X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=man%2Fpam_systemd.xml;h=40709f7c54015fd845dc2e69f8cc16d8f83458c3;hp=d43ed231f292d6d83e4104f4d67b5bee673f9b56;hb=989fc2c61cb3c5376bd8bff6b2cfba9e4d740ffc;hpb=4611d77694effd27ad0e191c820498dbff25907c
diff --git a/man/pam_systemd.xml b/man/pam_systemd.xml
index d43ed231f..40709f7c5 100644
--- a/man/pam_systemd.xml
+++ b/man/pam_systemd.xml
@@ -8,20 +8,20 @@
Copyright 2010 Lennart Poettering
systemd is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
+ Lesser General Public License for more details.
- You should have received a copy of the GNU General Public License
+ You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see .
-->
-
+pam_systemd
@@ -44,102 +44,70 @@
pam_systemd
- Register user sessions in the systemd control group hierarchy
+ Register user sessions in the systemd login manager
-
- pam_systemd.so
-
+ pam_systemd.soDescriptionpam_systemd registers user
- sessions in the systemd control group
- hierarchy.
+ sessions with the systemd login manager
+ systemd-logind.service8,
+ and hence the systemd control group hierarchy.
On login, this module ensures the following:If it does not exist yet, the
user runtime directory
- /var/run/user/$USER is
+ /run/user/$USER is
created and its ownership changed to the user
that is logging in.
- If
- is set, the
+ The
$XDG_SESSION_ID environment
variable is initialized. If auditing is
available and
- pam_loginuid.so run before
+ pam_loginuid.so was run before
this module (which is highly recommended), the
variable is initialized from the auditing
session id
- (/proc/self/sessionid). Otherwise
+ (/proc/self/sessionid). Otherwise,
an independent session counter is
used.
- If
- is set, a new
- control group
- /user/$USER/$XDG_SESSION_ID
- is created and the login process moved into
- it.
-
- If
- is set, a new
- control group
- /user/$USER/user
- is created and the login process moved into
- it.
-
+ A new systemd scope unit is
+ created for the session. If this is the first
+ concurrent session of the user, an implicit
+ slice below user.slice is
+ automatically created and the scope placed into
+ it. An instance of the system service
+ user@.service, which runs
+ the systemd user manager instance, is started.
+ On logout, this module ensures the following:
- If
- $XDG_SESSION_ID is set and
- specified, all
- remaining processes in the
- /user/$USER/$XDG_SESSION_ID
- control group are killed and the control group
- is removed.
-
- If
- $XDG_SESSION_ID is set and
- specified, all
- remaining processes in the
- /user/$USER/$XDG_SESSION_ID
- control group are migrated to
- /user/$USER/user and
- the original control group is
- removed.
-
- If
- is specified, and
- no other user session control group remains,
- except
- /user/$USER/user,
- all remaining processes in the
- /user/$USER hierarchy
- are killed and the control group is removed.
-
- If
- is specified, and
- no process remains in the
- /user/$USER hierarchy the
- control group is removed.
-
- If the
- /user/$USER control group
- was removed the
+ If enabled in
+ logind.conf
+ 5,
+ all processes of the session are terminated. If
+ the last concurrent session of a user ends, his
+ user systemd instance will be terminated too,
+ and so will the user's slice
+ unit.
+
+ If the last concurrent session
+ of a user ends, the
$XDG_RUNTIME_DIR directory
- and all its contents are
- removed, too.
+ and all its contents are removed,
+ too.If the system was not booted up with systemd as
@@ -153,84 +121,49 @@
The following options are understood:
-
-
-
-
- Takes a boolean
- argument. If true, a new session is
- created: the
- $XDG_SESSION_ID
- environment variable is set and the
- login process moved to the
- /user/$USER/$XDG_SESSION_ID
- control group. It is recommended that
- all services which are directly created
- on the user's behalf set this
- option. Only for services that shall
- automatically be terminated when the
- user logs out completely, otherwise
- create-session=0
- should be set.
-
+
-
-
- Takes a boolean
- argument. If true, all processes
- created by the user during his session
- and from his session will be
- terminated when he logs out from his
- session.
+
+
+ Takes a string
+ argument which sets the session class.
+ The XDG_SESSION_CLASS environmental variable
+ takes precedence. One of
+ user,
+ greeter,
+ lock-screen or
+ background. See
+ sd_session_get_class3
+ for details about the session class.
-
-
- Takes a boolean
- argument. If true, all processes
- created by the user during his session
- and from his session will be
- terminated after he logged out
- completely. This is a weaker version
- of and is
- more friendly for users logged in more
- than once, as their processes are
- terminated only on their complete
- logout.
+
+
+ Takes a string
+ argument which sets the session type.
+ The XDG_SESSION_TYPE environmental
+ variable takes precedence. One of
+ unspecified,
+ tty,
+ x11,
+ wayland or
+ mir. See
+ sd_session_get_type3
+ for details about the session type.
-
-
- Takes a comma
- seperated list of cgroup controllers
- in which hierarchies a user/session
- cgroup will be created by defautl for
- each user logging in. If ommited,
- defaults to 'cpu', meaning that in
- addition to creating per-user and
- per-session cgroups in systemd's own
- hierarchy, groups are created in the
- 'cpu' hierarchy, on order to ensure
- that every use and every sessions gets
- an equal amount of CPU time,
- regardless how many processes a user
- or session might
- own.
+
+
+ Takes an optional
+ boolean argument. If yes or without
+ the argument, the module will log
+ debugging information as it
+ operates.
-
- Note that setting kill-user=1
- or even kill-session=1 will break
- tools like
- screen1.
-
- If the options are omitted they default to
- ,
- ,
- .
@@ -244,12 +177,12 @@
The following environment variables are set for the processes of the user's session:
-
+ $XDG_SESSION_IDA session identifier,
- suitable to be used in file names. The
+ suitable to be used in filenames. The
string itself should be considered
opaque, although often it is just the
audit session ID as reported by
@@ -278,13 +211,13 @@
in again, the directory contents will
have been lost in between, but
applications should not rely on this
- behaviour and must be able to deal with
+ behavior and must be able to deal with
stale files. To store session-private
- data in this directory the user should
+ data in this directory, the user should
include the value of $XDG_SESSION_ID
in the filename. This directory shall
be used for runtime file system
- objects such as AF_UNIX sockets,
+ objects such as AF_UNIX sockets,
FIFOs, PID files and similar. It is
guaranteed that this directory is
local and offers the greatest possible
@@ -292,6 +225,74 @@
operating system
provides.
+
+
+
+ The following environment variables are read by
+ the module and may be used by the PAM service to pass
+ metadata to the module:
+
+
+
+ $XDG_SESSION_TYPE
+
+ The session type. This
+ may be used instead of
+ on the
+ module parameter line, and is usually
+ preferred.
+
+
+
+ $XDG_SESSION_CLASS
+
+ The session class. This
+ may be used instead of
+ on the
+ module parameter line, and is usually
+ preferred.
+
+
+
+ $XDG_SESSION_DESKTOP
+
+ A single, short
+ identifier string for the desktop
+ environment. This may be used to
+ indicate the session desktop used,
+ where this applies and if this
+ information is available. For example:
+ GNOME, or
+ KDE. It is
+ recommended to use the same
+ identifiers and capitalization as for
+ $XDG_CURRENT_DESKTOP,
+ as defined by the Desktop
+ Entry
+ Specification. See
+ sd_session_get_desktop3
+ for more details.
+
+
+
+ $XDG_SEAT
+
+ The seat name the session
+ shall be registered for, if
+ any.
+
+
+
+ $XDG_VTNR
+
+ The VT number the
+ session shall be registered for, if
+ any. (Only applies to seats with a VT
+ available, such as
+ seat0)
+
+
@@ -305,17 +306,23 @@ account required pam_unix.so
password required pam_unix.so
session required pam_unix.so
session required pam_loginuid.so
-session required pam_systemd.so kill-user=1
+session required pam_systemd.so
See Also
- pam.conf5,
- pam.d5,
- pam8,
- pam_loginuid8,
- systemd1
+ systemd1,
+ systemd-logind.service8,
+ logind.conf5,
+ loginctl1,
+ pam.conf5,
+ pam.d5,
+ pam8,
+ pam_loginuid8,
+ systemd.scope5,
+ systemd.slice5,
+ systemd.service5