X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=man%2Fpam_systemd.xml;h=d3edc32d2ddb0742af38965bcc134925b48e4f4a;hp=f2c1ab8ca6bd3f5e9117094841cd7f9d548247ec;hb=86198b2788e56fd05959c2dce670d1646bf99bcd;hpb=af3bccd6d87759f0b146bf5980bdd56144d70c7e diff --git a/man/pam_systemd.xml b/man/pam_systemd.xml index f2c1ab8ca..d3edc32d2 100644 --- a/man/pam_systemd.xml +++ b/man/pam_systemd.xml @@ -21,7 +21,7 @@ along with systemd; If not, see . --> - + pam_systemd @@ -48,16 +48,14 @@ - - pam_systemd.so - + pam_systemd.so Description pam_systemd registers user - sessions in the systemd login manager + sessions with the systemd login manager systemd-logind.service8, and hence the systemd control group hierarchy. @@ -82,29 +80,32 @@ an independent session counter is used. - A new control group - /user/$USER/$XDG_SESSION_ID - is created and the login process moved into - it. + A new systemd scope unit is + created for the session. If this is the first + concurrent session of the user, an implicit + slice below user.slice is + automatically created and the scope placed in + it. In instance of the system service + user@.service which runs + the systemd user manager + instance. On logout, this module ensures the following: - If - $XDG_SESSION_ID is set and - specified, all - remaining processes in the - /user/$USER/$XDG_SESSION_ID - control group are killed and the control group - is removed. - - If last subgroup of the - /user/$USER control group - was removed the + If this is enabled, all + processes of the session are terminated. If + the last concurrent session of a user ends, his + user systemd instance will be terminated too, + and so will the user's slice + unit. + + If the last concurrent session + of a user ends, the $XDG_RUNTIME_DIR directory - and all its contents are - removed, too. + and all its contents are removed, + too. If the system was not booted up with systemd as @@ -118,113 +119,27 @@ The following options are understood: - - - - - Takes a boolean - argument. If true, all processes - created by the user during his session - and from his session will be - terminated when he logs out from his - session. - + - - - Takes a comma - separated list of user names or - numeric user ids as argument. If this - option is used the effect of the - options - will apply only to the listed - users. If this option is not used the - option applies to all local - users. Note that - - takes precedence over this list and is - hence subtracted from the list - specified here. - + - - - - Takes a comma - separated list of user names or - numeric user ids as argument. Users - listed in this argument will not be - subject to the effect of - . Note - that that this option takes precedence - over - , and - hence whatever is listed for - - is guaranteed to never be killed by - this PAM module, independent of any - other configuration - setting. + Takes a string + argument which sets the session class. + The XDG_SESSION_CLASS environmental variable + takes precedence. - - - Takes a comma - separated list of control group - controllers in which hierarchies a - user/session control group will be - created by default for each user - logging in, in addition to the control - group in the named 'name=systemd' - hierarchy. If omitted, defaults to an - empty list. - + - - - - Takes a comma - separated list of control group - controllers in which hierarchies the - logged in processes will be reset to - the root control - group. - - - - - - Takes a boolean - argument. If yes, the module will log + Takes an optional + boolean argument. If yes or without + the argument, the module will log debugging information as it operates. - - Note that setting - kill-session-processes=1 will break tools - like - screen1. - - Note that - kill-session-processes=1 is a - stricter version of - KillUserProcesses=1 which may be - configured system-wide in - logind.conf5. The - former kills processes of a session as soon as it - ends, the latter kills processes as soon as the last - session of the user ends. - - If the options are omitted they default to - , - , - , - , - , - . @@ -238,12 +153,12 @@ The following environment variables are set for the processes of the user's session: - + $XDG_SESSION_ID A session identifier, - suitable to be used in file names. The + suitable to be used in filenames. The string itself should be considered opaque, although often it is just the audit session ID as reported by @@ -272,13 +187,13 @@ in again, the directory contents will have been lost in between, but applications should not rely on this - behaviour and must be able to deal with + behavior and must be able to deal with stale files. To store session-private - data in this directory the user should + data in this directory, the user should include the value of $XDG_SESSION_ID in the filename. This directory shall be used for runtime file system - objects such as AF_UNIX sockets, + objects such as AF_UNIX sockets, FIFOs, PID files and similar. It is guaranteed that this directory is local and offers the greatest possible @@ -299,7 +214,7 @@ account required pam_unix.so password required pam_unix.so session required pam_unix.so session required pam_loginuid.so -session required pam_systemd.so kill-session-processes=1 +session required pam_systemd.so @@ -312,7 +227,10 @@ session required pam_systemd.so kill-session-processes=1 pam.conf5, pam.d5, pam8, - pam_loginuid8 + pam_loginuid8, + systemd.scope5, + systemd.slice5, + systemd.service5