X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=man%2Fpam_systemd.xml;h=4e5cdf248b2e0823c0d6c128e79e4e558cf78541;hp=7d5fcad631527602ccf35dae2772a4dd04bdbf82;hb=9c33d34fe4cd0bc58ea12e5258e595647c9e0b29;hpb=9f7dad774ebfad23269800b7096eaad087481deb
diff --git a/man/pam_systemd.xml b/man/pam_systemd.xml
index 7d5fcad63..4e5cdf248 100644
--- a/man/pam_systemd.xml
+++ b/man/pam_systemd.xml
@@ -8,20 +8,20 @@
Copyright 2010 Lennart Poettering
systemd is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
+ Lesser General Public License for more details.
- You should have received a copy of the GNU General Public License
+ You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see .
-->
-
+pam_systemd
@@ -44,21 +44,20 @@
pam_systemd
- Register user sessions in the systemd control group hierarchy
+ Register user sessions in the systemd login manager
-
- pam_systemd.so
-
+ pam_systemd.soDescriptionpam_systemd registers user
- sessions in the systemd control group
- hierarchy.
+ sessions in the systemd login manager
+ systemd-logind.service8,
+ and hence the systemd control group hierarchy.
On login, this module ensures the following:
@@ -69,8 +68,7 @@
created and its ownership changed to the user
that is logging in.
- If
- is set, the
+ The
$XDG_SESSION_ID environment
variable is initialized. If auditing is
available and
@@ -82,20 +80,10 @@
an independent session counter is
used.
- If
- is set, a new
- control group
+ A new control group
/user/$USER/$XDG_SESSION_ID
is created and the login process moved into
it.
-
- If
- is set, a new
- control group
- /user/$USER/user
- is created and the login process moved into
- it.
-
On logout, this module ensures the following:
@@ -103,38 +91,13 @@
If
$XDG_SESSION_ID is set and
- specified, all
+ specified, all
remaining processes in the
/user/$USER/$XDG_SESSION_ID
control group are killed and the control group
is removed.
- If
- $XDG_SESSION_ID is set and
- specified, all
- remaining processes in the
- /user/$USER/$XDG_SESSION_ID
- control group are migrated to
- /user/$USER/user and
- the original control group is
- removed.
-
- If
- is specified, and
- no other user session control group remains,
- except
- /user/$USER/user,
- all remaining processes in the
- /user/$USER hierarchy
- are killed and the control group is removed.
-
- If
- is specified, and
- no process remains in the
- /user/$USER hierarchy the
- control group is removed.
-
- If the
+ If the last subgroup of the
/user/$USER control group
was removed the
$XDG_RUNTIME_DIR directory
@@ -153,29 +116,9 @@
The following options are understood:
-
-
-
-
- Takes a boolean
- argument. If true, a new session is
- created: the
- $XDG_SESSION_ID
- environment variable is set and the
- login process moved to the
- /user/$USER/$XDG_SESSION_ID
- control group. It is recommended that
- all services which are directly created
- on the user's behalf set this
- option. Only for services that shall
- automatically be terminated when the
- user logs out completely, otherwise
- create-session=0
- should be set.
-
-
+
-
+ Takes a boolean
argument. If true, all processes
@@ -185,33 +128,16 @@
session.
-
-
-
- Takes a boolean
- argument. If true, all processes
- created by the user during his session
- and from his session will be
- terminated after he logged out
- completely. This is a weaker version
- of and is
- more friendly for users logged in more
- than once, as their processes are
- terminated only on their complete
- logout.
-
-
- Takes a comma
- separated list of user names or
- numeric user ids as argument. If this
- option is used the effect of the
- and
- options
+ Takes a comma-separated
+ list of usernames or
+ numeric user IDs as argument. If this
+ option is used, the effect of the
+ options
will apply only to the listed
- users. If this option is not used the
+ users. If this option is not used, the
option applies to all local
users. Note that
@@ -223,14 +149,13 @@
- Takes a comma
- separated list of user names or
- numeric user ids as argument. Users
+ Takes a comma-separated
+ list of usernames or
+ numeric user IDs as argument. Users
listed in this argument will not be
subject to the effect of
- or
- . Note
- that that this option takes precedence
+ .
+ Note that this option takes precedence
over
, and
hence whatever is listed for
@@ -244,57 +169,69 @@
- Takes a comma
- separated list of cgroup controllers
- in which hierarchies a user/session
- cgroup will be created by default for
- each user logging in, in addition to
- the cgroup in the named 'name=systemd'
+ Takes a comma-separated
+ list of control group
+ controllers in which hierarchies a
+ user/session control group will be
+ created by default for each user
+ logging in, in addition to the control
+ group in the named 'name=systemd'
hierarchy. If omitted, defaults to an
- empty list. This may be used to move
- user sessions into their own groups in
- the 'cpu' hierarchy which ensures that
- every logged in user gets an equal
- amount of CPU time regardless how many
- processes he has
- started.
+ empty list.
- Takes a comma
- separated list of cgroup controllers
- in which hierarchies the logged in
- processes will be reset to the root
- cgroup. If omitted, defaults to 'cpu',
- meaning that a 'cpu' cgroup grouping
- inherited from the login manager will
- be reset for the processes of the
- logged in user.
+ Takes a comma-separated
+ list of control group
+ controllers in which hierarchies the
+ logged in processes will be reset to
+ the root control
+ group.
+
+
+
+
+
+ Takes a string
+ argument which sets the session class.
+ The XDG_SESSION_CLASS environmental variable
+ takes precedence.Takes a boolean
- argument. If true, logs debugging
- information.
+ argument. If yes, the module will log
+ debugging information as it
+ operates.
- Note that setting kill-user=1
- or even kill-session=1 will break
- tools like
+ Note that setting
+ kill-session-processes=1 will break tools
+ like
screen1.
+ Note that
+ kill-session-processes=1 is a
+ stricter version of
+ KillUserProcesses=1 which may be
+ configured system-wide in
+ logind.conf5. The
+ former kills processes of a session as soon as it
+ ends; the latter kills processes as soon as the last
+ session of the user ends.
+
If the options are omitted they default to
- ,
- ,
- ,
- ,
+ ,
,
- .
+ ,
+ ,
+ ,
+ .
@@ -308,12 +245,12 @@
The following environment variables are set for the processes of the user's session:
-
+ $XDG_SESSION_IDA session identifier,
- suitable to be used in file names. The
+ suitable to be used in filenames. The
string itself should be considered
opaque, although often it is just the
audit session ID as reported by
@@ -342,13 +279,13 @@
in again, the directory contents will
have been lost in between, but
applications should not rely on this
- behaviour and must be able to deal with
+ behavior and must be able to deal with
stale files. To store session-private
- data in this directory the user should
+ data in this directory, the user should
include the value of $XDG_SESSION_ID
in the filename. This directory shall
be used for runtime file system
- objects such as AF_UNIX sockets,
+ objects such as AF_UNIX sockets,
FIFOs, PID files and similar. It is
guaranteed that this directory is
local and offers the greatest possible
@@ -369,17 +306,20 @@ account required pam_unix.so
password required pam_unix.so
session required pam_unix.so
session required pam_loginuid.so
-session required pam_systemd.so kill-user=1
+session required pam_systemd.so kill-session-processes=1
See Also
+ systemd1,
+ systemd-logind.service8,
+ logind.conf5,
+ loginctl1,
pam.conf5,
pam.d5,
pam8,
- pam_loginuid8,
- systemd1
+ pam_loginuid8