2010-06-24 02:11:04 +04:00
<?xml version='1.0'?> <!-- * - nxml - * -->
< !DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!--
This file is part of systemd.
Copyright 2010 Lennart Poettering
systemd is free software; you can redistribute it and/or modify it
2012-04-12 02:20:58 +04:00
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
2010-06-24 02:11:04 +04:00
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
2012-04-12 02:20:58 +04:00
Lesser General Public License for more details.
2010-06-24 02:11:04 +04:00
2012-04-12 02:20:58 +04:00
You should have received a copy of the GNU Lesser General Public License
2010-06-24 02:11:04 +04:00
along with systemd; If not, see <http: / / w w w . g n u . o r g / l i c e n s e s /> .
-->
2013-03-04 22:16:38 +04:00
<refentry id= "pam_systemd" conditional= 'HAVE_PAM' >
2010-06-24 02:11:04 +04:00
<refentryinfo >
<title > pam_systemd</title>
<productname > systemd</productname>
<authorgroup >
<author >
<contrib > Developer</contrib>
<firstname > Lennart</firstname>
<surname > Poettering</surname>
<email > lennart@poettering.net</email>
</author>
</authorgroup>
</refentryinfo>
<refmeta >
<refentrytitle > pam_systemd</refentrytitle>
<manvolnum > 8</manvolnum>
</refmeta>
<refnamediv >
<refname > pam_systemd</refname>
2012-06-01 02:14:07 +04:00
<refpurpose > Register user sessions in the systemd login manager</refpurpose>
2010-06-24 02:11:04 +04:00
</refnamediv>
<refsynopsisdiv >
2013-02-14 07:46:37 +04:00
<para > <filename > pam_systemd.so</filename> </para>
2010-06-24 02:11:04 +04:00
</refsynopsisdiv>
<refsect1 >
<title > Description</title>
<para > <command > pam_systemd</command> registers user
2013-09-27 02:05:07 +04:00
sessions with the systemd login manager
2012-06-01 02:14:07 +04:00
<citerefentry > <refentrytitle > systemd-logind.service</refentrytitle> <manvolnum > 8</manvolnum> </citerefentry> ,
and hence the systemd control group hierarchy.</para>
2010-06-24 02:11:04 +04:00
<para > On login, this module ensures the following:</para>
<orderedlist >
2010-06-25 02:04:29 +04:00
<listitem > <para > If it does not exist yet, the
2010-06-24 02:11:04 +04:00
user runtime directory
2011-04-01 17:25:46 +04:00
<filename > /run/user/$USER</filename> is
2010-06-24 02:11:04 +04:00
created and its ownership changed to the user
that is logging in.</para> </listitem>
2011-06-29 04:46:20 +04:00
<listitem > <para > The
2010-06-24 02:11:04 +04:00
<varname > $XDG_SESSION_ID</varname> environment
variable is initialized. If auditing is
available and
2014-10-23 21:17:19 +04:00
<command > pam_loginuid.so</command> was run before
2010-06-25 02:04:29 +04:00
this module (which is highly recommended), the
2010-06-24 02:11:04 +04:00
variable is initialized from the auditing
session id
2014-10-23 21:17:19 +04:00
(<filename > /proc/self/sessionid</filename> ). Otherwise,
2010-06-24 02:11:04 +04:00
an independent session counter is
used.</para> </listitem>
2013-07-19 20:52:09 +04:00
<listitem > <para > A new systemd scope unit is
created for the session. If this is the first
2013-07-21 08:53:14 +04:00
concurrent session of the user, an implicit
2013-07-19 20:52:09 +04:00
slice below <filename > user.slice</filename> is
2014-10-23 21:17:19 +04:00
automatically created and the scope placed into
it. An instance of the system service
<filename > user@.service</filename> , which runs
the systemd user manager instance, is started.
</para> </listitem>
2010-06-24 02:11:04 +04:00
</orderedlist>
<para > On logout, this module ensures the following:</para>
<orderedlist >
2014-10-23 21:17:19 +04:00
<listitem > <para > If enabled in
<citerefentry > <refentrytitle > logind.conf</refentrytitle>
2014-10-24 14:02:44 +04:00
<manvolnum > 5</manvolnum> </citerefentry> , all
processes of the session are terminated. If
the last concurrent session of a user ends,
2014-10-24 14:30:43 +04:00
the user's systemd instance will be
2014-10-24 14:02:44 +04:00
terminated too, and so will the user's slice
2013-07-19 20:52:09 +04:00
unit.</para> </listitem>
2013-07-21 08:53:14 +04:00
<listitem > <para > If the last concurrent session
of a user ends, the
2010-06-24 02:11:04 +04:00
<varname > $XDG_RUNTIME_DIR</varname> directory
2013-07-19 20:52:09 +04:00
and all its contents are removed,
too.</para> </listitem>
2010-06-24 02:11:04 +04:00
</orderedlist>
<para > If the system was not booted up with systemd as
2010-06-25 02:04:29 +04:00
init system, this module does nothing and immediately
2010-06-24 02:11:04 +04:00
returns PAM_SUCCESS.</para>
</refsect1>
<refsect1 >
<title > Options</title>
<para > The following options are understood:</para>
2013-01-26 19:47:16 +04:00
<variablelist class= 'pam-directives' >
2011-05-27 03:29:34 +04:00
2012-12-24 17:25:58 +04:00
<varlistentry >
<term > <option > class=</option> </term>
<listitem > <para > Takes a string
argument which sets the session class.
The XDG_SESSION_CLASS environmental variable
2014-02-05 21:55:18 +04:00
takes precedence. One of
<literal > user</literal> ,
<literal > greeter</literal> ,
<literal > lock-screen</literal> or
<literal > background</literal> . See
<citerefentry > <refentrytitle > sd_session_get_class</refentrytitle> <manvolnum > 3</manvolnum> </citerefentry>
for details about the session class.</para> </listitem>
</varlistentry>
<varlistentry >
<term > <option > type=</option> </term>
<listitem > <para > Takes a string
argument which sets the session type.
The XDG_SESSION_TYPE environmental
variable takes precedence. One of
<literal > unspecified</literal> ,
<literal > tty</literal> ,
2014-04-09 23:22:48 +04:00
<literal > x11</literal> ,
<literal > wayland</literal> or
<literal > mir</literal> . See
2014-02-05 21:55:18 +04:00
<citerefentry > <refentrytitle > sd_session_get_type</refentrytitle> <manvolnum > 3</manvolnum> </citerefentry>
for details about the session type.</para> </listitem>
2012-12-24 17:25:58 +04:00
</varlistentry>
2011-05-27 03:29:34 +04:00
<varlistentry >
2013-10-31 08:58:25 +04:00
<term > <option > debug<optional > =</optional> </option> </term>
2011-05-27 03:29:34 +04:00
2013-10-31 08:58:25 +04:00
<listitem > <para > Takes an optional
boolean argument. If yes or without
the argument, the module will log
2011-06-29 04:46:20 +04:00
debugging information as it
operates.</para> </listitem>
2011-05-27 03:29:34 +04:00
</varlistentry>
2010-06-24 02:11:04 +04:00
</variablelist>
</refsect1>
<refsect1 >
<title > Module Types Provided</title>
<para > Only <option > session</option> is provided.</para>
</refsect1>
<refsect1 >
<title > Environment</title>
2010-06-24 07:23:16 +04:00
<para > The following environment variables are set for the processes of the user's session:</para>
2013-01-26 19:47:16 +04:00
<variablelist class= 'environment-variables' >
2010-06-24 02:11:04 +04:00
<varlistentry >
<term > <varname > $XDG_SESSION_ID</varname> </term>
<listitem > <para > A session identifier,
2013-06-27 23:51:44 +04:00
suitable to be used in filenames. The
2010-06-24 02:11:04 +04:00
string itself should be considered
opaque, although often it is just the
audit session ID as reported by
<filename > /proc/self/sessionid</filename> . Each
ID will be assigned only once during
machine uptime. It may hence be used
to uniquely label files or other
resources of this
session.</para> </listitem>
</varlistentry>
<varlistentry >
<term > <varname > $XDG_RUNTIME_DIR</varname> </term>
<listitem > <para > Path to a user-private
user-writable directory that is bound
to the user login time on the
machine. It is automatically created
the first time a user logs in and
2014-10-24 14:02:44 +04:00
removed on the user's final logout. If
a user logs in twice at the same time,
both sessions will see the same
2010-06-24 02:11:04 +04:00
<varname > $XDG_RUNTIME_DIR</varname>
and the same contents. If a user logs
in once, then logs out again, and logs
in again, the directory contents will
have been lost in between, but
applications should not rely on this
2012-09-04 21:24:16 +04:00
behavior and must be able to deal with
2010-06-24 02:11:04 +04:00
stale files. To store session-private
2014-10-24 14:07:05 +04:00
data in this directory, the user
should include the value of
<varname > $XDG_SESSION_ID</varname> in
the filename. This directory shall be
used for runtime file system objects
such as <constant > AF_UNIX</constant>
sockets, FIFOs, PID files and
similar. It is guaranteed that this
directory is local and offers the
greatest possible file system feature
set the operating system provides. For
further details see the <ulink
url="http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html">XDG
Base Directory
Specification</ulink> .</para> </listitem>
2010-06-24 02:11:04 +04:00
</varlistentry>
2014-02-05 23:34:11 +04:00
</variablelist>
<para > The following environment variables are read by
the module and may be used by the PAM service to pass
2014-02-17 06:37:18 +04:00
metadata to the module:</para>
2014-02-05 23:34:11 +04:00
<variablelist class= 'environment-variables' >
<varlistentry >
<term > <varname > $XDG_SESSION_TYPE</varname> </term>
<listitem > <para > The session type. This
may be used instead of
<option > session=</option> on the
module parameter line, and is usually
preferred.</para> </listitem>
</varlistentry>
<varlistentry >
<term > <varname > $XDG_SESSION_CLASS</varname> </term>
<listitem > <para > The session class. This
may be used instead of
<option > class=</option> on the
module parameter line, and is usually
preferred.</para> </listitem>
</varlistentry>
<varlistentry >
<term > <varname > $XDG_SESSION_DESKTOP</varname> </term>
2014-04-23 22:11:38 +04:00
<listitem > <para > A single, short
identifier string for the desktop
environment. This may be used to
indicate the session desktop used,
where this applies and if this
2014-02-05 23:34:11 +04:00
information is available. For example:
2014-04-23 22:11:38 +04:00
<literal > GNOME</literal> , or
<literal > KDE</literal> . It is
recommended to use the same
identifiers and capitalization as for
<varname > $XDG_CURRENT_DESKTOP</varname> ,
as defined by the <ulink
url="http://standards.freedesktop.org/desktop-entry-spec/latest/">Desktop
2014-10-28 14:32:25 +03:00
Entry Specification</ulink> . (However,
note that
<varname > $XDG_SESSION_DESKTOP</varname>
only takes a single item, and not a
colon-separated list like
<varname > $XDG_CURRENT_DESKTOP</varname> .)
See
2014-09-20 20:42:29 +04:00
<citerefentry > <refentrytitle > sd_session_get_desktop</refentrytitle> <manvolnum > 3</manvolnum> </citerefentry>
for more details.</para> </listitem>
2014-02-05 23:34:11 +04:00
</varlistentry>
<varlistentry >
<term > <varname > $XDG_SEAT</varname> </term>
<listitem > <para > The seat name the session
shall be registered for, if
any.</para> </listitem>
</varlistentry>
<varlistentry >
<term > <varname > $XDG_VTNR</varname> </term>
<listitem > <para > The VT number the
session shall be registered for, if
any. (Only applies to seats with a VT
available, such as
<literal > seat0</literal> )</para> </listitem>
</varlistentry>
2010-06-24 02:11:04 +04:00
</variablelist>
</refsect1>
<refsect1 >
<title > Example</title>
<programlisting > #%PAM-1.0
auth required pam_unix.so
auth required pam_nologin.so
account required pam_unix.so
password required pam_unix.so
session required pam_unix.so
session required pam_loginuid.so
2013-07-19 20:52:09 +04:00
session required pam_systemd.so</programlisting>
2010-06-24 02:11:04 +04:00
</refsect1>
<refsect1 >
<title > See Also</title>
<para >
2012-06-01 02:14:07 +04:00
<citerefentry > <refentrytitle > systemd</refentrytitle> <manvolnum > 1</manvolnum> </citerefentry> ,
<citerefentry > <refentrytitle > systemd-logind.service</refentrytitle> <manvolnum > 8</manvolnum> </citerefentry> ,
<citerefentry > <refentrytitle > logind.conf</refentrytitle> <manvolnum > 5</manvolnum> </citerefentry> ,
<citerefentry > <refentrytitle > loginctl</refentrytitle> <manvolnum > 1</manvolnum> </citerefentry> ,
man: add a mapping for external manpages
It is annoying when we have dead links on fd.o.
Add project='man-pages|die-net|archlinux' to <citerefentry>-ies.
In generated html, add external links to
http://man7.org/linux/man-pages/man, http://linux.die.net/man/,
https://www.archlinux.org/.
By default, pages in sections 2 and 4 go to man7, since Michael
Kerrisk is the autorative source on kernel related stuff.
The rest of links goes to linux.die.net, because they have the
manpages.
Except for the pacman stuff, since it seems to be only available from
archlinux.org.
Poor gummiboot gets no link, because gummitboot(8) ain't to be found
on the net. According to common wisdom, that would mean that it does
not exist. But I have seen Kay using it, so I know it does, and
deserves to be found. Can somebody be nice and put it up somewhere?
2014-07-08 02:25:54 +04:00
<citerefentry project= 'man-pages' > <refentrytitle > pam.conf</refentrytitle> <manvolnum > 5</manvolnum> </citerefentry> ,
<citerefentry project= 'man-pages' > <refentrytitle > pam.d</refentrytitle> <manvolnum > 5</manvolnum> </citerefentry> ,
<citerefentry project= 'man-pages' > <refentrytitle > pam</refentrytitle> <manvolnum > 8</manvolnum> </citerefentry> ,
<citerefentry project= 'man-pages' > <refentrytitle > pam_loginuid</refentrytitle> <manvolnum > 8</manvolnum> </citerefentry> ,
2013-07-19 20:52:09 +04:00
<citerefentry > <refentrytitle > systemd.scope</refentrytitle> <manvolnum > 5</manvolnum> </citerefentry> ,
<citerefentry > <refentrytitle > systemd.slice</refentrytitle> <manvolnum > 5</manvolnum> </citerefentry> ,
<citerefentry > <refentrytitle > systemd.service</refentrytitle> <manvolnum > 5</manvolnum> </citerefentry>
2010-06-24 02:11:04 +04:00
</para>
</refsect1>
</refentry>
