Shawl is a wrapper for running arbitrary programs as Windows services, written in Rust. It handles the Windows service API for you so that your program only needs to respond to ctrl-C/SIGINT. If you're creating a project that needs to run as a service, simply bundle Shawl with your project, set it as the entry point, and pass the command to run via CLI.
cargo install --locked shawl
.scoop bucket add extras && scoop install shawl
scoop update && scoop update shawl
winget install -e --id mtkennerly.shawl
winget upgrade -e --id mtkennerly.shawl
Here is an example of creating a service wrapped with Shawl
(note that --
separates Shawl's own options from the command that you'd like it to run):
add
command:
shawl add --name my-app -- C:/path/my-app.exe
sc
command for more control:
sc create my-app binPath= "C:/path/shawl.exe run --name my-app -- C:/path/my-app.exe"
sc config my-app start= auto
sc start my-app
Shawl will inspect the state of your program in order to report the correct status to Windows:
--(no-)restart
for all exit codes
or --restart-if(-not)
for specific exit codes.
Note that these four options are mutually exclusive.--stop-timeout
)
before forcibly killing the process if necessary.--pass
.You can view the full command line help text in docs/cli.md.
Shawl creates a log file for each service,
shawl_for_<service>_*.log
(based on the --name
),
in the same location as the Shawl executable,
with both its own messages and the output from the commands that it runs.
If anything goes wrong, you can read the log to find out more.
You can disable all logging with --no-log
,
and you can disable just the command logs with --no-log-cmd
.
By default, each log file is limited to 2 MB, and up to 2 rotated copies will be retained.
Bear in mind that the default account for new services is the Local System account,
which has a different PATH
environment variable than your user account.
If you configure Shawl to run a command like npm start
,
that means npm
needs to be in the Local System account's PATH
,
or you could also change the account used by the service instead.
Also note that running a service with a Local System account is as dangerous as running a Unix service as root.
This greatly increases the risk of your system being hacked
if you expose a port to the public for the service you are going to wrap.
It is recommended that you use a restricted account, such as
Network Service,
to run services.
To do this, first grant the Network Service account read, write, and execute permissions on Shawl's installation directory,
and then execute sc config my-app obj= "NT AUTHORITY\Network Service" password= ""
.
If the service needs to read and write files,
you may also need to grant the Network Service permissions to the directory that the service wants to access.
More information about Windows service user accounts can be found here.
If you want to use the service recovery feature of Windows itself when Shawl gives up trying to restart the wrapped command, then make sure to turn on the "enable actions for stops with errors" option in the service properties.
Shawl differs from existing solutions like
WinSW and NSSM
in that they require running a special install command to prepare the service.
That can be inconvenient in cases like installing a service via an MSI,
where you would need to run a CustomAction
.
With Shawl, you can configure the service however you want,
such as with the normal MSI ServiceInstall
or by running sc create
,
because Shawl doesn't have any special setup of its own.
The shawl add
command is just an optional convenience.
Please refer to CONTRIBUTING.md.