pam_systemdsystemdDeveloperLennartPoetteringlennart@poettering.netpam_systemd8pam_systemdRegister user sessions in the systemd login managerpam_systemd.soDescriptionpam_systemd registers user
sessions with the systemd login manager
systemd-logind.service8,
and hence the systemd control group hierarchy.On login, this module ensures the following:If it does not exist yet, the
user runtime directory
/run/user/$USER is
created and its ownership changed to the user
that is logging in.The
$XDG_SESSION_ID environment
variable is initialized. If auditing is
available and
pam_loginuid.so run before
this module (which is highly recommended), the
variable is initialized from the auditing
session id
(/proc/self/sessionid). Otherwise
an independent session counter is
used.A new systemd scope unit is
created for the session. If this is the first
concurrent session of the user, an implicit
slice below user.slice is
automatically created and the scope placed in
it. In instance of the system service
user@.service which runs
the systemd user manager
instance.On logout, this module ensures the following:If this is enabled, all
processes of the session are terminated. If
the last concurrent session of a user ends, his
user systemd instance will be terminated too,
and so will the user's slice
unit.If the last concurrent session
of a user ends, the
$XDG_RUNTIME_DIR directory
and all its contents are removed,
too.If the system was not booted up with systemd as
init system, this module does nothing and immediately
returns PAM_SUCCESS.OptionsThe following options are understood:Takes a string
argument which sets the session class.
The XDG_SESSION_CLASS environmental variable
takes precedence. One of
user,
greeter,
lock-screen or
background. See
sd_session_get_class3
for details about the session class.Takes a string
argument which sets the session type.
The XDG_SESSION_TYPE environmental
variable takes precedence. One of
unspecified,
tty,
x11 or
wayland. See
sd_session_get_type3
for details about the session type.Takes an optional
boolean argument. If yes or without
the argument, the module will log
debugging information as it
operates.Module Types ProvidedOnly is provided.EnvironmentThe following environment variables are set for the processes of the user's session:$XDG_SESSION_IDA session identifier,
suitable to be used in filenames. The
string itself should be considered
opaque, although often it is just the
audit session ID as reported by
/proc/self/sessionid. Each
ID will be assigned only once during
machine uptime. It may hence be used
to uniquely label files or other
resources of this
session.$XDG_RUNTIME_DIRPath to a user-private
user-writable directory that is bound
to the user login time on the
machine. It is automatically created
the first time a user logs in and
removed on his final logout. If a user
logs in twice at the same time, both
sessions will see the same
$XDG_RUNTIME_DIR
and the same contents. If a user logs
in once, then logs out again, and logs
in again, the directory contents will
have been lost in between, but
applications should not rely on this
behavior and must be able to deal with
stale files. To store session-private
data in this directory, the user should
include the value of $XDG_SESSION_ID
in the filename. This directory shall
be used for runtime file system
objects such as AF_UNIX sockets,
FIFOs, PID files and similar. It is
guaranteed that this directory is
local and offers the greatest possible
file system feature set the
operating system
provides.Example#%PAM-1.0
auth required pam_unix.so
auth required pam_nologin.so
account required pam_unix.so
password required pam_unix.so
session required pam_unix.so
session required pam_loginuid.so
session required pam_systemd.soSee Alsosystemd1,
systemd-logind.service8,
logind.conf5,
loginctl1,
pam.conf5,
pam.d5,
pam8,
pam_loginuid8,
systemd.scope5,
systemd.slice5,
systemd.service5