X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=man%2Fpam_systemd.xml;h=951ae207a4a9568433de23c73ca0937b5d488efc;hp=0354811976e7bc00b946723c1b081c375e3c430f;hb=6577c7cea72f19185ad999c223bcf663c010dc6f;hpb=74d005783e355acc784d123024e33bbb66ef9ef1 diff --git a/man/pam_systemd.xml b/man/pam_systemd.xml index 035481197..951ae207a 100644 --- a/man/pam_systemd.xml +++ b/man/pam_systemd.xml @@ -80,29 +80,32 @@ an independent session counter is used. - A new control group - /user/$USER/$XDG_SESSION_ID - is created and the login process moved into - it. + A new systemd scope unit is + created for the session. If this is the first + concurrent session of the user, an implicit + slice below user.slice is + automatically created and the scope placed in + it. In instance of the system service + user@.service which runs + the systemd user manager + instance. On logout, this module ensures the following: - If - $XDG_SESSION_ID is set and - specified, all - remaining processes in the - /user/$USER/$XDG_SESSION_ID - control group are killed and the control group - is removed. - - If the last subgroup of the - /user/$USER control group - was removed the + If this is enabled, all + processes of the session are terminated. If + the last concurrent session of a user ends, his + user systemd instance will be terminated too, + and so will the user's slice + unit. + + If the last concurrent session + of a user ends, the $XDG_RUNTIME_DIR directory - and all its contents are - removed, too. + and all its contents are removed, + too. If the system was not booted up with systemd as @@ -117,79 +120,6 @@ The following options are understood: - - - - Takes a boolean - argument. If true, all processes - created by the user during his session - and from his session will be - terminated when he logs out from his - session. - - - - - - Takes a comma - separated list of user names or - numeric user ids as argument. If this - option is used the effect of the - options - will apply only to the listed - users. If this option is not used the - option applies to all local - users. Note that - - takes precedence over this list and is - hence subtracted from the list - specified here. - - - - - - Takes a comma - separated list of user names or - numeric user ids as argument. Users - listed in this argument will not be - subject to the effect of - . Note - that this option takes precedence - over - , and - hence whatever is listed for - - is guaranteed to never be killed by - this PAM module, independent of any - other configuration - setting. - - - - - - Takes a comma - separated list of control group - controllers in which hierarchies a - user/session control group will be - created by default for each user - logging in, in addition to the control - group in the named 'name=systemd' - hierarchy. If omitted, defaults to an - empty list. - - - - - - Takes a comma - separated list of control group - controllers in which hierarchies the - logged in processes will be reset to - the root control - group. - @@ -209,29 +139,6 @@ operates. - - Note that setting - kill-session-processes=1 will break tools - like - screen1. - - Note that - kill-session-processes=1 is a - stricter version of - KillUserProcesses=1 which may be - configured system-wide in - logind.conf5. The - former kills processes of a session as soon as it - ends, the latter kills processes as soon as the last - session of the user ends. - - If the options are omitted they default to - , - , - , - , - , - . @@ -250,7 +157,7 @@ $XDG_SESSION_ID A session identifier, - suitable to be used in file names. The + suitable to be used in filenames. The string itself should be considered opaque, although often it is just the audit session ID as reported by @@ -281,7 +188,7 @@ applications should not rely on this behavior and must be able to deal with stale files. To store session-private - data in this directory the user should + data in this directory, the user should include the value of $XDG_SESSION_ID in the filename. This directory shall be used for runtime file system @@ -306,7 +213,7 @@ account required pam_unix.so password required pam_unix.so session required pam_unix.so session required pam_loginuid.so -session required pam_systemd.so kill-session-processes=1 +session required pam_systemd.so @@ -319,7 +226,10 @@ session required pam_systemd.so kill-session-processes=1 pam.conf5, pam.d5, pam8, - pam_loginuid8 + pam_loginuid8, + systemd.scope5, + systemd.slice5, + systemd.service5