1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 Copyright 2011 Lennart Poettering
11 #include "alloc-util.h"
12 #include "bus-common-errors.h"
13 #include "bus-error.h"
15 #include "cgroup-util.h"
16 #include "clean-ipc.h"
20 #include "format-util.h"
24 #include "logind-user.h"
26 #include "parse-util.h"
27 #include "path-util.h"
30 #include "stdio-util.h"
31 #include "string-table.h"
32 #include "unit-name.h"
33 #include "user-util.h"
36 int user_new(User **out, Manager *m, uid_t uid, gid_t gid, const char *name) {
37 _cleanup_(user_freep) User *u = NULL;
38 char lu[DECIMAL_STR_MAX(uid_t) + 1];
52 xsprintf(lu, UID_FMT, uid);
54 u->name = strdup(name);
58 if (asprintf(&u->state_file, "/run/systemd/users/"UID_FMT, uid) < 0)
61 if (asprintf(&u->runtime_path, "/run/user/"UID_FMT, uid) < 0)
64 r = slice_build_subslice(SPECIAL_USER_SLICE, lu, &u->slice);
68 r = unit_name_build("user", lu, ".service", &u->service);
72 r = hashmap_put(m->users, UID_TO_PTR(uid), u);
76 r = hashmap_put(m->user_units, u->slice, u);
80 r = hashmap_put(m->user_units, u->service, u);
89 User *user_free(User *u) {
94 LIST_REMOVE(gc_queue, u->manager->user_gc_queue, u);
97 session_free(u->sessions);
100 hashmap_remove_value(u->manager->user_units, u->service, u);
103 hashmap_remove_value(u->manager->user_units, u->slice, u);
105 hashmap_remove_value(u->manager->users, UID_TO_PTR(u->uid), u);
107 #if 0 /// elogind neither supports slice nor service jobs.
108 u->slice_job = mfree(u->slice_job);
109 u->service_job = mfree(u->service_job);
112 u->service = mfree(u->service);
113 u->slice = mfree(u->slice);
114 u->runtime_path = mfree(u->runtime_path);
115 u->state_file = mfree(u->state_file);
116 u->name = mfree(u->name);
121 static int user_save_internal(User *u) {
122 _cleanup_free_ char *temp_path = NULL;
123 _cleanup_fclose_ FILE *f = NULL;
127 assert(u->state_file);
129 r = mkdir_safe_label("/run/systemd/users", 0755, 0, 0, MKDIR_WARN_MODE);
133 r = fopen_temporary(u->state_file, &f, &temp_path);
137 (void) __fsetlocking(f, FSETLOCKING_BYCALLER);
138 (void) fchmod(fileno(f), 0644);
141 "# This is private data. Do not parse.\n"
145 user_state_to_string(user_get_state(u)));
147 /* LEGACY: no-one reads RUNTIME= anymore, drop it at some point */
149 fprintf(f, "RUNTIME=%s\n", u->runtime_path);
151 #if 0 /// elogind neither supports service nor slice jobs
153 fprintf(f, "SERVICE_JOB=%s\n", u->service_job);
156 fprintf(f, "SLICE_JOB=%s\n", u->slice_job);
160 fprintf(f, "DISPLAY=%s\n", u->display->id);
162 if (dual_timestamp_is_set(&u->timestamp))
164 "REALTIME="USEC_FMT"\n"
165 "MONOTONIC="USEC_FMT"\n",
166 u->timestamp.realtime,
167 u->timestamp.monotonic);
173 fputs("SESSIONS=", f);
175 LIST_FOREACH(sessions_by_user, i, u->sessions) {
184 fputs("\nSEATS=", f);
186 LIST_FOREACH(sessions_by_user, i, u->sessions) {
195 fputs(i->seat->id, f);
198 fputs("\nACTIVE_SESSIONS=", f);
200 LIST_FOREACH(sessions_by_user, i, u->sessions) {
201 if (!session_is_active(i))
212 fputs("\nONLINE_SESSIONS=", f);
214 LIST_FOREACH(sessions_by_user, i, u->sessions) {
215 if (session_get_state(i) == SESSION_CLOSING)
226 fputs("\nACTIVE_SEATS=", f);
228 LIST_FOREACH(sessions_by_user, i, u->sessions) {
229 if (!session_is_active(i) || !i->seat)
237 fputs(i->seat->id, f);
240 fputs("\nONLINE_SEATS=", f);
242 LIST_FOREACH(sessions_by_user, i, u->sessions) {
243 if (session_get_state(i) == SESSION_CLOSING || !i->seat)
251 fputs(i->seat->id, f);
256 r = fflush_and_check(f);
260 if (rename(temp_path, u->state_file) < 0) {
268 (void) unlink(u->state_file);
271 (void) unlink(temp_path);
273 return log_error_errno(r, "Failed to save user data %s: %m", u->state_file);
276 int user_save(User *u) {
282 return user_save_internal (u);
285 int user_load(User *u) {
286 _cleanup_free_ char *display = NULL, *realtime = NULL, *monotonic = NULL;
292 r = parse_env_file(NULL, u->state_file, NEWLINE,
293 #if 0 /// elogind neither supports service nor slice jobs
294 "SERVICE_JOB", &u->service_job,
295 "SLICE_JOB", &u->slice_job,
298 "REALTIME", &realtime,
299 "MONOTONIC", &monotonic,
305 return log_error_errno(r, "Failed to read %s: %m", u->state_file);
309 s = hashmap_get(u->manager->sessions, display);
311 if (s && s->display && display_is_local(s->display))
315 timestamp_deserialize(realtime, &u->timestamp.realtime);
317 timestamp_deserialize(monotonic, &u->timestamp.monotonic);
323 #if 0 /// elogind can not ask systemd via dbus to start user services
327 hashmap_put(u->manager->user_units, u->slice, u);
329 static int user_start_service(User *u) {
330 #if 0 /// elogind can not ask systemd via dbus to start user services
331 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
337 u->service_job = mfree(u->service_job);
339 r = manager_start_unit(
345 /* we don't fail due to this, let's try to continue */
346 log_error_errno(r, "Failed to start user service, ignoring: %s", bus_error_message(&error, r));
348 u->service_job = job;
352 hashmap_put(u->manager->user_units, u->service, u);
358 int user_start(User *u) {
363 if (u->started && !u->stopping)
367 * If u->stopping is set, the user is marked for removal and the slice
368 * and service stop-jobs are queued. We have to clear that flag before
369 * queing the start-jobs again. If they succeed, the user object can be
370 * re-used just fine (pid1 takes care of job-ordering and proper
371 * restart), but if they fail, we want to force another user_stop() so
372 * possibly pending units are stopped.
373 * Note that we don't clear u->started, as we have no clue what state
374 * the user is in on failure here. Hence, we pretend the user is
375 * running so it will be properly taken down by GC. However, we clearly
376 * return an error from user_start() in that case, so no further
377 * reference to the user is taken.
382 log_debug("Starting services for new user %s.", u->name);
384 /* Save the user data so far, because pam_systemd will read the
385 * XDG_RUNTIME_DIR out of it while starting up systemd --user.
386 * We need to do user_save_internal() because we have not
387 * "officially" started yet. */
388 user_save_internal(u);
390 /* Spawn user systemd */
391 r = user_start_service(u);
396 if (!dual_timestamp_is_set(&u->timestamp))
397 dual_timestamp_get(&u->timestamp);
398 user_send_signal(u, true);
402 /* Save new user data */
408 #if 0 /// UNNEEDED by elogind
409 static int user_stop_slice(User *u) {
410 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
416 r = manager_stop_unit(u->manager, u->slice, &error, &job);
418 log_error("Failed to stop user slice: %s", bus_error_message(&error, r));
428 static int user_stop_service(User *u) {
429 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
435 r = manager_stop_unit(u->manager, u->service, &error, &job);
437 log_error("Failed to stop user service: %s", bus_error_message(&error, r));
441 free_and_replace(u->service_job, job);
446 int user_stop(User *u, bool force) {
451 /* Stop jobs have already been queued */
457 LIST_FOREACH(sessions_by_user, s, u->sessions) {
458 k = session_stop(s, force);
464 #if 0 /// elogind does not support service or slice jobs
465 k = user_stop_service(u);
470 k = user_stop_slice(u);
479 #if 1 /// elogind must queue this user again
480 user_add_to_gc_queue(u);
485 int user_finalize(User *u) {
492 log_debug("User %s logged out.", u->name);
494 LIST_FOREACH(sessions_by_user, s, u->sessions) {
495 k = session_finalize(s);
500 /* Clean SysV + POSIX IPC objects, but only if this is not a system user. Background: in many setups cronjobs
501 * are run in full PAM and thus logind sessions, even if the code run doesn't belong to actual users but to
502 * system components. Since enable RemoveIPC= globally for all users, we need to be a bit careful with such
503 * cases, as we shouldn't accidentally remove a system service's IPC objects while it is running, just because
504 * a cronjob running as the same user just finished. Hence: exclude system users generally from IPC clean-up,
505 * and do it only for normal users. */
506 if (u->manager->remove_ipc && !uid_is_system(u->uid)) {
507 k = clean_ipc_by_uid(u->uid);
512 unlink(u->state_file);
513 user_add_to_gc_queue(u);
516 user_send_signal(u, false);
523 int user_get_idle_hint(User *u, dual_timestamp *t) {
525 bool idle_hint = true;
526 dual_timestamp ts = DUAL_TIMESTAMP_NULL;
530 LIST_FOREACH(sessions_by_user, s, u->sessions) {
534 ih = session_get_idle_hint(s, &k);
540 if (k.monotonic < ts.monotonic)
546 } else if (idle_hint) {
548 if (k.monotonic > ts.monotonic)
559 int user_check_linger_file(User *u) {
560 _cleanup_free_ char *cc = NULL;
563 cc = cescape(u->name);
567 p = strjoina("/var/lib/elogind/linger/", cc);
569 return access(p, F_OK) >= 0;
572 bool user_may_gc(User *u, bool drop_not_started) {
575 if (drop_not_started && !u->started)
581 if (user_check_linger_file(u) > 0)
584 #if 0 /// elogind neither supports service nor slice jobs
585 if (u->slice_job && manager_job_is_active(u->manager, u->slice_job))
588 if (u->service_job && manager_job_is_active(u->manager, u->service_job))
595 void user_add_to_gc_queue(User *u) {
601 LIST_PREPEND(gc_queue, u->manager->user_gc_queue, u);
602 u->in_gc_queue = true;
605 UserState user_get_state(User *u) {
613 #if 0 /// elogind neither supports service nor slice jobs.
614 if (!u->started || u->slice_job || u->service_job)
621 bool all_closing = true;
623 LIST_FOREACH(sessions_by_user, i, u->sessions) {
626 state = session_get_state(i);
627 if (state == SESSION_ACTIVE)
629 if (state != SESSION_CLOSING)
633 return all_closing ? USER_CLOSING : USER_ONLINE;
636 if (user_check_linger_file(u) > 0)
637 return USER_LINGERING;
642 int user_kill(User *u, int signo) {
643 #if 0 /// Without systemd unit support, elogind has to rely on its session system
646 return manager_kill_unit(u->manager, u->slice, KILL_ALL, signo, NULL);
653 LIST_FOREACH(sessions_by_user, s, u->sessions) {
654 int r = session_kill(s, KILL_ALL, signo);
655 if (res == 0 && r < 0)
663 static bool elect_display_filter(Session *s) {
664 /* Return true if the session is a candidate for the user’s ‘primary
665 * session’ or ‘display’. */
668 return (s->class == SESSION_USER && !s->stopping);
671 static int elect_display_compare(Session *s1, Session *s2) {
672 /* Indexed by SessionType. Lower numbers mean more preferred. */
673 const int type_ranks[_SESSION_TYPE_MAX] = {
674 [SESSION_UNSPECIFIED] = 0,
677 [SESSION_WAYLAND] = -3,
682 /* Calculate the partial order relationship between s1 and s2,
683 * returning < 0 if s1 is preferred as the user’s ‘primary session’,
684 * 0 if s1 and s2 are equally preferred or incomparable, or > 0 if s2
687 * s1 or s2 may be NULL. */
691 if ((s1 == NULL) != (s2 == NULL))
692 return (s1 == NULL) - (s2 == NULL);
694 if (s1->stopping != s2->stopping)
695 return s1->stopping - s2->stopping;
697 if ((s1->class != SESSION_USER) != (s2->class != SESSION_USER))
698 return (s1->class != SESSION_USER) - (s2->class != SESSION_USER);
700 if ((s1->type == _SESSION_TYPE_INVALID) != (s2->type == _SESSION_TYPE_INVALID))
701 return (s1->type == _SESSION_TYPE_INVALID) - (s2->type == _SESSION_TYPE_INVALID);
703 if (s1->type != s2->type)
704 return type_ranks[s1->type] - type_ranks[s2->type];
709 void user_elect_display(User *u) {
714 /* This elects a primary session for each user, which we call
715 * the "display". We try to keep the assignment stable, but we
716 * "upgrade" to better choices. */
717 log_debug("Electing new display for user %s", u->name);
719 LIST_FOREACH(sessions_by_user, s, u->sessions) {
720 if (!elect_display_filter(s)) {
721 log_debug("Ignoring session %s", s->id);
725 if (elect_display_compare(s, u->display) < 0) {
726 log_debug("Choosing session %s in preference to %s", s->id, u->display ? u->display->id : "-");
732 static const char* const user_state_table[_USER_STATE_MAX] = {
733 [USER_OFFLINE] = "offline",
734 [USER_OPENING] = "opening",
735 [USER_LINGERING] = "lingering",
736 [USER_ONLINE] = "online",
737 [USER_ACTIVE] = "active",
738 [USER_CLOSING] = "closing"
741 DEFINE_STRING_TABLE_LOOKUP(user_state, UserState);
743 int config_parse_tmpfs_size(
745 const char *filename,
748 unsigned section_line,
763 /* First, try to parse as percentage */
764 r = parse_percent(rvalue);
765 if (r > 0 && r < 100)
766 *sz = physical_memory_scale(r, 100U);
770 /* If the passed argument was not a percentage, or out of range, parse as byte size */
772 r = parse_size(rvalue, 1024, &k);
773 if (r < 0 || k <= 0 || (uint64_t) (size_t) k != k) {
774 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse size value, ignoring: %s", rvalue);
778 *sz = PAGE_ALIGN((size_t) k);
784 int config_parse_compat_user_tasks_max(
786 const char *filename,
789 unsigned section_line,
801 log_syntax(unit, LOG_NOTICE, filename, line, 0,
802 "Support for option %s= has been removed.",
804 log_info("Hint: try creating /etc/elogind/system/user-.slice/50-limits.conf with:\n"
~ianmdlvl / elogind.git / blob