sdctl is a security-focused ratatui TUI application for managing systemd services on Linux. It prioritizes the principle of least privilege, allowing users to browse services in an unprivileged state and providing an embedded authentication flow for privileged operations.
- Security First: All privileged actions are authenticated using
polkit. Never requiressudo. - Unified Unit Management: Seamlessly browse and control both System (global) and User (session) units from a single interface.
- Enhanced Filtering: Powerful multi-category filters (Type, Scope, Active, Enablement, Load).
- Service Dashboard: Efficiently list and discover units with case-insensitive sorting and high-performance client-side fuzzy search.
- Log Viewer: Integrated
journalctlbrowser with automatic syntax highlighting provided by tailspin, and both line-wise and line-block select modes. - Unit File Viewer: View unit configurations directly with syntax highlighting. Supports creating drop-in overrides or editing the full unit file via your
$EDITOR. - Vim-style Navigation: Global keyboard shortcuts for intuitive scrolling, paging, and search cursor movement.
Quick filter toggle
Unit file view
Line block select mode in log view
Line select mode in log view
Why another TUI for managing systemd services?
This tool is not the first of its kind. I have been using systemctl-tui and systemd-manager-tui extensively to the point that I forgot how to use systemctl from the command line. However those tools share one major limitation: they require sudo for privileged operations. In today’s supply-chain threat landscape, that is a serious risk because a TUI app depends on many components, and any compromised dependency could become a full-privilege attack vector.
This is why I built sdctl with a completely different security model: the app itself should never be run with sudo, and no action ever asks for blanket root access. When you perform any action that requires escalated privileges, the app opens an embedded polkit flow that authenticates only the specific systemctl action you are trying to perform, using whatever mechanism is available on the system, such as password, fingerprint reader, or smart card. That keeps the privilege boundary explicit and tied to a single operation instead of the whole process.
q: Quit applicationEsc: Return to unit list / Cancel authentication / Close filter menuj/korUp/Down: Navigate up/downgg/G: Jump to top/bottomCtrl+u/Ctrl+d: Scroll half-page up/downCtrl+b/Ctrl+f: Scroll full-page up/down
/: Enter fuzzy search modey/p/a/n/o: Open Type, Scope, Active, Enablement, or Load filter menusCtrl+r: Reset all filterss/t/r/R: Start, stop, restart, or reload the selected unite/d/m/u: Enable, disable, mask, or unmask the selected unitEnter/l: View journal logsf: View unit fileY: Copy unit file path
/: Enter search moden/N: Jump to next / previous search matchv: Toggle line select modeV: Toggle line block select modeSpace(select mode): Mark / unmark the current liney/Enter(select mode): Copy selected lines to clipboardCtrl+r: Refresh logse: Open the log buffer in$EDITOR
/: Enter search moden/N: Jump to next / previous search matche: Create/Edit drop-in override (override.conf)E: Edit full unit file (replaces unit fragment)
- UI Framework: ratatui
- Asynchronous Runtime: tokio
- D-Bus Communication: zbus
- Privilege Escalation:
pkttyagentmanaged via portable-pty - Highlighting: tailspin
- Fuzzy Matching: nucleo
systemdpolkit- (Optional) terminal text editor:
nano,vim,emacs, orvi - (Optional) system clipboard tool:
wl-copy(Wayland) orxclip(X11)
cargo install sdctl# Using your favorite AUR helper, such as yay or paru
yay -S sdctlDownload the latest pre-compiled binary from the Releases page.
chmod +x sdctl
sudo mv sdctl /usr/local/bin/Run directly:
nix run github:ruiiiijiiiiang/sdctl-topPR's and issues are welcome. AI usage is okay as long as you know what you are doing and the code is maintainable.
MIT