2018-07-20 16:49:57 +03:00
<?xml version="1.0"?>
2019-03-14 16:40:58 +03:00
< !DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
2018-07-20 16:49:57 +03:00
<!-- SPDX - License - Identifier: LGPL - 2.1+ -->
<refentry id= "user@.service" >
<refentryinfo >
<title > user@.service</title>
<productname > systemd</productname>
</refentryinfo>
<refmeta >
<refentrytitle > user@.service</refentrytitle>
<manvolnum > 5</manvolnum>
</refmeta>
<refnamediv >
<refname > user@.service</refname>
<refname > user-runtime-dir@.service</refname>
2018-07-21 02:32:02 +03:00
<refpurpose > System units to manage user processes</refpurpose>
2018-07-20 16:49:57 +03:00
</refnamediv>
<refsynopsisdiv >
<para > <filename > user@<replaceable > UID</replaceable> .service</filename> </para>
<para > <filename > user-runtime-dir@<replaceable > UID</replaceable> .service</filename> </para>
<para > <filename > user-<replaceable > UID</replaceable> .slice</filename> </para>
</refsynopsisdiv>
<refsect1 >
<title > Description</title>
<para > The
<citerefentry > <refentrytitle > systemd</refentrytitle> <manvolnum > 1</manvolnum> </citerefentry>
system manager (PID 1) starts user manager instances as
<filename > user@<replaceable > UID</replaceable> .service</filename> , where the user's numerical UID
is used as the instance identifier. Each <command > systemd --user</command> instance manages a
hierarchy of its own units. See
<citerefentry > <refentrytitle > systemd</refentrytitle> <manvolnum > 1</manvolnum> </citerefentry> for
a discussion of systemd units and
<citerefentry > <refentrytitle > systemd.special</refentrytitle> <manvolnum > 1</manvolnum> </citerefentry>
for a list of units that form the basis of the unit hierarchies of system and user units.</para>
<para > <filename > user@<replaceable > UID</replaceable> .service</filename> is accompanied by the
system unit <filename > user-runtime-dir@<replaceable > UID</replaceable> .service</filename> , which
creates the user's runtime directory
<filename > /run/user/<replaceable > UID</replaceable> </filename> , and then removes it when this
unit is stopped.</para>
<para > User processes may be started by the <filename > user@.service</filename> instance, in which
case they will be part of that unit in the system hierarchy. They may also be started elsewhere,
for example by
<citerefentry > <refentrytitle > sshd</refentrytitle> <manvolnum > 8</manvolnum> </citerefentry> or a
display manager like <command > gdm</command> , in which case they form a .scope unit (see
<citerefentry > <refentrytitle > systemd.scope</refentrytitle> <manvolnum > 5</manvolnum> </citerefentry> ).
Both <filename > user@<replaceable > UID</replaceable> .service</filename> and the scope units are
collected under a <filename > user-<replaceable > UID</replaceable> .slice</filename> .</para>
<para > Individual <filename > user-<replaceable > UID</replaceable> .slice</filename> slices are
collected under <filename > user.slice</filename> , see
<citerefentry > <refentrytitle > systemd.special</refentrytitle> <manvolnum > 8</manvolnum> </citerefentry> .
</para>
</refsect1>
<refsect1 >
<title > Controlling resources for logged-in users</title>
<para > Options that control resources available to logged-in users can be configured at a few
different levels. As described in the previous section, <filename > user.slice</filename> contains
processes of all users, so any resource limits on that slice apply to all users together. The
usual way to configure them would be through drop-ins, e.g. <filename
noindex='true'>/etc/systemd/system/user.slice.d/resources.conf</filename> .
</para>
<para > The processes of a single user are collected under
<filename > user-<replaceable > UID</replaceable> .slice</filename> . Resource limits for that user
can be configured through drop-ins for that unit, e.g. <filename
noindex='true'>/etc/systemd/system/user-1000.slice.d/resources.conf</filename> . If the limits
should apply to all users instead, they may be configured through drop-ins for the truncated
unit name, <filename > user-.slice</filename> . For example, configuration in <filename
noindex='true'>/etc/systemd/system/user-.slice.d/resources.conf</filename> is included in all
<filename > user-<replaceable > UID</replaceable> .slice</filename> units, see
<citerefentry > <refentrytitle > systemd.unit</refentrytitle> <manvolnum > 5</manvolnum> </citerefentry>
for a discussion of the drop-in mechanism.</para>
<para > When a user logs in and a .scope unit is created for the session (see previous section),
the creation of the scope may be managed through
<citerefentry > <refentrytitle > pam_systemd</refentrytitle> <manvolnum > 8</manvolnum> </citerefentry> .
This PAM module communicates with
<citerefentry > <refentrytitle > systemd-logind</refentrytitle> <manvolnum > 8</manvolnum> </citerefentry>
to create the session scope and provide access to hardware resources. Resource limits for the
scope may be configured through the PAM module configuration, see
<citerefentry > <refentrytitle > pam_systemd</refentrytitle> <manvolnum > 8</manvolnum> </citerefentry> .
Configuring them through the normal unit configuration is also possible, but since
the name of the slice unit is generally unpredictable, this is less useful.</para>
<para > In general any resources that apply to units may be set for
<filename > user@<replaceable > UID</replaceable> .service</filename> and the slice
units discussed above, see
<citerefentry > <refentrytitle > systemd.resource-control</refentrytitle> <manvolnum > 5</manvolnum> </citerefentry>
for an overview.</para>
</refsect1>
<refsect1 >
<title > Examples</title>
<example >
<title > Hierarchy of control groups with two logged in users</title>
<programlisting > $ systemd-cgls
Control group /:
-.slice
├─user.slice
│ ├─user-1000.slice
│ │ ├─user@1000.service
│ │ │ ├─pulseaudio.service
│ │ │ │ └─2386 /usr/bin/pulseaudio --daemonize=no
│ │ │ └─gnome-terminal-server.service
│ │ │ └─init.scope
│ │ │ ├─ 4127 /usr/libexec/gnome-terminal-server
│ │ │ └─ 4198 zsh
│ │ …
│ │ └─session-4.scope
│ │ ├─ 1264 gdm-session-worker [pam/gdm-password]
│ │ ├─ 2339 /usr/bin/gnome-shell
│ │ …
│ │ ├─session-19.scope
│ │ ├─6497 sshd: zbyszek [priv]
│ │ ├─6502 sshd: zbyszek@pts/6
│ │ ├─6509 -zsh
│ │ └─6602 systemd-cgls --no-pager
│ …
│ └─user-1001.slice
│ ├─session-20.scope
│ │ ├─6675 sshd: guest [priv]
│ │ ├─6708 sshd: guest@pts/6
│ │ └─6717 -bash
│ └─user@1001.service
│ ├─init.scope
│ │ ├─6680 /usr/lib/systemd/systemd --user
│ │ └─6688 (sd-pam)
│ └─sleep.service
│ └─6706 /usr/bin/sleep 30
…</programlisting>
<para > User with UID 1000 is logged in using <command > gdm</command> (<filename
noindex='true'>session-4.scope</filename> ) and
<citerefentry > <refentrytitle > ssh</refentrytitle> <manvolnum > 1</manvolnum> </citerefentry>
(<filename noindex= 'true' > session-19.scope</filename> ), and also has a user manager instance
running (<filename noindex= 'true' > user@1000.service</filename> ). User with UID 1001 is logged
in using <command > ssh</command> (<filename noindex= 'true' > session-20.scope</filename> ) and
also has a user manager instance running (<filename
noindex='true'>user@1001.service</filename> ). Those are all (leaf) system units, and form
part of the slice hierarchy, with <filename noindex= 'true' > user-1000.slice</filename> and
<filename noindex= 'true' > user-1001.slice</filename> below <filename
noindex='true'>user.slice</filename> . User units are visible below the
<filename > user@.service</filename> instances (<filename
noindex='true'>pulseaudio.service</filename> , <filename
noindex='true'>gnome-terminal-server.service</filename> , <filename
noindex='true'>init.scope</filename> , <filename noindex= 'true' > sleep.service</filename> ).
</para>
</example>
<example >
<title > Default user resource limits</title>
<programlisting > $ systemctl cat user-1000.slice
# /usr/lib/systemd/system/user-.slice.d/10-defaults.conf
# …
[Unit]
Description=User Slice of UID %j
After=systemd-user-sessions.service
[Slice]
TasksMax=33%</programlisting>
<para > The <filename > user-<replaceable > UID</replaceable> .slice</filename> units by default don't
have a unit file. The resource limits are set through a drop-in, which can be easily replaced
or extended following standard drop-in mechanisms discussed in the first section.</para>
</example>
</refsect1>
<refsect1 >
<title > See Also</title>
<para >
<citerefentry > <refentrytitle > systemd</refentrytitle> <manvolnum > 1</manvolnum> </citerefentry> ,
<citerefentry > <refentrytitle > systemd.service</refentrytitle> <manvolnum > 5</manvolnum> </citerefentry> ,
<citerefentry > <refentrytitle > systemd.slice</refentrytitle> <manvolnum > 5</manvolnum> </citerefentry> ,
<citerefentry > <refentrytitle > systemd.resource-control</refentrytitle> <manvolnum > 5</manvolnum> </citerefentry> ,
<citerefentry > <refentrytitle > systemd.exec</refentrytitle> <manvolnum > 5</manvolnum> </citerefentry> ,
<citerefentry > <refentrytitle > systemd.special</refentrytitle> <manvolnum > 7</manvolnum> </citerefentry> ,
<citerefentry project= 'man-pages' > <refentrytitle > pam</refentrytitle> <manvolnum > 8</manvolnum> </citerefentry>
</para>
</refsect1>
</refentry>
