl permission denied' issue. It happens when you try to start, stop, or restart a system service without using `sudo`. Linux requires root privileges to change system states. Prefix your command with `sudo` (e.g., `sudo systemctl restart sshd`). If you still get it, your Polkit configuration might be corrupted.

Why does my service show 'code=exited, status=203/EXEC'?

Exit code 203/EXEC means systemd successfully read the unit file, but it could not execute the binary specified in the `ExecStart=` directive. This is almost always caused by the binary not existing at the specified path, lacking executable permissions (`chmod +x`), or missing a valid interpreter (like a missing python binary or a bad shebang `#!/bin/bash` in a script).

How to Fix 'systemctl failed' and 'systemctl permission denied' Errors in Linux

Fix systemctl failed and permission denied errors fast. Learn how to check systemctl failed logs, diagnose broken systemd services, and restore your Linux serve

Last updated: February 23, 2026

Last verified: February 23, 2026

1,974 words

Key Takeaways

Use `systemctl --failed` to instantly identify which services are crashing on your system.
Check the detailed error trace using `journalctl -xeu <service_name>.service` to find the exact root cause of the failure.
Fix 'permission denied' errors by running commands with `sudo`, checking Polkit status, or verifying file ownership with `chown`.
Always run `sudo systemctl daemon-reload` after modifying any `.service` unit files, or systemd will not recognize the changes.

Systemd Troubleshooting Approaches Compared
Method / Command	When to Use	Time to Execute	Risk Level
`journalctl -xeu <service>`	To find the exact error log and root cause of a service crash.	Fast	None
`systemctl daemon-reload`	Mandatory after editing any systemd unit file before restarting the service.	Fast	Low
Fixing Permissions (`chmod`/`chown`)	When encountering 'permission denied' logs (Exit 210/213/214).	Medium	Medium
Checking SELinux/AppArmor	When logs show access denied despite correct file system permissions.	High	Medium
`systemctl reset-failed`	To clear the failed state counter after resolving the underlying issue.	Fast	None

Understanding the Error

When managing Linux servers, encountering a systemctl failed error is a rite of passage for any DevOps engineer or Sysadmin. systemctl is the central management command for systemd, the init system that bootstraps user space and manages system processes on most modern Linux distributions, including Ubuntu, Debian, RHEL, CentOS, and Arch Linux.

When a service fails to start, restart, or crashes unexpectedly during runtime, systemd catches the failure, terminates any hanging subprocesses, and flags the service state as failed. If you try to interact with it, you will likely see the infamous message:

Job for <service>.service failed because the control process exited with error code. See "systemctl status <service>.service" and "journalctl -xe" for details.

This guide provides a comprehensive, step-by-step methodology to diagnose systemctl not working, analyze the systemctl failed log, and resolve restrictive systemctl permission denied errors.

Step 1: Diagnose the Failure

Before you apply fixes, you must identify exactly what failed and why. Blindly restarting services rarely solves the root cause and can exacerbate data corruption issues.

1. Identify Failed Services

To get a high-level overview of every service, socket, mount, or device that has failed on your Linux system, run:

systemctl --failed

This command isolates units in the failed state, filtering out the noise of the hundreds of healthy systemd units running in the background. It provides the UNIT name, LOAD state, ACTIVE state, and SUB state.

2. Inspect the Service Status

Once you have identified the culprit (for example, nginx.service, postgresql.service, or kubelet.service), inspect its current status:

systemctl status <service_name>.service

Look closely at the Active: line. It will likely say failed (Result: exit-code). More importantly, pay attention to the Main PID exit code. For instance, code=exited, status=1/FAILURE indicates a general application error, while status=210/CHROOT or status=203/EXEC can immediately point you to specific systemd execution failures.

3. Analyze the systemctl failed log

The status command only truncates and displays the last ten lines of the log. To get the full context of why the service crashed, you must query the systemd journal:

journalctl -xeu <service_name>.service

The -x flag appends explanatory text from the journal catalog (if available), -e jumps to the end of the pager (displaying the most recent events), and -u filters the logs by the specific unit. Scan these logs for application-level syntax errors, missing dependencies, or port binding conflicts (e.g., Address already in use).

Step 2: Fix Common Root Causes

Scenario A: Configuration Errors

The most common reason a service fails to start is a typo, syntax error, or misconfiguration in the application's configuration file (e.g., /etc/nginx/nginx.conf or /etc/ssh/sshd_config).

Fix: Do not rely on systemd to tell you what is wrong with the application's config. Run the application's built-in syntax checker. For Nginx, use sudo nginx -t. For Apache, use sudo apachectl configtest. For SSH, use sudo sshd -t. Fix the reported syntax error, and then execute sudo systemctl restart <service_name>.

Scenario B: systemctl permission denied

You might encounter a Failed to restart service: Access denied or Interactive authentication required error when running systemctl commands directly.

Root Cause 1: Missing Privileges. Modifying system state requires root privileges. Always prefix commands that change state (start, stop, restart, enable, disable) with sudo.
Root Cause 2: Polkit Issues. systemd uses Polkit (PolicyKit) to manage privileges. If Polkit is crashed, missing, or misconfigured, non-root users (even those in the sudo/wheel group) might receive permission denied errors. Check the Polkit status: systemctl status polkit.service.
Root Cause 3: File Permissions (Execution Phase). If the error is found within the journal logs stating the service itself encountered a "Permission denied" (often exiting with code 210, 213, or 214), the service user (e.g., www-data, postgres) lacks read/execute access to its required binaries, certificates, or directories. Use chown and chmod to correct ownership of the paths mentioned in the logs.
Root Cause 4: Mandatory Access Control. Do not forget to check SELinux (sestatus, audit2allow -a) or AppArmor (dmesg | grep apparmor). These security modules enforce MAC and can silently block processes from accessing files or ports, even if standard POSIX file permissions are correct.

Scenario C: systemctl not working or hanging

If running systemctl commands hangs indefinitely or returns Failed to connect to bus: No such file or directory:

Fix 1: WSL or Docker environments. Standard Docker containers and older Windows Subsystem for Linux (WSL1) environments do not run systemd as PID 1 by default. If you are in a standard container, you cannot use systemctl; you must run the daemon directly. If you require systemd inside Docker, you must run an image explicitly configured for it, utilizing --privileged mode and specific volume mounts for cgroups.
Fix 2: D-Bus is down. systemctl communicates with systemd via D-Bus. If dbus.service has crashed or is masked, systemctl commands will hang. You may need to restart the D-Bus socket or reboot the server.

Step 3: Advanced Troubleshooting (cgroups and strace)

When journalctl does not provide enough context, and the service repeatedly and silently crashes, you must dive deeper into system internals.

1. Inspecting cgroups (Control Groups) and OOM

systemd utilizes cgroups to organize processes and manage resource limits (CPU, memory, I/O). A service may fail because it hits an Out-Of-Memory (OOM) limit defined in its unit file (MemoryLimit=) or by the kernel.

Run systemctl status <service_name> and look for the Memory: metric. If it is hitting a limit, check the kernel logs for OOM killer invocations using dmesg -T | grep -i oom. If the kernel is killing the process, you will see Killed process <PID> (<process_name>) in the output. You must either increase the memory limit in the service file, optimize the application's memory usage, or add swap space to the server.

2. Tracing the Execution with strace

If a service dies immediately upon startup and the systemd logs are entirely empty, the process might be failing before it even attaches to standard output or the journal.

To debug this, bypass systemctl temporarily and run the service binary manually using the exact same user and arguments defined in the unit file, prefixing the command with strace to intercept system calls.

First, extract the execution command and user from the unit file: cat /lib/systemd/system/<service_name>.service | grep -E '^ExecStart|^User'

Next, execute it manually (assuming User=www-data and ExecStart=/usr/sbin/nginx -g 'daemon off;'): sudo -u www-data strace -f /usr/sbin/nginx -g 'daemon off;'

The strace output will flood your terminal, but the final lines right before the process exits will reveal the exact system call that failed. You will typically see an EACCES (Permission denied) when the process tries to open a file, or ENOENT (No such file or directory) when a critical configuration file or shared library is missing.

3. Handling Timeout Errors

Sometimes, systemctl start hangs and eventually fails with a Timeout setting up VIP or start operation timed out error. This occurs when systemd expects a specific notification from the process (if Type=notify) or expects it to fork (Type=forking), but the application takes too long or fails to signal readiness entirely.

Fix: Evaluate if the application genuinely needs more time to initialize (for example, a massive database restoring data from disk). You can increase the timeout threshold by adding TimeoutStartSec=600 to the [Service] block in the unit file.

Step 4: Cleanup and Recovery

Once you have resolved the underlying issue (fixed the configuration syntax, corrected file permissions, or disabled SELinux blocks), you must instruct systemd to attempt starting the service again.

If you modified the .service unit file itself (e.g., adding a timeout in /etc/systemd/system/), you MUST reload the systemd manager configuration so it reads the new file: sudo systemctl daemon-reload
Restart your service: sudo systemctl restart <service_name>.service
Clear the failure state. If the service is running successfully but systemd still shows a residual failed flag from a previous crash when running systemctl --failed, reset the counters: sudo systemctl reset-failed

By systematically checking systemctl status, digging into the journalctl logs, verifying permissions, and using strace when necessary, you can reliably resolve almost any systemd service failure and ensure high availability for your Linux infrastructure.

Frequently Asked Questions

bash

# 1. List all failed systemd units on the server
systemctl --failed

# 2. Get the specific status and exit code of a failed service
sudo systemctl status nginx.service

# 3. Check the systemd journal for the exact error logs (jump to end)
sudo journalctl -xeu nginx.service

# 4. (Optional) Check application config syntax before restarting
sudo nginx -t

# 5. Reload systemd manager configuration if you edited the .service file
sudo systemctl daemon-reload

# 6. Attempt to restart the service after applying your fix
sudo systemctl restart nginx.service

# 7. Clear the failed state flag from systemd's memory
sudo systemctl reset-failed

# 8. (Advanced) Trace system calls if the service fails silently
sudo strace -f /usr/sbin/nginx -g 'daemon off;'

Error Medic Editorial

Error Medic Editorial is composed of Senior DevOps Engineers and SREs dedicated to bringing you actionable, field-tested troubleshooting guides for Linux, Cloud infrastructure, and CI/CD pipelines.

Sources

Explore More Linux Sysadmin Guides

Apache Crash & Not Working: Complete Troubleshooting Guide (Connection Refused, OOM, Core Dump)

Fix Apache crashes, connection refused errors, and OOM kills in minutes. Step-by-step diagnostic commands, MPM tuning, and core dump analysis included.

AWS Redis Connection Refused: Troubleshooting ECONNREFUSED and tcp 127.0.0.1:6379

Fix 'Redis connection refused' errors in AWS, Kubernetes, Laravel, and WSL. Learn how to diagnose binding issues, security groups, and network configurations.

Comprehensive Guide to Fixing Nginx 502 Bad Gateway, 504 Timeouts, and Core Crashes

Diagnose and resolve Nginx 502 Bad Gateway, 504 Timeouts, connection refused errors, out-of-memory crashes, and permission denied issues with this SRE guide.