mirrors/systemd
0
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-11-23 18:23:32 +08:00
Code Issues Packages Projects Releases Wiki Activity

man: update pam_systemd documentation to current state of the code

Browse Source
This commit is contained in:
Lennart Poettering 2013-07-19 18:52:09 +02:00
parent 7f0386f62c
commit 3e2f69b779
2 changed files with 25 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
TODO
View File

@ -46,7 +46,7 @@ CGroup Rework Completion:
* introduce high-level settings for RT budget, swappiness * introduce high-level settings for RT budget, swappiness
* wiki: document new bus APIs of PID 1 (transient units, Reloading signal) * wiki: document new bus APIs of PID 1 (transient units, Reloading signal)
* review: scope units, slice units, pam_system, systemctl commands * review: scope units, slice units, systemctl commands
* Send SIGHUP and SIGTERM in session scopes * Send SIGHUP and SIGTERM in session scopes

138
man/pam_systemd.xml
View File

@ -80,29 +80,32 @@
an independent session counter is an independent session counter is
used.</para></listitem> used.</para></listitem>
<listitem><para>A new control group <listitem><para>A new systemd scope unit is
<filename>/user/$USER/$XDG_SESSION_ID</filename> created for the session. If this is the first
is created and the login process moved into concurrent session of the user an implicit
it.</para></listitem> slice below <filename>user.slice</filename> is
automatically created and the scope placed in
it. In instance of the system service
<filename>user@.service</filename> which runt
the systemd user manager
instance.</para></listitem>
</orderedlist> </orderedlist>
<para>On logout, this module ensures the following:</para> <para>On logout, this module ensures the following:</para>
<orderedlist> <orderedlist>
<listitem><para>If <listitem><para>If this is enabled all
<varname>$XDG_SESSION_ID</varname> is set and processes of the session are terminated. If
<option>kill-session-processes=1</option> specified, all the last concurrent session of a user ends his
remaining processes in the user systemd instance will be terminated too,
<filename>/user/$USER/$XDG_SESSION_ID</filename> and so will the user's slice
control group are killed and the control group unit.</para></listitem>
is removed.</para></listitem>
<listitem><para>If the last subgroup of the <listitem><para>If the las concurrent session
<filename>/user/$USER</filename> control group of a user ends the
was removed the
<varname>$XDG_RUNTIME_DIR</varname> directory <varname>$XDG_RUNTIME_DIR</varname> directory
and all its contents are and all its contents are removed,
removed, too.</para></listitem> too.</para></listitem>
</orderedlist> </orderedlist>
<para>If the system was not booted up with systemd as <para>If the system was not booted up with systemd as
@ -117,79 +120,6 @@
<para>The following options are understood:</para> <para>The following options are understood:</para>
<variablelist class='pam-directives'> <variablelist class='pam-directives'>
<varlistentry>
<term><option>kill-session-processes=</option></term>
<listitem><para>Takes a boolean
argument. If true, all processes
created by the user during his session
and from his session will be
terminated when he logs out from his
session.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>kill-only-users=</option></term>
<listitem><para>Takes a comma-separated
list of usernames or
numeric user IDs as argument. If this
option is used, the effect of the
<option>kill-session-processes=</option> options
will apply only to the listed
users. If this option is not used, the
option applies to all local
users. Note that
<option>kill-exclude-users=</option>
takes precedence over this list and is
hence subtracted from the list
specified here.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>kill-exclude-users=</option></term>
<listitem><para>Takes a comma-separated
list of usernames or
numeric user IDs as argument. Users
listed in this argument will not be
subject to the effect of
<option>kill-session-processes=</option>.
Note that this option takes precedence
over
<option>kill-only-users=</option>, and
hence whatever is listed for
<option>kill-exclude-users=</option>
is guaranteed to never be killed by
this PAM module, independent of any
other configuration
setting.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>controllers=</option></term>
<listitem><para>Takes a comma-separated
list of control group
controllers in which hierarchies a
user/session control group will be
created by default for each user
logging in, in addition to the control
group in the named 'name=systemd'
hierarchy. If omitted, defaults to an
empty list.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>reset-controllers=</option></term>
<listitem><para>Takes a comma-separated
list of control group
controllers in which hierarchies the
logged in processes will be reset to
the root control
group.</para></listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><option>class=</option></term> <term><option>class=</option></term>
@ -209,29 +139,6 @@
operates.</para></listitem> operates.</para></listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
<para>Note that setting
<varname>kill-session-processes=1</varname> will break tools
like
<citerefentry><refentrytitle>screen</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
<para>Note that
<varname>kill-session-processes=1</varname> is a
stricter version of
<varname>KillUserProcesses=1</varname> which may be
configured system-wide in
<citerefentry><refentrytitle>logind.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>. The
former kills processes of a session as soon as it
ends; the latter kills processes as soon as the last
session of the user ends.</para>
<para>If the options are omitted they default to
<option>kill-session-processes=0</option>,
<option>kill-only-users=</option>,
<option>kill-exclude-users=</option>,
<option>controllers=</option>,
<option>reset-controllers=</option>,
<option>debug=no</option>.</para>
</refsect1> </refsect1>
<refsect1> <refsect1>
@ -306,7 +213,7 @@ account required pam_unix.so
password required pam_unix.so password required pam_unix.so
session required pam_unix.so session required pam_unix.so
session required pam_loginuid.so session required pam_loginuid.so
session required pam_systemd.so kill-session-processes=1</programlisting> session required pam_systemd.so</programlisting>
</refsect1> </refsect1>
<refsect1> <refsect1>
@ -319,7 +226,10 @@ session required pam_systemd.so kill-session-processes=1</programlisting>
<citerefentry><refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>pam_loginuid</refentrytitle><manvolnum>8</manvolnum></citerefentry> <citerefentry><refentrytitle>pam_loginuid</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
</para> </para>
</refsect1> </refsect1>