X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=man%2Fpam_systemd.xml;h=b4a3f502b443389d1db889d45347494e4c4c00d8;hp=a98c36bd1657a5f7fe82c11df9dfb4926e8bbea9;hb=f36933fef605a7dccce8e3aecccff5152e522fa6;hpb=58474090e965d5fcb9677bc746b5ecd079528de1 diff --git a/man/pam_systemd.xml b/man/pam_systemd.xml index a98c36bd1..b4a3f502b 100644 --- a/man/pam_systemd.xml +++ b/man/pam_systemd.xml @@ -1,6 +1,6 @@ + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> - - - - pam_systemd - systemd - - - - Developer - Lennart - Poettering - lennart@poettering.net - - - - - - pam_systemd - 8 - - - - pam_systemd - Register user sessions in the systemd control group hierarchy - - - - - pam_systemd.so - - - - - Description - - pam_systemd registers user - sessions in the systemd control group - hierarchy. - - On login, this module ensures the following: - - - If it does not exist yet the - user runtime directory - /var/run/user/$USER is - created and its ownership changed to the user - that is logging in. - - If - is set the - $XDG_SESSION_ID environment - variable is initialized. If auditing is - available and - pam_loginuid.so run before - this module (which es recommended), the - variable is initialized from the auditing - session id - (/proc/self/sessionid). Otherwise - an independent session counter is - used. - - If - is set a new - control group - /user/$USER/$XDG_SESSION_ID - is created and the login process moved into - it. - - If - is set a new - control group - /user/$USER/no-session - is created and the login process moved into - it. - - - - On logout, this module ensures the following: - - - If - $XDG_SESSION_ID is set and - specified, all - remaining processes in the - /user/$USER/$XDG_SESSION_ID - control group are killed and the control group - removed. - - If - $XDG_SESSION_ID is set and - specified, all - remaining processes in the - /user/$USER/$XDG_SESSION_ID - control group are migrated to - /user/$USER/no-session and - the original control group - removed. - - If - is specified, and - no other user session control group remains - except - /user/$USER/no-session - all remaining processes in the - /user/$USER hierarchy - are killed and the control group removed. - - If - is specified, and - no process remains in the - /user/$USER hierarchy the - control group is removed. - - If the - /user/$USER control group - was removed the - $XDG_RUNTIME_DIR directory - and all its contents are - removed, too. - - - If the system was not booted up with systemd as - init system this module does nothing and immediately - returns PAM_SUCCESS. - - - - - Options - - The following options are understood: - - - - - - Takes a boolean - argument. If true, a new session is - created: the - $XDG_SESSION_ID - environment variable is set and the - login process moved to the - /user/$USER/$XDG_SESSION_ID - control group. It is recommended that - all services that are directly created - on the user's behalf set this - option. Only for services that shall - automatically be terminated when the - user logs out completely otherwise, - create-session=0 - should be set. - - - - - - Takes a boolean - argument. If true, all processes - created by the user during his session - and from his session will be - terminated when he logs out from his - session. - - - - - - Takes a boolean - argument. If true, all processes - created by the user during his session - and from his session will be - terminated after he logged out - completely. This is a weaker version - of and is - more friendly for users logged in more - than once as their processes are - terminated only on their complete - logout. - - - - Note that setting kill-user=1 - or even kill-session=1 will break - tools like - screen1. - - If the options are omitted they default to - , - , - . - - - - Module Types Provided - - Only is provided. - - - - Environment - - The following environment variables are set for the processes of the user's session: - - - - $XDG_SESSION_ID - - A session identifier, - suitable to be used in file names. The - string itself should be considered - opaque, although often it is just the - audit session ID as reported by - /proc/self/sessionid. Each - ID will be assigned only once during - machine uptime. It may hence be used - to uniquely label files or other - resources of this - session. - - - - $XDG_RUNTIME_DIR - - Path to a user-private - user-writable directory that is bound - to the user login time on the - machine. It is automatically created - the first time a user logs in and - removed on his final logout. If a user - logs in twice at the same time, both - sessions will see the same - $XDG_RUNTIME_DIR - and the same contents. If a user logs - in once, then logs out again, and logs - in again, the directory contents will - have been lost in between, but - applications should not rely on this - behaviour and must be able to deal with - stale files. To store session-private - data in this directory the user should - include the value of $XDG_SESSION_ID - in the filename. This directory shall - be used for runtime file system - objects such as AF_UNIX sockets, - FIFOs, PID files and similar. It is - guaranteed that this directory is - local and offers the greatest possible - file system feature set the - operating system - provides. - - - - - - Example - - #%PAM-1.0 + + + + pam_systemd + systemd + + + + Developer + Lennart + Poettering + lennart@poettering.net + + + + + + pam_systemd + 8 + + + + pam_systemd + Register user sessions in the systemd login manager + + + + pam_systemd.so + + + + Description + + pam_systemd registers user sessions with + the systemd login manager + systemd-logind.service8, + and hence the systemd control group hierarchy. + + On login, this module ensures the following: + + + If it does not exist yet, the user runtime + directory /run/user/$USER is created and + its ownership changed to the user that is logging + in. + + The $XDG_SESSION_ID + environment variable is initialized. If auditing is available + and pam_loginuid.so was run before this + module (which is highly recommended), the variable is + initialized from the auditing session id + (/proc/self/sessionid). Otherwise, an + independent session counter is used. + + A new systemd scope unit is created for the + session. If this is the first concurrent session of the user, an + implicit slice below user.slice is + automatically created and the scope placed into it. An instance + of the system service user@.service, which + runs the systemd user manager instance, is started. + + + + On logout, this module ensures the following: + + + If enabled in + logind.conf + 5, all processes of the + session are terminated. If the last concurrent session of a user + ends, the user's systemd instance will be terminated too, and so + will the user's slice unit. + + If the last concurrent session of a user ends, + the $XDG_RUNTIME_DIR directory and all its + contents are removed, too. + + + If the system was not booted up with systemd as init system, + this module does nothing and immediately returns + PAM_SUCCESS. + + + + + Options + + The following options are understood: + + + + + + + Takes a string argument which sets the session + class. The XDG_SESSION_CLASS environmental variable takes + precedence. One of + user, + greeter, + lock-screen or + background. See + sd_session_get_class3 + for details about the session class. + + + + + + Takes a string argument which sets the session + type. The XDG_SESSION_TYPE environmental variable takes + precedence. One of + unspecified, + tty, + x11, + wayland or + mir. See + sd_session_get_type3 + for details about the session type. + + + + + + Takes an optional + boolean argument. If yes or without + the argument, the module will log + debugging information as it + operates. + + + + + + Module Types Provided + + Only is provided. + + + + Environment + + The following environment variables are set for the + processes of the user's session: + + + + $XDG_SESSION_ID + + A session identifier, suitable to be used in + filenames. The string itself should be considered opaque, + although often it is just the audit session ID as reported by + /proc/self/sessionid. Each ID will be + assigned only once during machine uptime. It may hence be used + to uniquely label files or other resources of this + session. + + + + $XDG_RUNTIME_DIR + + Path to a user-private user-writable directory + that is bound to the user login time on the machine. It is + automatically created the first time a user logs in and + removed on the user's final logout. If a user logs in twice at + the same time, both sessions will see the same + $XDG_RUNTIME_DIR and the same contents. If + a user logs in once, then logs out again, and logs in again, + the directory contents will have been lost in between, but + applications should not rely on this behavior and must be able + to deal with stale files. To store session-private data in + this directory, the user should include the value of + $XDG_SESSION_ID in the filename. This + directory shall be used for runtime file system objects such + as AF_UNIX sockets, FIFOs, PID files and + similar. It is guaranteed that this directory is local and + offers the greatest possible file system feature set the + operating system provides. For further details see the XDG + Base Directory Specification. + + + + + The following environment variables are read by the module + and may be used by the PAM service to pass metadata to the + module: + + + + $XDG_SESSION_TYPE + + The session type. This may be used instead of + on the module parameter line, and is + usually preferred. + + + + $XDG_SESSION_CLASS + + The session class. This may be used instead of + on the module parameter line, and is + usually preferred. + + + + $XDG_SESSION_DESKTOP + + A single, short identifier string for the + desktop environment. This may be used to indicate the session + desktop used, where this applies and if this information is + available. For example: GNOME, or + KDE. It is recommended to use the same + identifiers and capitalization as for + $XDG_CURRENT_DESKTOP, as defined by the + Desktop + Entry Specification. (However, note that + $XDG_SESSION_DESKTOP only takes a single + item, and not a colon-separated list like + $XDG_CURRENT_DESKTOP.) See + sd_session_get_desktop3 + for more details. + + + + $XDG_SEAT + + The seat name the session shall be registered + for, if any. + + + + $XDG_VTNR + + The VT number the session shall be registered + for, if any. (Only applies to seats with a VT available, such + as seat0) + + + + + + + Example + + #%PAM-1.0 auth required pam_unix.so auth required pam_nologin.so account required pam_unix.so password required pam_unix.so session required pam_unix.so session required pam_loginuid.so -session required pam_systemd.so kill-user=1 - - - - See Also - - pam.conf5, - pam.d5, - pam8, - pam_loginuid8, - systemd1 - - +session required pam_systemd.so + + + + See Also + + systemd1, + systemd-logind.service8, + logind.conf5, + loginctl1, + pam.conf5, + pam.d5, + pam8, + pam_loginuid8, + systemd.scope5, + systemd.slice5, + systemd.service5 + +