diff --git a/man/rules/meson.build b/man/rules/meson.build
index 9673ef8886f..35bc1743d9f 100644
--- a/man/rules/meson.build
+++ b/man/rules/meson.build
@@ -842,6 +842,7 @@ manpages = [
''],
['udev_new', '3', ['udev_ref', 'udev_unref'], ''],
['udevadm', '8', [], ''],
+ ['user@.service', '5', ['user-runtime-dir@.service'], ''],
['vconsole.conf', '5', [], 'ENABLE_VCONSOLE']
]
# Really, do not edit.
diff --git a/man/systemd.special.xml b/man/systemd.special.xml
index 9e1ebe84ca8..38006c6abd9 100644
--- a/man/systemd.special.xml
+++ b/man/systemd.special.xml
@@ -1075,7 +1075,8 @@
systemd.target5,
systemd.slice5,
bootup7,
- systemd-fstab-generator8
+ systemd-fstab-generator8,
+ user@.service5
diff --git a/man/user@.service.xml b/man/user@.service.xml
new file mode 100644
index 00000000000..fc9c3e786c1
--- /dev/null
+++ b/man/user@.service.xml
@@ -0,0 +1,190 @@
+
+
+
+
+
+
+ user@.service
+ systemd
+
+
+
+ user@.service
+ 5
+
+
+
+ user@.service
+ user-runtime-dir@.service
+ System units to manager user processes
+
+
+
+ user@UID.service
+ user-runtime-dir@UID.service
+ user-UID.slice
+
+
+
+ Description
+
+ The
+ systemd1
+ system manager (PID 1) starts user manager instances as
+ user@UID.service, where the user's numerical UID
+ is used as the instance identifier. Each systemd --user instance manages a
+ hierarchy of its own units. See
+ systemd1 for
+ a discussion of systemd units and
+ systemd.special1
+ for a list of units that form the basis of the unit hierarchies of system and user units.
+
+ user@UID.service is accompanied by the
+ system unit user-runtime-dir@UID.service, which
+ creates the user's runtime directory
+ /run/user/UID, and then removes it when this
+ unit is stopped.
+
+ User processes may be started by the user@.service instance, in which
+ case they will be part of that unit in the system hierarchy. They may also be started elsewhere,
+ for example by
+ sshd8 or a
+ display manager like gdm, in which case they form a .scope unit (see
+ systemd.scope5).
+ Both user@UID.service and the scope units are
+ collected under a user-UID.slice.
+
+ Individual user-UID.slice slices are
+ collected under user.slice, see
+ systemd.special8.
+
+
+
+
+ Controlling resources for logged-in users
+
+ Options that control resources available to logged-in users can be configured at a few
+ different levels. As described in the previous section, user.slice contains
+ processes of all users, so any resource limits on that slice apply to all users together. The
+ usual way to configure them would be through drop-ins, e.g. /etc/systemd/system/user.slice.d/resources.conf.
+
+
+ The processes of a single user are collected under
+ user-UID.slice. Resource limits for that user
+ can be configured through drop-ins for that unit, e.g. /etc/systemd/system/user-1000.slice.d/resources.conf. If the limits
+ should apply to all users instead, they may be configured through drop-ins for the truncated
+ unit name, user-.slice. For example, configuration in /etc/systemd/system/user-.slice.d/resources.conf is included in all
+ user-UID.slice units, see
+ systemd.unit5
+ for a discussion of the drop-in mechanism.
+
+ When a user logs in and a .scope unit is created for the session (see previous section),
+ the creation of the scope may be managed through
+ pam_systemd8.
+ This PAM module communicates with
+ systemd-logind8
+ to create the session scope and provide access to hardware resources. Resource limits for the
+ scope may be configured through the PAM module configuration, see
+ pam_systemd8.
+ Configuring them through the normal unit configuration is also possible, but since
+ the name of the slice unit is generally unpredictable, this is less useful.
+
+ In general any resources that apply to units may be set for
+ user@UID.service and the slice
+ units discussed above, see
+ systemd.resource-control5
+ for an overview.
+
+
+
+ Examples
+
+ Hierarchy of control groups with two logged in users
+
+ $ systemd-cgls
+Control group /:
+-.slice
+├─user.slice
+│ ├─user-1000.slice
+│ │ ├─user@1000.service
+│ │ │ ├─pulseaudio.service
+│ │ │ │ └─2386 /usr/bin/pulseaudio --daemonize=no
+│ │ │ └─gnome-terminal-server.service
+│ │ │ └─init.scope
+│ │ │ ├─ 4127 /usr/libexec/gnome-terminal-server
+│ │ │ └─ 4198 zsh
+│ │ …
+│ │ └─session-4.scope
+│ │ ├─ 1264 gdm-session-worker [pam/gdm-password]
+│ │ ├─ 2339 /usr/bin/gnome-shell
+│ │ …
+│ │ ├─session-19.scope
+│ │ ├─6497 sshd: zbyszek [priv]
+│ │ ├─6502 sshd: zbyszek@pts/6
+│ │ ├─6509 -zsh
+│ │ └─6602 systemd-cgls --no-pager
+│ …
+│ └─user-1001.slice
+│ ├─session-20.scope
+│ │ ├─6675 sshd: guest [priv]
+│ │ ├─6708 sshd: guest@pts/6
+│ │ └─6717 -bash
+│ └─user@1001.service
+│ ├─init.scope
+│ │ ├─6680 /usr/lib/systemd/systemd --user
+│ │ └─6688 (sd-pam)
+│ └─sleep.service
+│ └─6706 /usr/bin/sleep 30
+…
+ User with UID 1000 is logged in using gdm (session-4.scope) and
+ ssh1
+ (session-19.scope), and also has a user manager instance
+ running (user@1000.service). User with UID 1001 is logged
+ in using ssh (session-20.scope) and
+ also has a user manager instance running (user@1001.service). Those are all (leaf) system units, and form
+ part of the slice hierarchy, with user-1000.slice and
+ user-1001.slice below user.slice. User units are visible below the
+ user@.service instances (pulseaudio.service, gnome-terminal-server.service, init.scope, sleep.service).
+
+
+
+
+ Default user resource limits
+
+ $ systemctl cat user-1000.slice
+# /usr/lib/systemd/system/user-.slice.d/10-defaults.conf
+# …
+[Unit]
+Description=User Slice of UID %j
+After=systemd-user-sessions.service
+
+[Slice]
+TasksMax=33%
+ The user-UID.slice units by default don't
+ have a unit file. The resource limits are set through a drop-in, which can be easily replaced
+ or extended following standard drop-in mechanisms discussed in the first section.
+
+
+
+
+ See Also
+
+ systemd1,
+ systemd.service5,
+ systemd.slice5,
+ systemd.resource-control5,
+ systemd.exec5,
+ systemd.special7,
+ pam8
+
+
+
diff --git a/units/user-.slice.d/10-defaults.conf b/units/user-.slice.d/10-defaults.conf
index 95ab11b30be..f1d118562c7 100644
--- a/units/user-.slice.d/10-defaults.conf
+++ b/units/user-.slice.d/10-defaults.conf
@@ -9,6 +9,7 @@
[Unit]
Description=User Slice of UID %j
+Documentation=man:user@.service(5)
After=systemd-user-sessions.service
[Slice]
diff --git a/units/user-runtime-dir@.service.in b/units/user-runtime-dir@.service.in
index 8c02beda3bd..3a852b68a67 100644
--- a/units/user-runtime-dir@.service.in
+++ b/units/user-runtime-dir@.service.in
@@ -9,6 +9,7 @@
[Unit]
Description=/run/user/%i mount wrapper
+Documentation=man:user@.service(5)
StopWhenUnneeded=yes
[Service]
diff --git a/units/user@.service.in b/units/user@.service.in
index b88108e1b75..07107a66ee2 100644
--- a/units/user@.service.in
+++ b/units/user@.service.in
@@ -9,6 +9,7 @@
[Unit]
Description=User Manager for UID %i
+Documentation=man:user@.service(5)
After=systemd-user-sessions.service
After=user-runtime-dir@%i.service
Requires=user-runtime-dir@%i.service