Running OpenClaw as a systemd Service: Always-On Linux Setup

Running OpenClaw interactively in a terminal works during development, but for any serious deployment you want it running as a background service that starts on boot, restarts on failure, and produces structured logs. On modern Linux, systemd is the standard process supervisor for all of this.

Why systemd for OpenClaw?

systemd is the init system on virtually every modern Linux distribution^[1]. Using it gives you:

• Automatic startup on boot without manual intervention
• Automatic restart when the process crashes
• Structured logging via the journal with built-in rotation
• Resource controls through cgroups (memory limits, CPU quotas)
• Dependency ordering so OpenClaw starts after networking is available
• Security sandboxing to restrict file system and network access

Compared to running openclaw start & in tmux or a cron @reboot entry, systemd provides reliability guarantees that ad-hoc approaches cannot match.

Quick Setup: The Built-in Installer

openclaw onboard --install-daemon

This detects whether you are root or a regular user, creates the appropriate service file, enables it for boot, and starts it immediately. For many users, this is all you need.

User vs System Services

System services live in /etc/systemd/system/ and start at boot regardless of login state. Choose this for headless servers and shared machines.

User services live in ~/.config/systemd/user/ and start when the user logs in. Choose this for personal workstations or when you lack root access.

Manual System Service File

First, locate your paths:

which openclaw
# /usr/bin/openclaw or ~/.nvm/versions/node/v22.x.x/bin/openclaw

Create the unit file:

sudo tee /etc/systemd/system/openclaw.service > /dev/null << 'EOF'
[Unit]
Description=OpenClaw AI Agent Runtime
Documentation=https://docs.openclaw.dev
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
User=openclaw
Group=openclaw
WorkingDirectory=/home/openclaw
ExecStart=/usr/bin/openclaw start --daemon
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
RestartSec=5
StartLimitIntervalSec=300
StartLimitBurst=5

Environment=NODE_ENV=production
Environment=HOME=/home/openclaw

StandardOutput=journal
StandardError=journal
SyslogIdentifier=openclaw

NoNewPrivileges=yes
ProtectSystem=strict
ProtectHome=read-only
ReadWritePaths=/home/openclaw/.openclaw
PrivateTmp=yes

[Install]
WantedBy=multi-user.target
EOF

Key directives explained:

• After=network-online.target ensures OpenClaw starts after networking is ready (it needs LLM APIs)
• Restart=on-failure with RestartSec=5 restarts on crashes, waiting 5 seconds between attempts
• StartLimitBurst=5 in a 300 second window prevents infinite restart loops
• ProtectSystem=strict makes the file system read-only except ReadWritePaths^[2]
• NoNewPrivileges and PrivateTmp further sandbox the process

Manual User Service File

For a user-level service without root:

mkdir -p ~/.config/systemd/user

cat > ~/.config/systemd/user/openclaw.service << 'EOF'
[Unit]
Description=OpenClaw AI Agent Runtime
After=default.target

[Service]
Type=simple
ExecStart=%h/.nvm/versions/node/v22.14.0/bin/openclaw start --daemon
Restart=on-failure
RestartSec=5
Environment=NODE_ENV=production

[Install]
WantedBy=default.target
EOF

The %h specifier expands to the user's home directory.

systemctl --user daemon-reload
systemctl --user enable openclaw.service
systemctl --user start openclaw.service

Enable Linger for Headless Servers

By default, user services stop when the user's last session ends. On headless servers, enable lingering:

sudo loginctl enable-linger $USER
loginctl show-user $USER | grep Linger
# Linger=yes

This keeps user services running at boot regardless of login state^[3].

Starting the System Service

sudo systemctl daemon-reload
sudo systemctl enable openclaw.service
sudo systemctl start openclaw.service
sudo systemctl status openclaw.service

Viewing Logs with journalctl

# Follow logs in real time
sudo journalctl -u openclaw.service -f

# Logs since last boot
sudo journalctl -u openclaw.service -b

# Logs from the last hour
sudo journalctl -u openclaw.service --since "1 hour ago"

# Only errors
sudo journalctl -u openclaw.service -p err

Configure log retention:

sudo tee -a /etc/systemd/journald.conf > /dev/null << 'EOF'
SystemMaxUse=500M
MaxRetentionSec=30day
EOF
sudo systemctl restart systemd-journald

Resource Limits

systemd integrates with Linux cgroups to enforce hard resource limits:

[Service]
# Memory
MemoryMax=2G
MemoryHigh=1536M

# CPU (200% = 2 cores)
CPUQuota=200%
Nice=10

# I/O
IOSchedulingClass=best-effort
IOWeight=50

Add these to the [Service] section, then:

sudo systemctl daemon-reload
sudo systemctl restart openclaw.service
systemctl show openclaw.service | grep -E "Memory|CPU"

For temporary overrides without editing the file:

sudo systemctl set-property openclaw.service MemoryMax=1G

Restart Policies

Restart=on-failure    # Restart on non-zero exit only
RestartSec=5          # Wait 5 seconds between attempts
StartLimitIntervalSec=300
StartLimitBurst=5     # Max 5 failures per 5 minutes

If OpenClaw sometimes exits with code 0 unexpectedly, switch to Restart=always with RestartPreventExitStatus=SIGTERM so systemctl stop still works cleanly.

Monitoring

systemctl is-active openclaw.service    # active/inactive
systemctl is-enabled openclaw.service   # enabled/disabled
systemctl is-failed openclaw.service    # active/failed

Use in monitoring scripts:

#!/bin/bash
if ! systemctl is-active --quiet openclaw.service; then
    echo "OpenClaw is down!" | mail -s "Alert" admin@example.com
fi

Troubleshooting

Permission denied: sudo chown -R openclaw:openclaw /home/openclaw/.openclaw

Binary not found: Verify the ExecStart path matches which openclaw.

Port in use: sudo ss -tlnp | grep 19090

Missing API keys: Use an environment file instead of inline variables:

sudo mkdir -p /etc/openclaw
sudo tee /etc/openclaw/env > /dev/null << 'EOF'
ANTHROPIC_API_KEY=sk-ant-your-key-here
EOF
sudo chmod 600 /etc/openclaw/env

Reference it in the service with EnvironmentFile=/etc/openclaw/env.

Reset a failed service:

sudo systemctl reset-failed openclaw.service
sudo systemctl start openclaw.service

Comparison with PM2 and Docker

For a single instance on a dedicated machine, systemd is simplest. For multiple isolated instances, Docker (or ClawTank for managed hosting) is the better fit^[4].

Complete Production Service File

[Unit]
Description=OpenClaw AI Agent Runtime
Documentation=https://docs.openclaw.dev
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
User=openclaw
Group=openclaw
WorkingDirectory=/home/openclaw
ExecStart=/usr/bin/openclaw start --daemon
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
RestartSec=5
StartLimitIntervalSec=300
StartLimitBurst=5
TimeoutStopSec=30
Environment=NODE_ENV=production
EnvironmentFile=-/etc/openclaw/env
MemoryMax=2G
MemoryHigh=1536M
CPUQuota=200%
Nice=5
StandardOutput=journal
StandardError=journal
SyslogIdentifier=openclaw
NoNewPrivileges=yes
ProtectSystem=strict
ProtectHome=read-only
ReadWritePaths=/home/openclaw/.openclaw
PrivateTmp=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes

[Install]
WantedBy=multi-user.target

The - prefix on EnvironmentFile=-/etc/openclaw/env means systemd will not fail if the file does not exist.

Summary

systemd gives you everything needed to run OpenClaw reliably: boot startup, crash recovery, structured logging, and resource controls. The built-in openclaw onboard --install-daemon handles the common case. For advanced deployments, the manual service file lets you tune every aspect of the runtime environment.

References

1. systemd - System and Service Manager
2. systemd.exec - Sandboxing and security directives
3. loginctl enable-linger documentation
4. PM2 - Node.js process manager