mirror of
https://git.proxmox.com/git/systemd
synced 2026-01-17 07:16:45 +00:00
120 lines
11 KiB
HTML
120 lines
11 KiB
HTML
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>pam_systemd</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><style>
|
|
a.headerlink {
|
|
color: #c60f0f;
|
|
font-size: 0.8em;
|
|
padding: 0 4px 0 4px;
|
|
text-decoration: none;
|
|
visibility: hidden;
|
|
}
|
|
|
|
a.headerlink:hover {
|
|
background-color: #c60f0f;
|
|
color: white;
|
|
}
|
|
|
|
h1:hover > a.headerlink, h2:hover > a.headerlink, h3:hover > a.headerlink, dt:hover > a.headerlink {
|
|
visibility: visible;
|
|
}
|
|
</style><a href="index.html">Index </a>·
|
|
<a href="systemd.directives.html">Directives </a>·
|
|
<a href="../python-systemd/index.html">Python </a>·
|
|
<a href="../libudev/index.html">libudev </a>·
|
|
<a href="../libudev/index.html">gudev </a><span style="float:right">systemd 208</span><hr><div class="refentry"><a name="pam_systemd"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pam_systemd — Register user sessions in the systemd login manager</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><p><code class="filename">pam_systemd.so</code></p></div><div class="refsect1"><a name="idm274692159456"></a><h2 id="Description">Description<a class="headerlink" title="Permalink to this headline" href="#Description">¶</a></h2><p><span class="command"><strong>pam_systemd</strong></span> registers user
|
|
sessions with the systemd login manager
|
|
<a href="systemd-logind.service.html"><span class="citerefentry"><span class="refentrytitle">systemd-logind.service</span>(8)</span></a>,
|
|
and hence the systemd control group hierarchy.</p><p>On login, this module ensures the following:</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>If it does not exist yet, the
|
|
user runtime directory
|
|
<code class="filename">/run/user/$USER</code> is
|
|
created and its ownership changed to the user
|
|
that is logging in.</p></li><li class="listitem"><p>The
|
|
<code class="varname">$XDG_SESSION_ID</code> environment
|
|
variable is initialized. If auditing is
|
|
available and
|
|
<span class="command"><strong>pam_loginuid.so</strong></span> run before
|
|
this module (which is highly recommended), the
|
|
variable is initialized from the auditing
|
|
session id
|
|
(<code class="filename">/proc/self/sessionid</code>). Otherwise
|
|
an independent session counter is
|
|
used.</p></li><li class="listitem"><p>A new systemd scope unit is
|
|
created for the session. If this is the first
|
|
concurrent session of the user, an implicit
|
|
slice below <code class="filename">user.slice</code> is
|
|
automatically created and the scope placed in
|
|
it. In instance of the system service
|
|
<code class="filename">user@.service</code> which runs
|
|
the systemd user manager
|
|
instance.</p></li></ol></div><p>On logout, this module ensures the following:</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>If this is enabled, all
|
|
processes of the session are terminated. If
|
|
the last concurrent session of a user ends, his
|
|
user systemd instance will be terminated too,
|
|
and so will the user's slice
|
|
unit.</p></li><li class="listitem"><p>If the last concurrent session
|
|
of a user ends, the
|
|
<code class="varname">$XDG_RUNTIME_DIR</code> directory
|
|
and all its contents are removed,
|
|
too.</p></li></ol></div><p>If the system was not booted up with systemd as
|
|
init system, this module does nothing and immediately
|
|
returns PAM_SUCCESS.</p></div><div class="refsect1"><a name="idm274692145040"></a><h2 id="Options">Options<a class="headerlink" title="Permalink to this headline" href="#Options">¶</a></h2><p>The following options are understood:</p><div class="variablelist"><dl class="variablelist"><dt id="class="><span class="term"><code class="option">class=</code></span><a class="headerlink" title="Permalink to this term" href="#class=">¶</a></dt><dd><p>Takes a string
|
|
argument which sets the session class.
|
|
The XDG_SESSION_CLASS environmental variable
|
|
takes precedence.</p></dd><dt id="debug="><span class="term"><code class="option">debug=</code></span><a class="headerlink" title="Permalink to this term" href="#debug=">¶</a></dt><dd><p>Takes a boolean
|
|
argument. If yes, the module will log
|
|
debugging information as it
|
|
operates.</p></dd></dl></div></div><div class="refsect1"><a name="idm274696098080"></a><h2 id="Module Types Provided">Module Types Provided<a class="headerlink" title="Permalink to this headline" href="#Module%20Types%20Provided">¶</a></h2><p>Only <code class="option">session</code> is provided.</p></div><div class="refsect1"><a name="idm274696096416"></a><h2 id="Environment">Environment<a class="headerlink" title="Permalink to this headline" href="#Environment">¶</a></h2><p>The following environment variables are set for the processes of the user's session:</p><div class="variablelist"><dl class="variablelist"><dt id="$XDG_SESSION_ID"><span class="term"><code class="varname">$XDG_SESSION_ID</code></span><a class="headerlink" title="Permalink to this term" href="#%24XDG_SESSION_ID">¶</a></dt><dd><p>A session identifier,
|
|
suitable to be used in filenames. The
|
|
string itself should be considered
|
|
opaque, although often it is just the
|
|
audit session ID as reported by
|
|
<code class="filename">/proc/self/sessionid</code>. Each
|
|
ID will be assigned only once during
|
|
machine uptime. It may hence be used
|
|
to uniquely label files or other
|
|
resources of this
|
|
session.</p></dd><dt id="$XDG_RUNTIME_DIR"><span class="term"><code class="varname">$XDG_RUNTIME_DIR</code></span><a class="headerlink" title="Permalink to this term" href="#%24XDG_RUNTIME_DIR">¶</a></dt><dd><p>Path to a user-private
|
|
user-writable directory that is bound
|
|
to the user login time on the
|
|
machine. It is automatically created
|
|
the first time a user logs in and
|
|
removed on his final logout. If a user
|
|
logs in twice at the same time, both
|
|
sessions will see the same
|
|
<code class="varname">$XDG_RUNTIME_DIR</code>
|
|
and the same contents. If a user logs
|
|
in once, then logs out again, and logs
|
|
in again, the directory contents will
|
|
have been lost in between, but
|
|
applications should not rely on this
|
|
behavior and must be able to deal with
|
|
stale files. To store session-private
|
|
data in this directory, the user should
|
|
include the value of <code class="varname">$XDG_SESSION_ID</code>
|
|
in the filename. This directory shall
|
|
be used for runtime file system
|
|
objects such as <code class="constant">AF_UNIX</code> sockets,
|
|
FIFOs, PID files and similar. It is
|
|
guaranteed that this directory is
|
|
local and offers the greatest possible
|
|
file system feature set the
|
|
operating system
|
|
provides.</p></dd></dl></div></div><div class="refsect1"><a name="idm274696086848"></a><h2 id="Example">Example<a class="headerlink" title="Permalink to this headline" href="#Example">¶</a></h2><pre class="programlisting">#%PAM-1.0
|
|
auth required pam_unix.so
|
|
auth required pam_nologin.so
|
|
account required pam_unix.so
|
|
password required pam_unix.so
|
|
session required pam_unix.so
|
|
session required pam_loginuid.so
|
|
session required pam_systemd.so</pre></div><div class="refsect1"><a name="idm274696077792"></a><h2 id="See Also">See Also<a class="headerlink" title="Permalink to this headline" href="#See%20Also">¶</a></h2><p>
|
|
<a href="systemd.html"><span class="citerefentry"><span class="refentrytitle">systemd</span>(1)</span></a>,
|
|
<a href="systemd-logind.service.html"><span class="citerefentry"><span class="refentrytitle">systemd-logind.service</span>(8)</span></a>,
|
|
<a href="logind.conf.html"><span class="citerefentry"><span class="refentrytitle">logind.conf</span>(5)</span></a>,
|
|
<a href="loginctl.html"><span class="citerefentry"><span class="refentrytitle">loginctl</span>(1)</span></a>,
|
|
<a href="pam.conf.html"><span class="citerefentry"><span class="refentrytitle">pam.conf</span>(5)</span></a>,
|
|
<a href="pam.d.html"><span class="citerefentry"><span class="refentrytitle">pam.d</span>(5)</span></a>,
|
|
<a href="pam.html"><span class="citerefentry"><span class="refentrytitle">pam</span>(8)</span></a>,
|
|
<a href="pam_loginuid.html"><span class="citerefentry"><span class="refentrytitle">pam_loginuid</span>(8)</span></a>,
|
|
<a href="systemd.scope.html"><span class="citerefentry"><span class="refentrytitle">systemd.scope</span>(5)</span></a>,
|
|
<a href="systemd.slice.html"><span class="citerefentry"><span class="refentrytitle">systemd.slice</span>(5)</span></a>,
|
|
<a href="systemd.service.html"><span class="citerefentry"><span class="refentrytitle">systemd.service</span>(5)</span></a>
|
|
</p></div></div></body></html>
|