<title>Description</title>
<para><command>pam_elogind</command> registers user sessions with
- the elogind login manager and hence the elogind control group
- hierarchy.</para>
+ the systemd login manager
+ <citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ and hence the systemd control group hierarchy.</para>
- <para>On login, this module ensures the following:</para>
+ <para>On login, this module — in conjunction with <filename>systemd-logind.service</filename> — ensures the
+ following:</para>
<orderedlist>
- <listitem><para>If it does not exist yet, the user runtime
- directory <filename>/run/user/$USER</filename> is created and
- its ownership changed to the user that is logging
- in.</para></listitem>
-
- <listitem><para>The <varname>$XDG_SESSION_ID</varname>
- environment variable is initialized. If auditing is available
- and <command>pam_loginuid.so</command> was run before this
- module (which is highly recommended), the variable is
- initialized from the auditing session id
- (<filename>/proc/self/sessionid</filename>). Otherwise, an
+ <listitem><para>If it does not exist yet, the user runtime directory <filename>/run/user/$UID</filename> is
+ either created or mounted as new <literal>tmpfs</literal> file system with quota applied, and its ownership
+ changed to the user that is logging in.</para></listitem>
+
+ <listitem><para>The <varname>$XDG_SESSION_ID</varname> environment variable is initialized. If auditing is
+ available and <command>pam_loginuid.so</command> was run before this module (which is highly recommended), the
+ variable is initialized from the auditing session id (<filename>/proc/self/sessionid</filename>). Otherwise, an
independent session counter is used.</para></listitem>
+
+ <listitem><para>A new systemd scope unit is created for the session. If this is the first concurrent session of
+ the user, an implicit per-user slice unit below <filename>user.slice</filename> is automatically created and the
+ scope placed into it. An instance of the system service <filename>user@.service</filename>, which runs the
+ systemd user manager instance, is started. </para></listitem>
</orderedlist>
<para>On logout, this module ensures the following:</para>
<orderedlist>
<listitem><para>If enabled in
<citerefentry><refentrytitle>logind.conf</refentrytitle>
- <manvolnum>5</manvolnum></citerefentry>, all processes of the
- session are terminated.</para></listitem>
+ <manvolnum>5</manvolnum></citerefentry> (<varname>KillUserProcesses=</varname>), all processes of the session are
+ terminated. If the last concurrent session of a user ends, the user's systemd instance will be terminated too,
+ and so will the user's slice unit.</para></listitem>
<listitem><para>If the last concurrent session of a user ends,
- the <varname>$XDG_RUNTIME_DIR</varname> directory and all its
+ the user runtime directory <filename>/run/user/$UID</filename> and all its
contents are removed, too.</para></listitem>
</orderedlist>
+ <para>If the system was not booted up with systemd as init system,
+ this module does nothing and immediately returns
+ <constant>PAM_SUCCESS</constant>.</para>
+
</refsect1>
<refsect1>
as <constant>AF_UNIX</constant> sockets, FIFOs, PID files and
similar. It is guaranteed that this directory is local and
offers the greatest possible file system feature set the
- operating system provides. For further details see the <ulink
+ operating system provides. For further details
, see the <ulink
url="http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html">XDG
- Base Directory Specification</ulink>.</para></listitem>
+ Base Directory Specification</ulink>. <varname>$XDG_RUNTIME_DIR</varname>
+ is not set if the current user is not the original user of the session.</para></listitem>
</varlistentry>
</variablelist>
<refsect1>
<title>See Also</title>
<para>
- <citerefentry><refentrytitle>elogind</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>logind.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>loginctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry project='man-pages'><refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry project='man-pages'><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry project='man-pages'><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
- <citerefentry project='man-pages'><refentrytitle>pam_loginuid</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ <citerefentry project='man-pages'><refentrytitle>pam_loginuid</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
</para>
</refsect1>
~ianmdlvl / elogind.git / blobdiff