[thirdparty/systemd.git] / man / user@.service.xml

<?xml version="1.0"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1+ -->

<refentry id="user@.service">
  <refentryinfo>
    <title>user@.service</title>
    <productname>systemd</productname>
  </refentryinfo>

  <refmeta>
    <refentrytitle>user@.service</refentrytitle>
    <manvolnum>5</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>user@.service</refname>
    <refname>user-runtime-dir@.service</refname>
    <refpurpose>System units to manage user processes</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <para><filename>user@<replaceable>UID</replaceable>.service</filename></para>
    <para><filename>user-runtime-dir@<replaceable>UID</replaceable>.service</filename></para>
    <para><filename>user-<replaceable>UID</replaceable>.slice</filename></para>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para>The
    <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
    system manager (PID 1) starts user manager instances as
    <filename>user@<replaceable>UID</replaceable>.service</filename>, where the user's numerical UID
    is used as the instance identifier. Each <command>systemd --user</command> instance manages a
    hierarchy of its own units. See
    <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> for
    a discussion of systemd units and
    <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>1</manvolnum></citerefentry>
    for a list of units that form the basis of the unit hierarchies of system and user units.</para>

    <para><filename>user@<replaceable>UID</replaceable>.service</filename> is accompanied by the
    system unit <filename>user-runtime-dir@<replaceable>UID</replaceable>.service</filename>, which
    creates the user's runtime directory
    <filename>/run/user/<replaceable>UID</replaceable></filename>, and then removes it when this
    unit is stopped.</para>

    <para>User processes may be started by the <filename>user@.service</filename> instance, in which
    case they will be part of that unit in the system hierarchy. They may also be started elsewhere,
    for example by
    <citerefentry><refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum></citerefentry> or a
    display manager like <command>gdm</command>, in which case they form a .scope unit (see
    <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
    Both <filename>user@<replaceable>UID</replaceable>.service</filename> and the scope units are
    collected under a <filename>user-<replaceable>UID</replaceable>.slice</filename>.</para>

    <para>Individual <filename>user-<replaceable>UID</replaceable>.slice</filename> slices are
    collected under <filename>user.slice</filename>, see
    <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
    </para>
  </refsect1>

  <refsect1>
    <title>Controlling resources for logged-in users</title>

    <para>Options that control resources available to logged-in users can be configured at a few
    different levels. As described in the previous section, <filename>user.slice</filename> contains
    processes of all users, so any resource limits on that slice apply to all users together. The
    usual way to configure them would be through drop-ins, e.g. <filename
    noindex='true'>/etc/systemd/system/user.slice.d/resources.conf</filename>.
    </para>

    <para>The processes of a single user are collected under
    <filename>user-<replaceable>UID</replaceable>.slice</filename>. Resource limits for that user
    can be configured through drop-ins for that unit, e.g. <filename
    noindex='true'>/etc/systemd/system/user-1000.slice.d/resources.conf</filename>. If the limits
    should apply to all users instead, they may be configured through drop-ins for the truncated
    unit name, <filename>user-.slice</filename>. For example, configuration in <filename
    noindex='true'>/etc/systemd/system/user-.slice.d/resources.conf</filename> is included in all
    <filename>user-<replaceable>UID</replaceable>.slice</filename> units, see
    <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
    for a discussion of the drop-in mechanism.</para>

    <para>When a user logs in and a .scope unit is created for the session (see previous section),
    the creation of the scope may be managed through
    <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
    This PAM module communicates with
    <citerefentry><refentrytitle>systemd-logind</refentrytitle><manvolnum>8</manvolnum></citerefentry>
    to create the session scope and provide access to hardware resources. Resource limits for the
    scope may be configured through the PAM module configuration, see
    <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
    Configuring them through the normal unit configuration is also possible, but since
    the name of the slice unit is generally unpredictable, this is less useful.</para>

    <para>In general any resources that apply to units may be set for
    <filename>user@<replaceable>UID</replaceable>.service</filename> and the slice
    units discussed above, see
    <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
    for an overview.</para>
  </refsect1>

  <refsect1>
    <title>Examples</title>
    <example>
      <title>Hierarchy of control groups with two logged in users</title>

      <programlisting>$ systemd-cgls
Control group /:
-.slice
├─user.slice
│ ├─user-1000.slice
│ │ ├─user@1000.service
│ │ │ ├─pulseaudio.service
│ │ │ │ └─2386 /usr/bin/pulseaudio --daemonize=no
│ │ │ └─gnome-terminal-server.service
│ │ │   └─init.scope
│ │ │     ├─ 4127 /usr/libexec/gnome-terminal-server
│ │ │     └─ 4198 zsh
│ │ …
│ │ └─session-4.scope
│ │   ├─ 1264 gdm-session-worker [pam/gdm-password]
│ │   ├─ 2339 /usr/bin/gnome-shell
│ │   …
│ │ ├─session-19.scope
│ │   ├─6497 sshd: zbyszek [priv]
│ │   ├─6502 sshd: zbyszek@pts/6
│ │   ├─6509 -zsh
│ │   └─6602 systemd-cgls --no-pager
│ …
│ └─user-1001.slice
│   ├─session-20.scope
│   │ ├─6675 sshd: guest [priv]
│   │ ├─6708 sshd: guest@pts/6
│   │ └─6717 -bash
│   └─user@1001.service
│     ├─init.scope
│     │ ├─6680 /usr/lib/systemd/systemd --user
│     │ └─6688 (sd-pam)
│     └─sleep.service
│       └─6706 /usr/bin/sleep 30
…</programlisting>
      <para>User with UID 1000 is logged in using <command>gdm</command> (<filename
      noindex='true'>session-4.scope</filename>) and
      <citerefentry><refentrytitle>ssh</refentrytitle><manvolnum>1</manvolnum></citerefentry>
      (<filename noindex='true'>session-19.scope</filename>), and also has a user manager instance
      running (<filename noindex='true'>user@1000.service</filename>).  User with UID 1001 is logged
      in using <command>ssh</command> (<filename noindex='true'>session-20.scope</filename>) and
      also has a user manager instance running (<filename
      noindex='true'>user@1001.service</filename>).  Those are all (leaf) system units, and form
      part of the slice hierarchy, with <filename noindex='true'>user-1000.slice</filename> and
      <filename noindex='true'>user-1001.slice</filename> below <filename
      noindex='true'>user.slice</filename>.  User units are visible below the
      <filename>user@.service</filename> instances (<filename
      noindex='true'>pulseaudio.service</filename>, <filename
      noindex='true'>gnome-terminal-server.service</filename>, <filename
      noindex='true'>init.scope</filename>, <filename noindex='true'>sleep.service</filename>).
      </para>
    </example>

    <example>
      <title>Default user resource limits</title>

      <programlisting>$ systemctl cat user-1000.slice
# /usr/lib/systemd/system/user-.slice.d/10-defaults.conf
# …
[Unit]
Description=User Slice of UID %j
After=systemd-user-sessions.service

[Slice]
TasksMax=33%</programlisting>
     <para>The <filename>user-<replaceable>UID</replaceable>.slice</filename> units by default don't
     have a unit file. The resource limits are set through a drop-in, which can be easily replaced
     or extended following standard drop-in mechanisms discussed in the first section.</para>
    </example>
  </refsect1>

  <refsect1>
    <title>See Also</title>
    <para>
      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
      <citerefentry project='man-pages'><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>
    </para>
  </refsect1>
</refentry>
Commit	Line	Data
a99655b0 ZJS	1	<?xml version="1.0"?>
	2	<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
	3	<!-- SPDX-License-Identifier: LGPL-2.1+ -->
	4
	5	<refentry id="user@.service">
	6	<refentryinfo>
	7	<title>user@.service</title>
	8	<productname>systemd</productname>
	9	</refentryinfo>
	10
	11	<refmeta>
	12	<refentrytitle>user@.service</refentrytitle>
	13	<manvolnum>5</manvolnum>
	14	</refmeta>
	15
	16	<refnamediv>
	17	<refname>user@.service</refname>
	18	<refname>user-runtime-dir@.service</refname>
bc210346	19	<refpurpose>System units to manage user processes</refpurpose>
a99655b0 ZJS	20	</refnamediv>
	21
	22	<refsynopsisdiv>
	23	<para><filename>user@<replaceable>UID</replaceable>.service</filename></para>
	24	<para><filename>user-runtime-dir@<replaceable>UID</replaceable>.service</filename></para>
	25	<para><filename>user-<replaceable>UID</replaceable>.slice</filename></para>
	26	</refsynopsisdiv>
	27
	28	<refsect1>
	29	<title>Description</title>
	30
	31	<para>The
	32	<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
	33	system manager (PID 1) starts user manager instances as
	34	<filename>user@<replaceable>UID</replaceable>.service</filename>, where the user's numerical UID
	35	is used as the instance identifier. Each <command>systemd --user</command> instance manages a
	36	hierarchy of its own units. See
	37	<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> for
	38	a discussion of systemd units and
	39	<citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>1</manvolnum></citerefentry>
	40	for a list of units that form the basis of the unit hierarchies of system and user units.</para>
	41
	42	<para><filename>user@<replaceable>UID</replaceable>.service</filename> is accompanied by the
	43	system unit <filename>user-runtime-dir@<replaceable>UID</replaceable>.service</filename>, which
	44	creates the user's runtime directory
	45	<filename>/run/user/<replaceable>UID</replaceable></filename>, and then removes it when this
	46	unit is stopped.</para>
	47
	48	<para>User processes may be started by the <filename>user@.service</filename> instance, in which
	49	case they will be part of that unit in the system hierarchy. They may also be started elsewhere,
	50	for example by
	51	<citerefentry><refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum></citerefentry> or a
	52	display manager like <command>gdm</command>, in which case they form a .scope unit (see
	53	<citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
	54	Both <filename>user@<replaceable>UID</replaceable>.service</filename> and the scope units are
	55	collected under a <filename>user-<replaceable>UID</replaceable>.slice</filename>.</para>
	56
	57	<para>Individual <filename>user-<replaceable>UID</replaceable>.slice</filename> slices are
	58	collected under <filename>user.slice</filename>, see
	59	<citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
	60	</para>
	61	</refsect1>
	62
	63	<refsect1>
	64	<title>Controlling resources for logged-in users</title>
	65
	66	<para>Options that control resources available to logged-in users can be configured at a few
	67	different levels. As described in the previous section, <filename>user.slice</filename> contains
	68	processes of all users, so any resource limits on that slice apply to all users together. The
	69	usual way to configure them would be through drop-ins, e.g. <filename
	70	noindex='true'>/etc/systemd/system/user.slice.d/resources.conf</filename>.
	71	</para>
	72
	73	<para>The processes of a single user are collected under
	74	<filename>user-<replaceable>UID</replaceable>.slice</filename>. Resource limits for that user
	75	can be configured through drop-ins for that unit, e.g. <filename
	76	noindex='true'>/etc/systemd/system/user-1000.slice.d/resources.conf</filename>. If the limits
	77	should apply to all users instead, they may be configured through drop-ins for the truncated
	78	unit name, <filename>user-.slice</filename>. For example, configuration in <filename
	79	noindex='true'>/etc/systemd/system/user-.slice.d/resources.conf</filename> is included in all
	80	<filename>user-<replaceable>UID</replaceable>.slice</filename> units, see
	81	<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
	82	for a discussion of the drop-in mechanism.</para>
	83
84	<para>When a user logs in and a .scope unit is created for the session (see previous section),
85	the creation of the scope may be managed through
86	<citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
87	This PAM module communicates with
88	<citerefentry><refentrytitle>systemd-logind</refentrytitle><manvolnum>8</manvolnum></citerefentry>
89	to create the session scope and provide access to hardware resources. Resource limits for the
90	scope may be configured through the PAM module configuration, see
91	<citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
92	Configuring them through the normal unit configuration is also possible, but since
93	the name of the slice unit is generally unpredictable, this is less useful.</para>
94
95	<para>In general any resources that apply to units may be set for
96	<filename>user@<replaceable>UID</replaceable>.service</filename> and the slice
97	units discussed above, see
98	<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
99	for an overview.</para>
100	</refsect1>
101
102	<refsect1>
103	<title>Examples</title>
104	<example>
105	<title>Hierarchy of control groups with two logged in users</title>
106
107	<programlisting>$ systemd-cgls
108	Control group /:
109	-.slice
110	├─user.slice
111	│ ├─user-1000.slice
112	│ │ ├─user@1000.service
113	│ │ │ ├─pulseaudio.service
114	│ │ │ │ └─2386 /usr/bin/pulseaudio --daemonize=no
115	│ │ │ └─gnome-terminal-server.service
116	│ │ │ └─init.scope
117	│ │ │ ├─ 4127 /usr/libexec/gnome-terminal-server
118	│ │ │ └─ 4198 zsh
119	│ │ …
120	│ │ └─session-4.scope
121	│ │ ├─ 1264 gdm-session-worker [pam/gdm-password]
122	│ │ ├─ 2339 /usr/bin/gnome-shell
123	│ │ …
124	│ │ ├─session-19.scope
125	│ │ ├─6497 sshd: zbyszek [priv]
126	│ │ ├─6502 sshd: zbyszek@pts/6
127	│ │ ├─6509 -zsh
128	│ │ └─6602 systemd-cgls --no-pager
129	│ …
130	│ └─user-1001.slice
131	│ ├─session-20.scope
132	│ │ ├─6675 sshd: guest [priv]
133	│ │ ├─6708 sshd: guest@pts/6
134	│ │ └─6717 -bash
135	│ └─user@1001.service
136	│ ├─init.scope
137	│ │ ├─6680 /usr/lib/systemd/systemd --user
138	│ │ └─6688 (sd-pam)
139	│ └─sleep.service
140	│ └─6706 /usr/bin/sleep 30
141	…</programlisting>
142	<para>User with UID 1000 is logged in using <command>gdm</command> (<filename
143	noindex='true'>session-4.scope</filename>) and
144	<citerefentry><refentrytitle>ssh</refentrytitle><manvolnum>1</manvolnum></citerefentry>
145	(<filename noindex='true'>session-19.scope</filename>), and also has a user manager instance
146	running (<filename noindex='true'>user@1000.service</filename>). User with UID 1001 is logged
147	in using <command>ssh</command> (<filename noindex='true'>session-20.scope</filename>) and
148	also has a user manager instance running (<filename
149	noindex='true'>user@1001.service</filename>). Those are all (leaf) system units, and form
150	part of the slice hierarchy, with <filename noindex='true'>user-1000.slice</filename> and
151	<filename noindex='true'>user-1001.slice</filename> below <filename
152	noindex='true'>user.slice</filename>. User units are visible below the
153	<filename>user@.service</filename> instances (<filename
154	noindex='true'>pulseaudio.service</filename>, <filename
155	noindex='true'>gnome-terminal-server.service</filename>, <filename
156	noindex='true'>init.scope</filename>, <filename noindex='true'>sleep.service</filename>).
157	</para>
158	</example>
159
160	<example>
161	<title>Default user resource limits</title>
162
163	<programlisting>$ systemctl cat user-1000.slice
164	# /usr/lib/systemd/system/user-.slice.d/10-defaults.conf
165	# …
166	[Unit]
167	Description=User Slice of UID %j
168	After=systemd-user-sessions.service
169
170	[Slice]
171	TasksMax=33%</programlisting>
172	<para>The <filename>user-<replaceable>UID</replaceable>.slice</filename> units by default don't
173	have a unit file. The resource limits are set through a drop-in, which can be easily replaced
174	or extended following standard drop-in mechanisms discussed in the first section.</para>
175	</example>
176	</refsect1>
177
178	<refsect1>
179	<title>See Also</title>
180	<para>
181	<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
182	<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
183	<citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
184	<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
185	<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
186	<citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
187	<citerefentry project='man-pages'><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>
188	</para>
189	</refsect1>
190	</refentry>