mirror of
https://github.com/systemd/systemd.git
synced 2024-11-27 20:23:36 +08:00
195 lines
9.8 KiB
XML
195 lines
9.8 KiB
XML
<?xml version="1.0"?>
|
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
|
|
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
|
|
|
|
<refentry id="user@.service">
|
|
<refentryinfo>
|
|
<title>user@.service</title>
|
|
<productname>systemd</productname>
|
|
</refentryinfo>
|
|
|
|
<refmeta>
|
|
<refentrytitle>user@.service</refentrytitle>
|
|
<manvolnum>5</manvolnum>
|
|
</refmeta>
|
|
|
|
<refnamediv>
|
|
<refname>user@.service</refname>
|
|
<refname>user-runtime-dir@.service</refname>
|
|
<refname>systemd-user-runtime-dir</refname>
|
|
<refpurpose>System units to start the user manager</refpurpose>
|
|
</refnamediv>
|
|
|
|
<refsynopsisdiv>
|
|
<para><filename>user@<replaceable>UID</replaceable>.service</filename></para>
|
|
<para><filename>user-runtime-dir@<replaceable>UID</replaceable>.service</filename></para>
|
|
<para><filename>/usr/lib/systemd/systemd-user-runtime-dir</filename></para>
|
|
<para><filename>user-<replaceable>UID</replaceable>.slice</filename></para>
|
|
</refsynopsisdiv>
|
|
|
|
<refsect1>
|
|
<title>Description</title>
|
|
|
|
<para>The <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
|
system manager (PID 1) starts user manager instances as
|
|
<filename>user@<replaceable>UID</replaceable>.service</filename>, with the user's numerical UID used as
|
|
the instance identifier. These instances use the same executable as the system manager, but running in a
|
|
mode where it starts a different set of units. Each <command>systemd --user</command> instance manages a
|
|
hierarchy of units specific to that user. See
|
|
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> for a
|
|
discussion of units and
|
|
<citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry> for a
|
|
list of units that form the basis of the unit hierarchies of system and user units.</para>
|
|
|
|
<para><filename>user@<replaceable>UID</replaceable>.service</filename> is accompanied by the
|
|
system unit <filename>user-runtime-dir@<replaceable>UID</replaceable>.service</filename>, which
|
|
creates the user's runtime directory
|
|
<filename>/run/user/<replaceable>UID</replaceable></filename>, and then removes it when this
|
|
unit is stopped. <filename>user-runtime-dir@<replaceable>UID</replaceable>.service</filename>
|
|
executes the <filename>systemd-user-runtime-dir</filename> binary to do the actual work.</para>
|
|
|
|
<para>User processes may be started by the <filename>user@.service</filename> instance, in which
|
|
case they will be part of that unit in the system hierarchy. They may also be started elsewhere,
|
|
for example by
|
|
<citerefentry project='die-net'><refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum></citerefentry> or a
|
|
display manager like <command>gdm</command>, in which case they form a .scope unit (see
|
|
<citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
|
|
Both <filename>user@<replaceable>UID</replaceable>.service</filename> and the scope units are
|
|
collected under the <filename>user-<replaceable>UID</replaceable>.slice</filename>.</para>
|
|
|
|
<para>Individual <filename>user-<replaceable>UID</replaceable>.slice</filename> slices are
|
|
collected under <filename>user.slice</filename>, see
|
|
<citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Controlling resources for logged-in users</title>
|
|
|
|
<para>Options that control resources available to logged-in users can be configured at a few
|
|
different levels. As described in the previous section, <filename>user.slice</filename> contains
|
|
processes of all users, so any resource limits on that slice apply to all users together. The
|
|
usual way to configure them would be through drop-ins, e.g. <filename
|
|
index="false">/etc/systemd/system/user.slice.d/resources.conf</filename>.
|
|
</para>
|
|
|
|
<para>The processes of a single user are collected under
|
|
<filename>user-<replaceable>UID</replaceable>.slice</filename>. Resource limits for that user
|
|
can be configured through drop-ins for that unit, e.g. <filename
|
|
index="false">/etc/systemd/system/user-1000.slice.d/resources.conf</filename>. If the limits
|
|
should apply to all users instead, they may be configured through drop-ins for the truncated
|
|
unit name, <filename>user-.slice</filename>. For example, configuration in <filename
|
|
index="false">/etc/systemd/system/user-.slice.d/resources.conf</filename> is included in all
|
|
<filename>user-<replaceable>UID</replaceable>.slice</filename> units, see
|
|
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
|
for a discussion of the drop-in mechanism.</para>
|
|
|
|
<para>When a user logs in and a .scope unit is created for the session (see previous section),
|
|
the creation of the scope may be managed through
|
|
<citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
|
|
This PAM module communicates with
|
|
<citerefentry><refentrytitle>systemd-logind</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
|
to create the session scope and provide access to hardware resources. Resource limits for the
|
|
scope may be configured through the PAM module configuration, see
|
|
<citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
|
|
Configuring them through the normal unit configuration is also possible, but since
|
|
the name of the slice unit is generally unpredictable, this is less useful.</para>
|
|
|
|
<para>In general any resources that apply to units may be set for
|
|
<filename>user@<replaceable>UID</replaceable>.service</filename> and the slice
|
|
units discussed above, see
|
|
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
|
for an overview.</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Examples</title>
|
|
<example>
|
|
<title>Hierarchy of control groups with two logged in users</title>
|
|
|
|
<programlisting>$ systemd-cgls
|
|
Control group /:
|
|
-.slice
|
|
├─user.slice
|
|
│ ├─user-1000.slice
|
|
│ │ ├─user@1000.service
|
|
│ │ │ ├─pulseaudio.service
|
|
│ │ │ │ └─2386 /usr/bin/pulseaudio --daemonize=no
|
|
│ │ │ └─gnome-terminal-server.service
|
|
│ │ │ └─init.scope
|
|
│ │ │ ├─ 4127 /usr/libexec/gnome-terminal-server
|
|
│ │ │ └─ 4198 zsh
|
|
│ │ …
|
|
│ │ └─session-4.scope
|
|
│ │ ├─ 1264 gdm-session-worker [pam/gdm-password]
|
|
│ │ ├─ 2339 /usr/bin/gnome-shell
|
|
│ │ …
|
|
│ │ ├─session-19.scope
|
|
│ │ ├─6497 sshd: zbyszek [priv]
|
|
│ │ ├─6502 sshd: zbyszek@pts/6
|
|
│ │ ├─6509 -zsh
|
|
│ │ └─6602 systemd-cgls --no-pager
|
|
│ …
|
|
│ └─user-1001.slice
|
|
│ ├─session-20.scope
|
|
│ │ ├─6675 sshd: guest [priv]
|
|
│ │ ├─6708 sshd: guest@pts/6
|
|
│ │ └─6717 -bash
|
|
│ └─user@1001.service
|
|
│ ├─init.scope
|
|
│ │ ├─6680 /usr/lib/systemd/systemd --user
|
|
│ │ └─6688 (sd-pam)
|
|
│ └─sleep.service
|
|
│ └─6706 /usr/bin/sleep 30
|
|
…</programlisting>
|
|
<para>User with UID 1000 is logged in using <command>gdm</command> (<filename
|
|
index="false">session-4.scope</filename>) and
|
|
<citerefentry project='die-net'><refentrytitle>ssh</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
|
(<filename index="false">session-19.scope</filename>), and also has a user manager instance
|
|
running (<filename index="false">user@1000.service</filename>). User with UID 1001 is logged
|
|
in using <command>ssh</command> (<filename index="false">session-20.scope</filename>) and
|
|
also has a user manager instance running (<filename
|
|
index="false">user@1001.service</filename>). Those are all (leaf) system units, and form
|
|
part of the slice hierarchy, with <filename index="false">user-1000.slice</filename> and
|
|
<filename index="false">user-1001.slice</filename> below <filename
|
|
index="false">user.slice</filename>. User units are visible below the
|
|
<filename>user@.service</filename> instances (<filename
|
|
index="false">pulseaudio.service</filename>, <filename
|
|
index="false">gnome-terminal-server.service</filename>, <filename
|
|
index="false">init.scope</filename>, <filename index="false">sleep.service</filename>).
|
|
</para>
|
|
</example>
|
|
|
|
<example>
|
|
<title>Default user resource limits</title>
|
|
|
|
<programlisting>$ systemctl cat user-1000.slice
|
|
# /usr/lib/systemd/system/user-.slice.d/10-defaults.conf
|
|
# …
|
|
[Unit]
|
|
Description=User Slice of UID %j
|
|
After=systemd-user-sessions.service
|
|
|
|
[Slice]
|
|
TasksMax=33%</programlisting>
|
|
<para>The <filename>user-<replaceable>UID</replaceable>.slice</filename> units by default don't
|
|
have a unit file. The resource limits are set through a drop-in, which can be easily replaced
|
|
or extended following standard drop-in mechanisms discussed in the first section.</para>
|
|
</example>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>See Also</title>
|
|
<para>
|
|
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
|
|
<citerefentry project='man-pages'><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
|
</para>
|
|
</refsect1>
|
|
</refentry>
|