From 160cd5c9aa2301892e13950015de7968c764340d Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 24 Jun 2010 00:11:04 +0200 Subject: man: add more man pages --- man/pam_systemd.xml | 296 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 296 insertions(+) create mode 100644 man/pam_systemd.xml (limited to 'man/pam_systemd.xml') diff --git a/man/pam_systemd.xml b/man/pam_systemd.xml new file mode 100644 index 0000000000..e790dd3c3d --- /dev/null +++ b/man/pam_systemd.xml @@ -0,0 +1,296 @@ + + + + + + + + + pam_systemd + systemd + + + + Developer + Lennart + Poettering + lennart@poettering.net + + + + + + pam_systemd + 8 + + + + pam_systemd + Register user sessions in the systemd control group hierarchy + + + + + pam_systemd.so + + + + + Description + + pam_systemd registers user + sessions in the systemd control group + hierarchy. + + On login, this module ensures the following: + + + If it does not exist yet the + user runtime directory + /var/run/user/$USER is + created and its ownership changed to the user + that is logging in. + + If + is set the + $XDG_SESSION_ID environment + variable is initialized. If auditing is + available and + pam_loginuid.so run before + this module (which es recommended), the + variable is initialized from the auditing + session id + (/proc/self/sessionid). Otherwise + an independent session counter is + used. + + If + is set a new + control group + /user/$USER/$XDG_SESSION_ID + is created and the login process moved into + it. + + If + is set a new + control group + /user/$USER/no-session + is created and the login process moved into + it. + + + + On logout, this module ensures the following: + + + If + $XDG_SESSION_ID is set and + specified, all + remaining processes in the + /user/$USER/$XDG_SESSION_ID + control group are killed and the control group + removed. + + If + $XDG_SESSION_ID is set and + specified, all + remaining processes in the + /user/$USER/$XDG_SESSION_ID + control group are migrated to + /user/$USER/no-session and + the original control group + removed. + + If + is specified, and + no other user session control group remains + except + /user/$USER/no-session + all remaining processes in the + /user/$USER hierarchy + are killed and the control group removed. + + If + is specified, and + no process remains in the + /user/$USER hierarchy the + control group is removed. + + If the + /user/$USER control group + was removed the + $XDG_RUNTIME_DIR directory + and all its contents are + removed, too. + + + If the system was not booted up with systemd as + init system this module does nothing and immediately + returns PAM_SUCCESS. + + + + + Options + + The following options are understood: + + + + + + Takes a boolean + argument. If true, a new session is + created: the + $XDG_SESSION_ID + environment variable is set and the + login process moved to the + /user/$USER/$XDG_SESSION_ID + control group. It is recommended that + all services that are directly created + on the user's behalf set this + option. Only for services that shall + automatically be terminated when the + user logs out completely otherwise, + create-session=0 + should be set. + + + + + + Takes a boolean + argument. If true, all processes + created by the user during his session + and from his session will be + terminated when he logs out from his + session. + + + + + + Takes a boolean + argument. If true, all processes + created by the user during his session + and from his session will be + terminated after he logged out + completely. This is a weaker version + of and is + more friendly for users logged in more + than once as their processes are + terminated only on their complete + logout. + + + + Note that setting kill-user=1 + or even kill-session=1 will break + tools like + screen1. + + + + + Module Types Provided + + Only is provided. + + + + Environment + + + + $XDG_SESSION_ID + + A session identifier, + suitable to be used in file names. The + string itself should be considered + opaque, although often it is just the + audit session ID as reported by + /proc/self/sessionid. Each + ID will be assigned only once during + machine uptime. It may hence be used + to uniquely label files or other + resources of this + session. + + + + $XDG_RUNTIME_DIR + + Path to a user-private + user-writable directory that is bound + to the user login time on the + machine. It is automatically created + the first time a user logs in and + removed on his final logout. If a user + logs in twice at the same time, both + sessions will see the same + $XDG_RUNTIME_DIR + and the same contents. If a user logs + in once, then logs out again, and logs + in again, the directory contents will + have been lost in between, but + applications should not rely on this + behaviour and must be able to deal with + stale files. To store session-private + data in this directory the user should + include the value of $XDG_SESSION_ID + in the filename. This directory shall + be used for runtime file system + objects such as AF_UNIX sockets, + FIFOs, PID files and similar. It is + guaranteed that this directory is + local and offers the greatest possible + file system feature set the + operating system + provides. + + + + + + Example + + #%PAM-1.0 +auth required pam_unix.so +auth required pam_nologin.so +account required pam_unix.so +password required pam_unix.so +session required pam_unix.so +session required pam_loginuid.so +session required pam_systemd.so create-session=1 kill-user=1 + + + + See Also + + pam.conf5, + pam.d5, + pam8, + pam_loginuid8, + systemd1 + + + + -- cgit v1.2.3-54-g00ecf