X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=man%2Fpam_systemd.xml;h=3e106ea69b8dff7a577fcf96408de516cc875e02;hp=27edea777978967302842b0de225dfe85152d558;hb=dd5ae4c36c89da5dbe8d1628939b26c00db98753;hpb=c53158818d8cdaf46b3f1b5299b9bda118a1043f
diff --git a/man/pam_systemd.xml b/man/pam_systemd.xml
index 27edea777..3e106ea69 100644
--- a/man/pam_systemd.xml
+++ b/man/pam_systemd.xml
@@ -21,7 +21,7 @@
along with systemd; If not, see .
-->
-
+pam_systemd
@@ -48,16 +48,14 @@
-
- pam_systemd.so
-
+ pam_systemd.soDescriptionpam_systemd registers user
- sessions in the systemd login manager
+ sessions with the systemd login manager
systemd-logind.service8,
and hence the systemd control group hierarchy.
@@ -74,37 +72,42 @@
$XDG_SESSION_ID environment
variable is initialized. If auditing is
available and
- pam_loginuid.so run before
+ pam_loginuid.so was run before
this module (which is highly recommended), the
variable is initialized from the auditing
session id
- (/proc/self/sessionid). Otherwise
+ (/proc/self/sessionid). Otherwise,
an independent session counter is
used.
- A new control group
- /user/$USER/$XDG_SESSION_ID
- is created and the login process moved into
- it.
+ A new systemd scope unit is
+ created for the session. If this is the first
+ concurrent session of the user, an implicit
+ slice below user.slice is
+ automatically created and the scope placed into
+ it. An instance of the system service
+ user@.service, which runs
+ the systemd user manager instance, is started.
+ On logout, this module ensures the following:
- If
- $XDG_SESSION_ID is set and
- specified, all
- remaining processes in the
- /user/$USER/$XDG_SESSION_ID
- control group are killed and the control group
- is removed.
-
- If last subgroup of the
- /user/$USER control group
- was removed the
+ If enabled in
+ logind.conf
+ 5, all
+ processes of the session are terminated. If
+ the last concurrent session of a user ends,
+ the user's systemd instance will be
+ terminated too, and so will the user's slice
+ unit.
+
+ If the last concurrent session
+ of a user ends, the
$XDG_RUNTIME_DIR directory
- and all its contents are
- removed, too.
+ and all its contents are removed,
+ too.If the system was not booted up with systemd as
@@ -118,113 +121,49 @@
The following options are understood:
-
-
-
-
- Takes a boolean
- argument. If true, all processes
- created by the user during his session
- and from his session will be
- terminated when he logs out from his
- session.
-
+
-
-
- Takes a comma
- separated list of user names or
- numeric user ids as argument. If this
- option is used the effect of the
- options
- will apply only to the listed
- users. If this option is not used the
- option applies to all local
- users. Note that
-
- takes precedence over this list and is
- hence subtracted from the list
- specified here.
+
+
+ Takes a string
+ argument which sets the session class.
+ The XDG_SESSION_CLASS environmental variable
+ takes precedence. One of
+ user,
+ greeter,
+ lock-screen or
+ background. See
+ sd_session_get_class3
+ for details about the session class.
-
-
- Takes a comma
- separated list of user names or
- numeric user ids as argument. Users
- listed in this argument will not be
- subject to the effect of
- . Note
- that this option takes precedence
- over
- , and
- hence whatever is listed for
-
- is guaranteed to never be killed by
- this PAM module, independent of any
- other configuration
- setting.
+
+
+ Takes a string
+ argument which sets the session type.
+ The XDG_SESSION_TYPE environmental
+ variable takes precedence. One of
+ unspecified,
+ tty,
+ x11,
+ wayland or
+ mir. See
+ sd_session_get_type3
+ for details about the session type.
-
-
- Takes a comma
- separated list of control group
- controllers in which hierarchies a
- user/session control group will be
- created by default for each user
- logging in, in addition to the control
- group in the named 'name=systemd'
- hierarchy. If omitted, defaults to an
- empty list.
-
+
-
-
-
- Takes a comma
- separated list of control group
- controllers in which hierarchies the
- logged in processes will be reset to
- the root control
- group.
-
-
-
-
-
- Takes a boolean
- argument. If yes, the module will log
+ Takes an optional
+ boolean argument. If yes or without
+ the argument, the module will log
debugging information as it
operates.
-
- Note that setting
- kill-session-processes=1 will break tools
- like
- screen1.
-
- Note that
- kill-session-processes=1 is a
- stricter version of
- KillUserProcesses=1 which may be
- configured system-wide in
- logind.conf5. The
- former kills processes of a session as soon as it
- ends, the latter kills processes as soon as the last
- session of the user ends.
-
- If the options are omitted they default to
- ,
- ,
- ,
- ,
- ,
- .
@@ -238,12 +177,12 @@
The following environment variables are set for the processes of the user's session:
-
+ $XDG_SESSION_IDA session identifier,
- suitable to be used in file names. The
+ suitable to be used in filenames. The
string itself should be considered
opaque, although often it is just the
audit session ID as reported by
@@ -263,9 +202,9 @@
to the user login time on the
machine. It is automatically created
the first time a user logs in and
- removed on his final logout. If a user
- logs in twice at the same time, both
- sessions will see the same
+ removed on the user's final logout. If
+ a user logs in twice at the same time,
+ both sessions will see the same
$XDG_RUNTIME_DIR
and the same contents. If a user logs
in once, then logs out again, and logs
@@ -274,18 +213,95 @@
applications should not rely on this
behavior and must be able to deal with
stale files. To store session-private
- data in this directory the user should
- include the value of $XDG_SESSION_ID
- in the filename. This directory shall
- be used for runtime file system
- objects such as AF_UNIX sockets,
- FIFOs, PID files and similar. It is
- guaranteed that this directory is
- local and offers the greatest possible
- file system feature set the
- operating system
- provides.
+ data in this directory, the user
+ should include the value of
+ $XDG_SESSION_ID in
+ the filename. This directory shall be
+ used for runtime file system objects
+ such as AF_UNIX
+ sockets, FIFOs, PID files and
+ similar. It is guaranteed that this
+ directory is local and offers the
+ greatest possible file system feature
+ set the operating system provides. For
+ further details see the XDG
+ Base Directory
+ Specification.
+
+
+
+
+ The following environment variables are read by
+ the module and may be used by the PAM service to pass
+ metadata to the module:
+
+
+
+ $XDG_SESSION_TYPE
+
+ The session type. This
+ may be used instead of
+ on the
+ module parameter line, and is usually
+ preferred.
+
+
+
+ $XDG_SESSION_CLASS
+
+ The session class. This
+ may be used instead of
+ on the
+ module parameter line, and is usually
+ preferred.
+
+
+ $XDG_SESSION_DESKTOP
+
+ A single, short
+ identifier string for the desktop
+ environment. This may be used to
+ indicate the session desktop used,
+ where this applies and if this
+ information is available. For example:
+ GNOME, or
+ KDE. It is
+ recommended to use the same
+ identifiers and capitalization as for
+ $XDG_CURRENT_DESKTOP,
+ as defined by the Desktop
+ Entry Specification. (However,
+ note that
+ $XDG_SESSION_DESKTOP
+ only takes a single item, and not a
+ colon-separated list like
+ $XDG_CURRENT_DESKTOP.)
+ See
+ sd_session_get_desktop3
+ for more details.
+
+
+
+ $XDG_SEAT
+
+ The seat name the session
+ shall be registered for, if
+ any.
+
+
+
+ $XDG_VTNR
+
+ The VT number the
+ session shall be registered for, if
+ any. (Only applies to seats with a VT
+ available, such as
+ seat0)
+
+
@@ -299,7 +315,7 @@ account required pam_unix.so
password required pam_unix.so
session required pam_unix.so
session required pam_loginuid.so
-session required pam_systemd.so kill-session-processes=1
+session required pam_systemd.so
@@ -309,10 +325,13 @@ session required pam_systemd.so kill-session-processes=1
systemd-logind.service8,
logind.conf5,
loginctl1,
- pam.conf5,
- pam.d5,
- pam8,
- pam_loginuid8
+ pam.conf5,
+ pam.d5,
+ pam8,
+ pam_loginuid8,
+ systemd.scope5,
+ systemd.slice5,
+ systemd.service5