What unnessary services and packages can be safely disabled/removed

I am somewhat new to Linux. I am using Fedora 34 with the Xfce desktop.

I would like to harden and optimize my system by disabling services that I don’t need and removing packages that are not needed. I have already done this with several packages and services that I know I will not need, but there are some that I don’t know what they are, what they do, and if they are vital to system operation.

Here is a list of packages that I have removed so far.
geany
atril
catfish
claws-mail
hfsplus-tools
hyperv-daemons
nano (I use vi not nano)
orage
pidgin
transmission
xfburn
asunder
pragha
Are there any other packages that are not vital to the system and can be safely removed?

Here is a list of services that I disabled.
avahi-daemon.socket
avahi-daemon
iscsi.service
iscsiuio.socket
iscsid.socket
bluetooth.service
lvm2-monitor.service
mdmonitor.service
qemu-guest-agent.service
lvm2-lvmpolld.socket
raid-check.timer
nfs-convert.service
nfs-client.target
What other ones could I disable?

Also There are some services that I don’t know if I need or not like the sssd service.
I read that the sssd service is used for accessing network services like if you had a domain, but I don’t have any network services like a domain or file/print sharing. So, could I safely disable this service?

And my last question has to do with optimization of the boot process. I know that disabling unused services can help with the boot process, but if i run systemctl status “service name” it will tell me the status of a service, and it also says that a service is loaded even if it is disabled and not running. How can I prevent a service from even getting loaded if I KNOW that I don’t need it? For example: I don’t use lvm so I KNOW that I don’t need the lvm service. How then can I make it so my system will not even load the service at boot?

FWIW, Here is the current output from dnf groupinfo "Core":

# dnf groupinfo "Core"
Last metadata expiration check: 3:03:38 ago on Tue 08 Jun 2021 11:45:17 AM CDT.

Group: Core
 Description: Smallest possible installation
 Mandatory Packages:
   audit
   basesystem
   bash
   coreutils
   curl
   dhcp-client
   dnf
   e2fsprogs
   filesystem
   glibc
   grubby
   hostname
   iproute
   iputils
   kbd
   less
   man-db
   ncurses
   openssh-clients
   openssh-server
   parted
   passwd
   policycoreutils
   procps-ng
   rootfiles
   rpm
   selinux-policy-targeted
   setup
   shadow-utils
   sssd-common
   sssd-kcm
   sudo
   systemd
   util-linux
   vim-minimal
   yum
 Default Packages:
   NetworkManager
   dnf-plugins-core
   dracut-config-rescue
   fedora-repos-modular
   firewalld
   plymouth
   systemd-oomd-defaults
   zram-generator-defaults
 Optional Packages:
   dracut-config-generic
   initial-setup
   initscripts

Also, you might want to look at the rpmreaper tool if you really want to try to whittle down an existing system. It does a nice job of showing dependencies and you can highlight packages and press i to get a brief description of them as you go.

2 Likes

systemd-analyze critical-chain will show you what is impacting your boot time.

I am fairly certain that running systemctl status loads the unit. I believe loaded just means that the service file has been read into memory.

Stop running systemctl status on it :rofl:

But seriously, a loaded unit doesn’t mean much. I wouldn’t worry about that as long as it isn’t running. Alternatively, you could use rpm -qf on the service file to see what package it belongs to and uninstall the package.

Lastly, keep in mind that even if it a service is disabled, it can still be started by another unit.

1 Like

Disable a service will not prevent prevent it from running, due to socket activation, etc.

You need to mask it in order to stop it from running completely.

1 Like

Thank you for your replies. But what services are not necessary and I can disable/mask? For example, can I disable the sssd service? Also if I check the session and startup section in the settings of my computer I see some processes that start when I log in. Again I have no idea what some of these do. The processes in question are: Liveinst Setup, User folders update, Spice vdagent, xapp-sn-watcher. What do these processes do? Do I need them? Thanks for the help.

Sometimes it take a bit of detective work to figure out what some components do. Many of those processes that are automatically started when you log into a graphical session are initiated by a .desktop drop-in file in /etc/xdg/autostart.

Just to use your “User folders update” service as an example, I see that it has a file at /etc/xdg/autostart/user-dirs-update-gtk.desktop.

Using Fedora Linux’s rpm command, I can find the package that provides that file.

$ rpm -qf /etc/xdg/autostart/user-dirs-update-gtk.desktop 
xdg-user-dirs-gtk-0.10-20.fc34.x86_64

Once I have the package name, I can list all the other files that that package contains.

$ rpm -ql xdg-user-dirs-gtk
...
/usr/share/doc/xdg-user-dirs-gtk/README
...

Looking at the README file, I get a bit more information about the package.

$ cat /usr/share/doc/xdg-user-dirs-gtk/README
xdg-user-dirs-gtk is a companion to xdg-user-dirs that integrates it into
the Gnome desktop and Gtk+ applications.

It gets run during login and does two things:
* Tracks changes of locale and prompts the user so the directories
  can be changed.
* Creates a default gtk bookmarks file if there is none, based
  on a set of xdg user dirs.

Then I can do the same for stated “companion” package xdg-user-dirs which eventually leads me to a link to online documentation.

https://freedesktop.org/wiki/Software/xdg-user-dirs/

Hope that helps.

P.S. sssd shouldn’t be necessary if you have a local account in /etc/passwd.