chiark / gitweb /
~ianmdlvl / elogind.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
main: print warning if /usr is on a seperate partition
[elogind.git] / man / pam_systemd.xml
diff --git a/man/pam_systemd.xml b/man/pam_systemd.xml
index 796035f7a1f7c4fbd110cff4f11603784868f4d9..915e0b60149a150da4ab92c01b630c7563421e7d 100644 (file)
--- a/man/pam_systemd.xml
+++ b/man/pam_systemd.xml
@@ -63,19 +63,19 @@
                 <para>On login, this module ensures the following:</para>
 
                 <orderedlist>
                 <para>On login, this module ensures the following:</para>
 
                 <orderedlist>
-                        <listitem><para>If it does not exist yet the
+                        <listitem><para>If it does not exist yet, the
                         user runtime directory
                         <filename>/var/run/user/$USER</filename> is
                         created and its ownership changed to the user
                         that is logging in.</para></listitem>
 
                         <listitem><para>If
                         user runtime directory
                         <filename>/var/run/user/$USER</filename> is
                         created and its ownership changed to the user
                         that is logging in.</para></listitem>
 
                         <listitem><para>If
-                        <option>create-session=1</option> is set the
+                        <option>create-session=1</option> is set, the
                         <varname>$XDG_SESSION_ID</varname> environment
                         variable is initialized. If auditing is
                         available and
                         <command>pam_loginuid.so</command> run before
                         <varname>$XDG_SESSION_ID</varname> environment
                         variable is initialized. If auditing is
                         available and
                         <command>pam_loginuid.so</command> run before
-                        this module (which es recommended), the
+                        this module (which is highly recommended), the
                         variable is initialized from the auditing
                         session id
                         (<filename>/proc/self/sessionid</filename>). Otherwise
                         variable is initialized from the auditing
                         session id
                         (<filename>/proc/self/sessionid</filename>). Otherwise
@@ -83,16 +83,16 @@
                         used.</para></listitem>
 
                         <listitem><para>If
                         used.</para></listitem>
 
                         <listitem><para>If
-                        <option>create-session=1</option> is set a new
+                        <option>create-session=1</option> is set, a new
                         control group
                         <filename>/user/$USER/$XDG_SESSION_ID</filename>
                         is created and the login process moved into
                         it.</para></listitem>
 
                         <listitem><para>If
                         control group
                         <filename>/user/$USER/$XDG_SESSION_ID</filename>
                         is created and the login process moved into
                         it.</para></listitem>
 
                         <listitem><para>If
-                        <option>create-session=0</option> is set a new
+                        <option>create-session=0</option> is set, a new
                         control group
                         control group
-                        <filename>/user/$USER/no-session</filename>
+                        <filename>/user/$USER/user</filename>
                         is created and the login process moved into
                         it.</para></listitem>
 
                         is created and the login process moved into
                         it.</para></listitem>
 
@@ -107,7 +107,7 @@
                         remaining processes in the
                         <filename>/user/$USER/$XDG_SESSION_ID</filename>
                         control group are killed and the control group
                         remaining processes in the
                         <filename>/user/$USER/$XDG_SESSION_ID</filename>
                         control group are killed and the control group
-                        removed.</para></listitem>
+                        is removed.</para></listitem>
 
                         <listitem><para>If
                         <varname>$XDG_SESSION_ID</varname> is set and
 
                         <listitem><para>If
                         <varname>$XDG_SESSION_ID</varname> is set and
@@ -115,18 +115,18 @@
                         remaining processes in the
                         <filename>/user/$USER/$XDG_SESSION_ID</filename>
                         control group are migrated to
                         remaining processes in the
                         <filename>/user/$USER/$XDG_SESSION_ID</filename>
                         control group are migrated to
-                        <filename>/user/$USER/no-session</filename> and
-                        the original control group
+                        <filename>/user/$USER/user</filename> and
+                        the original control group is
                         removed.</para></listitem>
 
                         <listitem><para>If
                         <option>kill-user=1</option> is specified, and
                         removed.</para></listitem>
 
                         <listitem><para>If
                         <option>kill-user=1</option> is specified, and
-                        no other user session control group remains
+                        no other user session control group remains,
                         except
                         except
-                        <filename>/user/$USER/no-session</filename>
+                        <filename>/user/$USER/user</filename>,
                         all remaining processes in the
                         <filename>/user/$USER</filename> hierarchy
                         all remaining processes in the
                         <filename>/user/$USER</filename> hierarchy
-                        are killed and the control group removed.</para></listitem>
+                        are killed and the control group is removed.</para></listitem>
 
                         <listitem><para>If
                         <option>kill-user=0</option> is specified, and
 
                         <listitem><para>If
                         <option>kill-user=0</option> is specified, and
@@ -143,7 +143,7 @@
                 </orderedlist>
 
                 <para>If the system was not booted up with systemd as
                 </orderedlist>
 
                 <para>If the system was not booted up with systemd as
-                init system this module does nothing and immediately
+                init system, this module does nothing and immediately
                 returns PAM_SUCCESS.</para>
 
         </refsect1>
                 returns PAM_SUCCESS.</para>
 
         </refsect1>
@@ -165,11 +165,11 @@
                                 login process moved to the
                                 <filename>/user/$USER/$XDG_SESSION_ID</filename>
                                 control group. It is recommended that
                                 login process moved to the
                                 <filename>/user/$USER/$XDG_SESSION_ID</filename>
                                 control group. It is recommended that
-                                all services that are directly created
+                                all services which are directly created
                                 on the user's behalf set this
                                 option. Only for services that shall
                                 automatically be terminated when the
                                 on the user's behalf set this
                                 option. Only for services that shall
                                 automatically be terminated when the
-                                user logs out completely otherwise,
+                                user logs out completely, otherwise
                                 <varname>create-session=0</varname>
                                 should be set.</para></listitem>
                         </varlistentry>
                                 <varname>create-session=0</varname>
                                 should be set.</para></listitem>
                         </varlistentry>
@@ -196,10 +196,83 @@
                                 completely. This is a weaker version
                                 of <option>kill-session=1</option> and is
                                 more friendly for users logged in more
                                 completely. This is a weaker version
                                 of <option>kill-session=1</option> and is
                                 more friendly for users logged in more
-                                than once as their processes are
+                                than once, as their processes are
                                 terminated only on their complete
                                 logout.</para></listitem>
                         </varlistentry>
                                 terminated only on their complete
                                 logout.</para></listitem>
                         </varlistentry>
+
+                        <varlistentry>
+                                <term><option>kill-only-users=</option></term>
+
+                                <listitem><para>Takes a comma
+                                separated list of user names or
+                                numeric user ids as argument. If this
+                                option is used the effect of the
+                                <option>kill-session=</option> and
+                                <option>kill-user=</option> options
+                                will apply only to the listed
+                                users. If this option is not used the
+                                option applies to all local
+                                users. Note that
+                                <option>kill-exclude-users=</option>
+                                takes precedence over this list and is
+                                hence subtracted from the list
+                                specified here.</para></listitem>
+                        </varlistentry>
+
+                        <varlistentry>
+                                <term><option>kill-exclude-users=</option></term>
+
+                                <listitem><para>Takes a comma
+                                separated list of user names or
+                                numeric user ids as argument. Users
+                                listed in this argument will not be
+                                subject to the effect of
+                                <option>kill-session=</option> or
+                                <option>kill-user=</option>.  Note
+                                that that this option takes precedence
+                                over
+                                <option>kill-only-users=</option>, and
+                                hence whatever is listed for
+                                <option>kill-exclude-users=</option>
+                                is guaranteed to never be killed by
+                                this PAM module, independent of any
+                                other configuration
+                                setting.</para></listitem>
+                        </varlistentry>
+
+                        <varlistentry>
+                                <term><option>controllers=</option></term>
+
+                                <listitem><para>Takes a comma
+                                separated list of cgroup controllers
+                                in which hierarchies a user/session
+                                cgroup will be created by default for
+                                each user logging in, in addition to
+                                the cgroup in the named 'name=systemd'
+                                hierarchy. If ommited, defaults to an
+                                empty list. This may be used to move
+                                user sessions into their own groups in
+                                the 'cpu' hierarchy which ensures that
+                                every logged in user gets an equal
+                                amount of CPU time regardless how many
+                                processes he has
+                                started.</para></listitem>
+                        </varlistentry>
+
+                        <varlistentry>
+                                <term><option>reset-controllers=</option></term>
+
+                                <listitem><para>Takes a comma
+                                separated list of cgroup controllers
+                                in which hierarchies the logged in
+                                processes will be reset to the root
+                                cgroup. If ommited, defaults to 'cpu',
+                                meaning that a 'cpu' cgroup grouping
+                                inherited from the login manager will
+                                be reset for the processes of the
+                                logged in user.</para></listitem>
+                        </varlistentry>
                 </variablelist>
 
                 <para>Note that setting <varname>kill-user=1</varname>
                 </variablelist>
 
                 <para>Note that setting <varname>kill-user=1</varname>
@@ -210,7 +283,11 @@
                 <para>If the options are omitted they default to
                 <option>create-session=1</option>,
                 <option>kill-session=0</option>,
                 <para>If the options are omitted they default to
                 <option>create-session=1</option>,
                 <option>kill-session=0</option>,
-                <option>kill-user=0</option>.</para>
+                <option>kill-user=0</option>,
+                <option>keep-root=1</option>,
+                <option>reset-controllers=cpu</option>,
+                <option>kill-only-users=</option>,
+                <option>kill-exclude-users=root</option>.</para>
         </refsect1>
 
         <refsect1>
         </refsect1>
 
         <refsect1>
@@ -222,6 +299,8 @@
         <refsect1>
                 <title>Environment</title>
 
         <refsect1>
                 <title>Environment</title>
 
+                <para>The following environment variables are set for the processes of the user's session:</para>
+
                 <variablelist>
                         <varlistentry>
                                 <term><varname>$XDG_SESSION_ID</varname></term>
                 <variablelist>
                         <varlistentry>
                                 <term><varname>$XDG_SESSION_ID</varname></term>
@@ -283,7 +362,7 @@ account    required     pam_unix.so
 password   required     pam_unix.so
 session    required     pam_unix.so
 session    required     pam_loginuid.so
 password   required     pam_unix.so
 session    required     pam_unix.so
 session    required     pam_loginuid.so
-session    required     pam_systemd.so create-session=1 kill-user=1</programlisting>
+session    required     pam_systemd.so kill-user=1</programlisting>
         </refsect1>
 
         <refsect1>
         </refsect1>
 
         <refsect1>
Unnamed repository; edit this file 'description' to name the repository.