X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=man%2Fpam_systemd.xml;h=b4a3f502b443389d1db889d45347494e4c4c00d8;hp=c07b46bab24a386a31ba36899bf15b2ddb6c89e8;hb=f36933fef605a7dccce8e3aecccff5152e522fa6;hpb=19c5f19d69bb5f520fa7213239490c55de06d99d diff --git a/man/pam_systemd.xml b/man/pam_systemd.xml index c07b46bab..b4a3f502b 100644 --- a/man/pam_systemd.xml +++ b/man/pam_systemd.xml @@ -1,6 +1,6 @@ + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> - - - - pam_systemd - systemd - - - - Developer - Lennart - Poettering - lennart@poettering.net - - - - - - pam_systemd - 8 - - - - pam_systemd - Register user sessions in the systemd control group hierarchy - - - - - pam_systemd.so - - - - - Description - - pam_systemd registers user - sessions in the systemd control group - hierarchy. - - On login, this module ensures the following: - - - If it does not exist yet, the - user runtime directory - /run/user/$USER is - created and its ownership changed to the user - that is logging in. - - The - $XDG_SESSION_ID environment - variable is initialized. If auditing is - available and - pam_loginuid.so run before - this module (which is highly recommended), the - variable is initialized from the auditing - session id - (/proc/self/sessionid). Otherwise - an independent session counter is - used. - - A new control group - /user/$USER/$XDG_SESSION_ID - is created and the login process moved into - it. - - - On logout, this module ensures the following: - - - If - $XDG_SESSION_ID is set and - specified, all - remaining processes in the - /user/$USER/$XDG_SESSION_ID - control group are killed and the control group - is removed. - - If last subgroup of the - /user/$USER control group - was removed the - $XDG_RUNTIME_DIR directory - and all its contents are - removed, too. - - - If the system was not booted up with systemd as - init system, this module does nothing and immediately - returns PAM_SUCCESS. - - - - - Options - - The following options are understood: - - - - - - Takes a boolean - argument. If true, all processes - created by the user during his session - and from his session will be - terminated when he logs out from his - session. - - - - - - Takes a comma - separated list of user names or - numeric user ids as argument. If this - option is used the effect of the - options - will apply only to the listed - users. If this option is not used the - option applies to all local - users. Note that - - takes precedence over this list and is - hence subtracted from the list - specified here. - - - - - - Takes a comma - separated list of user names or - numeric user ids as argument. Users - listed in this argument will not be - subject to the effect of - . Note - that that this option takes precedence - over - , and - hence whatever is listed for - - is guaranteed to never be killed by - this PAM module, independent of any - other configuration - setting. - - - - - - Takes a comma - separated list of control group - controllers in which hierarchies a - user/session control group will be - created by default for each user - logging in, in addition to the control - group in the named 'name=systemd' - hierarchy. If omitted, defaults to an - empty list. - - - - - - Takes a comma - separated list of control group - controllers in which hierarchies the - logged in processes will be reset to - the root control - group. - - - - - - Takes a boolean - argument. If yes, the module will log - debugging information as it - operates. - - - - Note that setting - kill-session-processes=1 will break tools - like - screen1. - - Note that - kill-session-processes=1 is a - stricter version of - KillUserProcesses=1 which may be - configured system-wide in - logind.conf5. The - former kills processes of a session as soon as it - ends, the latter kills processes as soon as the last - session of the user ends. - - If the options are omitted they default to - , - , - , - , - , - . - - - - Module Types Provided - - Only is provided. - - - - Environment - - The following environment variables are set for the processes of the user's session: - - - - $XDG_SESSION_ID - - A session identifier, - suitable to be used in file names. The - string itself should be considered - opaque, although often it is just the - audit session ID as reported by - /proc/self/sessionid. Each - ID will be assigned only once during - machine uptime. It may hence be used - to uniquely label files or other - resources of this - session. - - - - $XDG_RUNTIME_DIR - - Path to a user-private - user-writable directory that is bound - to the user login time on the - machine. It is automatically created - the first time a user logs in and - removed on his final logout. If a user - logs in twice at the same time, both - sessions will see the same - $XDG_RUNTIME_DIR - and the same contents. If a user logs - in once, then logs out again, and logs - in again, the directory contents will - have been lost in between, but - applications should not rely on this - behaviour and must be able to deal with - stale files. To store session-private - data in this directory the user should - include the value of $XDG_SESSION_ID - in the filename. This directory shall - be used for runtime file system - objects such as AF_UNIX sockets, - FIFOs, PID files and similar. It is - guaranteed that this directory is - local and offers the greatest possible - file system feature set the - operating system - provides. - - - - - - Example - - #%PAM-1.0 + + + + pam_systemd + systemd + + + + Developer + Lennart + Poettering + lennart@poettering.net + + + + + + pam_systemd + 8 + + + + pam_systemd + Register user sessions in the systemd login manager + + + + pam_systemd.so + + + + Description + + pam_systemd registers user sessions with + the systemd login manager + systemd-logind.service8, + and hence the systemd control group hierarchy. + + On login, this module ensures the following: + + + If it does not exist yet, the user runtime + directory /run/user/$USER is created and + its ownership changed to the user that is logging + in. + + The $XDG_SESSION_ID + environment variable is initialized. If auditing is available + and pam_loginuid.so was run before this + module (which is highly recommended), the variable is + initialized from the auditing session id + (/proc/self/sessionid). Otherwise, an + independent session counter is used. + + A new systemd scope unit is created for the + session. If this is the first concurrent session of the user, an + implicit slice below user.slice is + automatically created and the scope placed into it. An instance + of the system service user@.service, which + runs the systemd user manager instance, is started. + + + + On logout, this module ensures the following: + + + If enabled in + logind.conf + 5, all processes of the + session are terminated. If the last concurrent session of a user + ends, the user's systemd instance will be terminated too, and so + will the user's slice unit. + + If the last concurrent session of a user ends, + the $XDG_RUNTIME_DIR directory and all its + contents are removed, too. + + + If the system was not booted up with systemd as init system, + this module does nothing and immediately returns + PAM_SUCCESS. + + + + + Options + + The following options are understood: + + + + + + + Takes a string argument which sets the session + class. The XDG_SESSION_CLASS environmental variable takes + precedence. One of + user, + greeter, + lock-screen or + background. See + sd_session_get_class3 + for details about the session class. + + + + + + Takes a string argument which sets the session + type. The XDG_SESSION_TYPE environmental variable takes + precedence. One of + unspecified, + tty, + x11, + wayland or + mir. See + sd_session_get_type3 + for details about the session type. + + + + + + Takes an optional + boolean argument. If yes or without + the argument, the module will log + debugging information as it + operates. + + + + + + Module Types Provided + + Only is provided. + + + + Environment + + The following environment variables are set for the + processes of the user's session: + + + + $XDG_SESSION_ID + + A session identifier, suitable to be used in + filenames. The string itself should be considered opaque, + although often it is just the audit session ID as reported by + /proc/self/sessionid. Each ID will be + assigned only once during machine uptime. It may hence be used + to uniquely label files or other resources of this + session. + + + + $XDG_RUNTIME_DIR + + Path to a user-private user-writable directory + that is bound to the user login time on the machine. It is + automatically created the first time a user logs in and + removed on the user's final logout. If a user logs in twice at + the same time, both sessions will see the same + $XDG_RUNTIME_DIR and the same contents. If + a user logs in once, then logs out again, and logs in again, + the directory contents will have been lost in between, but + applications should not rely on this behavior and must be able + to deal with stale files. To store session-private data in + this directory, the user should include the value of + $XDG_SESSION_ID in the filename. This + directory shall be used for runtime file system objects such + as AF_UNIX sockets, FIFOs, PID files and + similar. It is guaranteed that this directory is local and + offers the greatest possible file system feature set the + operating system provides. For further details see the XDG + Base Directory Specification. + + + + + The following environment variables are read by the module + and may be used by the PAM service to pass metadata to the + module: + + + + $XDG_SESSION_TYPE + + The session type. This may be used instead of + on the module parameter line, and is + usually preferred. + + + + $XDG_SESSION_CLASS + + The session class. This may be used instead of + on the module parameter line, and is + usually preferred. + + + + $XDG_SESSION_DESKTOP + + A single, short identifier string for the + desktop environment. This may be used to indicate the session + desktop used, where this applies and if this information is + available. For example: GNOME, or + KDE. It is recommended to use the same + identifiers and capitalization as for + $XDG_CURRENT_DESKTOP, as defined by the + Desktop + Entry Specification. (However, note that + $XDG_SESSION_DESKTOP only takes a single + item, and not a colon-separated list like + $XDG_CURRENT_DESKTOP.) See + sd_session_get_desktop3 + for more details. + + + + $XDG_SEAT + + The seat name the session shall be registered + for, if any. + + + + $XDG_VTNR + + The VT number the session shall be registered + for, if any. (Only applies to seats with a VT available, such + as seat0) + + + + + + + Example + + #%PAM-1.0 auth required pam_unix.so auth required pam_nologin.so account required pam_unix.so password required pam_unix.so session required pam_unix.so session required pam_loginuid.so -session required pam_systemd.so kill-session-processes=1 - - - - See Also - - pam.conf5, - pam.d5, - pam8, - pam_loginuid8, - logind.conf5, - systemd1 - - +session required pam_systemd.so + + + + See Also + + systemd1, + systemd-logind.service8, + logind.conf5, + loginctl1, + pam.conf5, + pam.d5, + pam8, + pam_loginuid8, + systemd.scope5, + systemd.slice5, + systemd.service5 + +