X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=man%2Fpam_systemd.xml;h=883b50b640a859470e6626428a0fdb618d9d4f68;hb=54fe0cdbe313558a712a15dc3bc516a46c1f7b6e;hp=796035f7a1f7c4fbd110cff4f11603784868f4d9;hpb=7874bcd6028d1efbb4451c8b5cf5b2ac8d77af74;p=elogind.git
diff --git a/man/pam_systemd.xml b/man/pam_systemd.xml
index 796035f7a..883b50b64 100644
--- a/man/pam_systemd.xml
+++ b/man/pam_systemd.xml
@@ -63,39 +63,28 @@
On login, this module ensures the following:
- If it does not exist yet the
+ If it does not exist yet, the
user runtime directory
- /var/run/user/$USER is
+ /run/user/$USER is
created and its ownership changed to the user
that is logging in.
- If
- is set the
+ The
$XDG_SESSION_ID environment
variable is initialized. If auditing is
available and
pam_loginuid.so run before
- this module (which es recommended), the
+ this module (which is highly recommended), the
variable is initialized from the auditing
session id
(/proc/self/sessionid). Otherwise
an independent session counter is
used.
- If
- is set a new
- control group
+ A new control group
/user/$USER/$XDG_SESSION_ID
is created and the login process moved into
it.
-
- If
- is set a new
- control group
- /user/$USER/no-session
- is created and the login process moved into
- it.
-
On logout, this module ensures the following:
@@ -103,38 +92,13 @@
If
$XDG_SESSION_ID is set and
- specified, all
+ specified, all
remaining processes in the
/user/$USER/$XDG_SESSION_ID
control group are killed and the control group
- removed.
+ is removed.
- If
- $XDG_SESSION_ID is set and
- specified, all
- remaining processes in the
- /user/$USER/$XDG_SESSION_ID
- control group are migrated to
- /user/$USER/no-session and
- the original control group
- removed.
-
- If
- is specified, and
- no other user session control group remains
- except
- /user/$USER/no-session
- all remaining processes in the
- /user/$USER hierarchy
- are killed and the control group removed.
-
- If
- is specified, and
- no process remains in the
- /user/$USER hierarchy the
- control group is removed.
-
- If the
+ If last subgroup of the
/user/$USER control group
was removed the
$XDG_RUNTIME_DIR directory
@@ -143,7 +107,7 @@
If the system was not booted up with systemd as
- init system this module does nothing and immediately
+ init system, this module does nothing and immediately
returns PAM_SUCCESS.
@@ -155,27 +119,7 @@
-
-
- Takes a boolean
- argument. If true, a new session is
- created: the
- $XDG_SESSION_ID
- environment variable is set and the
- login process moved to the
- /user/$USER/$XDG_SESSION_ID
- control group. It is recommended that
- all services that are directly created
- on the user's behalf set this
- option. Only for services that shall
- automatically be terminated when the
- user logs out completely otherwise,
- create-session=0
- should be set.
-
-
-
-
+ Takes a boolean
argument. If true, all processes
@@ -186,31 +130,100 @@
-
+
+
+ Takes a comma
+ separated list of user names or
+ numeric user ids as argument. If this
+ option is used the effect of the
+ options
+ will apply only to the listed
+ users. If this option is not used the
+ option applies to all local
+ users. Note that
+
+ takes precedence over this list and is
+ hence subtracted from the list
+ specified here.
+
+
+
+
+
+ Takes a comma
+ separated list of user names or
+ numeric user ids as argument. Users
+ listed in this argument will not be
+ subject to the effect of
+ . Note
+ that that this option takes precedence
+ over
+ , and
+ hence whatever is listed for
+
+ is guaranteed to never be killed by
+ this PAM module, independent of any
+ other configuration
+ setting.
+
+
+
+
+
+ Takes a comma
+ separated list of control group
+ controllers in which hierarchies a
+ user/session control group will be
+ created by default for each user
+ logging in, in addition to the control
+ group in the named 'name=systemd'
+ hierarchy. If omitted, defaults to an
+ empty list.
+
+
+
+
+
+ Takes a comma
+ separated list of control group
+ controllers in which hierarchies the
+ logged in processes will be reset to
+ the root control
+ group.
+
+
+
+ Takes a boolean
- argument. If true, all processes
- created by the user during his session
- and from his session will be
- terminated after he logged out
- completely. This is a weaker version
- of and is
- more friendly for users logged in more
- than once as their processes are
- terminated only on their complete
- logout.
+ argument. If yes, the module will log
+ debugging information as it
+ operates.
- Note that setting kill-user=1
- or even kill-session=1 will break
- tools like
+ Note that setting
+ kill-session-processes=1 will break tools
+ like
screen1.
+ Note that
+ kill-session-processes=1 is a
+ stricter version of
+ KillUserProcesses=1 which may be
+ configured system-wide in
+ systemd-logind.conf5. The
+ former kills processes of a session as soon as it
+ ends, the latter kills processes as soon as the last
+ session of the user ends.
+
If the options are omitted they default to
- ,
- ,
- .
+ ,
+ ,
+ ,
+ ,
+ ,
+ .
@@ -222,6 +235,8 @@
Environment
+ The following environment variables are set for the processes of the user's session:
+
$XDG_SESSION_ID
@@ -283,7 +298,7 @@ account required pam_unix.so
password required pam_unix.so
session required pam_unix.so
session required pam_loginuid.so
-session required pam_systemd.so create-session=1 kill-user=1
+session required pam_systemd.so kill-session-processes=1
@@ -293,6 +308,7 @@ session required pam_systemd.so create-session=1 kill-user=1pam.d5,
pam8,
pam_loginuid8,
+ systemd-logind.conf5,
systemd1