From 66a5b902ffb9f71554e449134bf36d507b81d223 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 9 Feb 2017 18:40:42 +0100 Subject: man: update pam_systemd and systemd-logind man pages a bit This builds on @utezduyar's #4640, but extends on it. Fixes: #4550 Replaces: #4640 --- man/pam_systemd.xml | 39 ++++++++++++++++----------------------- man/systemd-logind.service.xml | 10 ++++++++-- 2 files changed, 24 insertions(+), 25 deletions(-) (limited to 'man') diff --git a/man/pam_systemd.xml b/man/pam_systemd.xml index ddda81bc90..6e1aa0dd9a 100644 --- a/man/pam_systemd.xml +++ b/man/pam_systemd.xml @@ -59,29 +59,23 @@ systemd-logind.service8, and hence the systemd control group hierarchy. - On login, this module ensures the following: + On login, this module — in conjunction with systemd-logind.service — ensures the + following: - If it does not exist yet, the user runtime - directory /run/user/$USER is created and - its ownership changed to the user that is logging - in. - - The $XDG_SESSION_ID - environment variable is initialized. If auditing is available - and pam_loginuid.so was run before this - module (which is highly recommended), the variable is - initialized from the auditing session id - (/proc/self/sessionid). Otherwise, an + If it does not exist yet, the user runtime directory /run/user/$UID is + either created or mounted as new tmpfs file system with quota applied, and its ownership + changed to the user that is logging in. + + The $XDG_SESSION_ID environment variable is initialized. If auditing is + available and pam_loginuid.so was run before this module (which is highly recommended), the + variable is initialized from the auditing session id (/proc/self/sessionid). Otherwise, an independent session counter is used. - A new systemd scope unit is created for the - session. If this is the first concurrent session of the user, an - implicit slice below user.slice is - automatically created and the scope placed into it. An instance - of the system service user@.service, which - runs the systemd user manager instance, is started. - + A new systemd scope unit is created for the session. If this is the first concurrent session of + the user, an implicit per-user slice unit below user.slice is automatically created and the + scope placed into it. An instance of the system service user@.service, which runs the + systemd user manager instance, is started. On logout, this module ensures the following: @@ -89,10 +83,9 @@ If enabled in logind.conf - 5, all processes of the - session are terminated. If the last concurrent session of a user - ends, the user's systemd instance will be terminated too, and so - will the user's slice unit. + 5 (KillUserProcesses=), all processes of the session are + terminated. If the last concurrent session of a user ends, the user's systemd instance will be terminated too, + and so will the user's slice unit. If the last concurrent session of a user ends, the $XDG_RUNTIME_DIR directory and all its diff --git a/man/systemd-logind.service.xml b/man/systemd-logind.service.xml index f0bdb1c756..9288f48f07 100644 --- a/man/systemd-logind.service.xml +++ b/man/systemd-logind.service.xml @@ -60,8 +60,14 @@ manages user logins. It is responsible for: - Keeping track of users and sessions, their - processes and their idle state + Keeping track of users and sessions, their processes and their idle state. This is implemented by + allocating a systemd slice unit for each user below user.slice, and a scope unit below it + for each concurrent session of a user. Also, a per-user service manager is started as system service instance of + user@.service for each user logged in. + + Generating and managing session IDs. If auditing is available and an audit session ID is set for + a session already, the session ID is initialized from it. Otherwise, an independent session counter is + used. Providing PolicyKit-based access for users to operations such as system shutdown or sleep -- cgit v1.2.3-54-g00ecf