]>
Commit | Line | Data |
---|---|---|
a99655b0 ZJS |
1 | <?xml version="1.0"?> |
2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> | |
3 | <!-- SPDX-License-Identifier: LGPL-2.1+ --> | |
4 | ||
5 | <refentry id="user@.service"> | |
6 | <refentryinfo> | |
7 | <title>user@.service</title> | |
8 | <productname>systemd</productname> | |
9 | </refentryinfo> | |
10 | ||
11 | <refmeta> | |
12 | <refentrytitle>user@.service</refentrytitle> | |
13 | <manvolnum>5</manvolnum> | |
14 | </refmeta> | |
15 | ||
16 | <refnamediv> | |
17 | <refname>user@.service</refname> | |
18 | <refname>user-runtime-dir@.service</refname> | |
bc210346 | 19 | <refpurpose>System units to manage user processes</refpurpose> |
a99655b0 ZJS |
20 | </refnamediv> |
21 | ||
22 | <refsynopsisdiv> | |
23 | <para><filename>user@<replaceable>UID</replaceable>.service</filename></para> | |
24 | <para><filename>user-runtime-dir@<replaceable>UID</replaceable>.service</filename></para> | |
25 | <para><filename>user-<replaceable>UID</replaceable>.slice</filename></para> | |
26 | </refsynopsisdiv> | |
27 | ||
28 | <refsect1> | |
29 | <title>Description</title> | |
30 | ||
31 | <para>The | |
32 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
33 | system manager (PID 1) starts user manager instances as | |
34 | <filename>user@<replaceable>UID</replaceable>.service</filename>, where the user's numerical UID | |
35 | is used as the instance identifier. Each <command>systemd --user</command> instance manages a | |
36 | hierarchy of its own units. See | |
37 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> for | |
38 | a discussion of systemd units and | |
39 | <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
40 | for a list of units that form the basis of the unit hierarchies of system and user units.</para> | |
41 | ||
42 | <para><filename>user@<replaceable>UID</replaceable>.service</filename> is accompanied by the | |
43 | system unit <filename>user-runtime-dir@<replaceable>UID</replaceable>.service</filename>, which | |
44 | creates the user's runtime directory | |
45 | <filename>/run/user/<replaceable>UID</replaceable></filename>, and then removes it when this | |
46 | unit is stopped.</para> | |
47 | ||
48 | <para>User processes may be started by the <filename>user@.service</filename> instance, in which | |
49 | case they will be part of that unit in the system hierarchy. They may also be started elsewhere, | |
50 | for example by | |
51 | <citerefentry><refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum></citerefentry> or a | |
52 | display manager like <command>gdm</command>, in which case they form a .scope unit (see | |
53 | <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>). | |
54 | Both <filename>user@<replaceable>UID</replaceable>.service</filename> and the scope units are | |
55 | collected under a <filename>user-<replaceable>UID</replaceable>.slice</filename>.</para> | |
56 | ||
57 | <para>Individual <filename>user-<replaceable>UID</replaceable>.slice</filename> slices are | |
58 | collected under <filename>user.slice</filename>, see | |
59 | <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>8</manvolnum></citerefentry>. | |
60 | </para> | |
61 | </refsect1> | |
62 | ||
63 | <refsect1> | |
64 | <title>Controlling resources for logged-in users</title> | |
65 | ||
66 | <para>Options that control resources available to logged-in users can be configured at a few | |
67 | different levels. As described in the previous section, <filename>user.slice</filename> contains | |
68 | processes of all users, so any resource limits on that slice apply to all users together. The | |
69 | usual way to configure them would be through drop-ins, e.g. <filename | |
70 | noindex='true'>/etc/systemd/system/user.slice.d/resources.conf</filename>. | |
71 | </para> | |
72 | ||
73 | <para>The processes of a single user are collected under | |
74 | <filename>user-<replaceable>UID</replaceable>.slice</filename>. Resource limits for that user | |
75 | can be configured through drop-ins for that unit, e.g. <filename | |
76 | noindex='true'>/etc/systemd/system/user-1000.slice.d/resources.conf</filename>. If the limits | |
77 | should apply to all users instead, they may be configured through drop-ins for the truncated | |
78 | unit name, <filename>user-.slice</filename>. For example, configuration in <filename | |
79 | noindex='true'>/etc/systemd/system/user-.slice.d/resources.conf</filename> is included in all | |
80 | <filename>user-<replaceable>UID</replaceable>.slice</filename> units, see | |
81 | <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
82 | for a discussion of the drop-in mechanism.</para> | |
83 | ||
84 | <para>When a user logs in and a .scope unit is created for the session (see previous section), | |
85 | the creation of the scope may be managed through | |
86 | <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>. | |
87 | This PAM module communicates with | |
88 | <citerefentry><refentrytitle>systemd-logind</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
89 | to create the session scope and provide access to hardware resources. Resource limits for the | |
90 | scope may be configured through the PAM module configuration, see | |
91 | <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>. | |
92 | Configuring them through the normal unit configuration is also possible, but since | |
93 | the name of the slice unit is generally unpredictable, this is less useful.</para> | |
94 | ||
95 | <para>In general any resources that apply to units may be set for | |
96 | <filename>user@<replaceable>UID</replaceable>.service</filename> and the slice | |
97 | units discussed above, see | |
98 | <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
99 | for an overview.</para> | |
100 | </refsect1> | |
101 | ||
102 | <refsect1> | |
103 | <title>Examples</title> | |
104 | <example> | |
105 | <title>Hierarchy of control groups with two logged in users</title> | |
106 | ||
107 | <programlisting>$ systemd-cgls | |
108 | Control group /: | |
109 | -.slice | |
110 | ├─user.slice | |
111 | │ ├─user-1000.slice | |
112 | │ │ ├─user@1000.service | |
113 | │ │ │ ├─pulseaudio.service | |
114 | │ │ │ │ └─2386 /usr/bin/pulseaudio --daemonize=no | |
115 | │ │ │ └─gnome-terminal-server.service | |
116 | │ │ │ └─init.scope | |
117 | │ │ │ ├─ 4127 /usr/libexec/gnome-terminal-server | |
118 | │ │ │ └─ 4198 zsh | |
119 | │ │ … | |
120 | │ │ └─session-4.scope | |
121 | │ │ ├─ 1264 gdm-session-worker [pam/gdm-password] | |
122 | │ │ ├─ 2339 /usr/bin/gnome-shell | |
123 | │ │ … | |
124 | │ │ ├─session-19.scope | |
125 | │ │ ├─6497 sshd: zbyszek [priv] | |
126 | │ │ ├─6502 sshd: zbyszek@pts/6 | |
127 | │ │ ├─6509 -zsh | |
128 | │ │ └─6602 systemd-cgls --no-pager | |
129 | │ … | |
130 | │ └─user-1001.slice | |
131 | │ ├─session-20.scope | |
132 | │ │ ├─6675 sshd: guest [priv] | |
133 | │ │ ├─6708 sshd: guest@pts/6 | |
134 | │ │ └─6717 -bash | |
135 | │ └─user@1001.service | |
136 | │ ├─init.scope | |
137 | │ │ ├─6680 /usr/lib/systemd/systemd --user | |
138 | │ │ └─6688 (sd-pam) | |
139 | │ └─sleep.service | |
140 | │ └─6706 /usr/bin/sleep 30 | |
141 | …</programlisting> | |
142 | <para>User with UID 1000 is logged in using <command>gdm</command> (<filename | |
143 | noindex='true'>session-4.scope</filename>) and | |
144 | <citerefentry><refentrytitle>ssh</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
145 | (<filename noindex='true'>session-19.scope</filename>), and also has a user manager instance | |
146 | running (<filename noindex='true'>user@1000.service</filename>). User with UID 1001 is logged | |
147 | in using <command>ssh</command> (<filename noindex='true'>session-20.scope</filename>) and | |
148 | also has a user manager instance running (<filename | |
149 | noindex='true'>user@1001.service</filename>). Those are all (leaf) system units, and form | |
150 | part of the slice hierarchy, with <filename noindex='true'>user-1000.slice</filename> and | |
151 | <filename noindex='true'>user-1001.slice</filename> below <filename | |
152 | noindex='true'>user.slice</filename>. User units are visible below the | |
153 | <filename>user@.service</filename> instances (<filename | |
154 | noindex='true'>pulseaudio.service</filename>, <filename | |
155 | noindex='true'>gnome-terminal-server.service</filename>, <filename | |
156 | noindex='true'>init.scope</filename>, <filename noindex='true'>sleep.service</filename>). | |
157 | </para> | |
158 | </example> | |
159 | ||
160 | <example> | |
161 | <title>Default user resource limits</title> | |
162 | ||
163 | <programlisting>$ systemctl cat user-1000.slice | |
164 | # /usr/lib/systemd/system/user-.slice.d/10-defaults.conf | |
165 | # … | |
166 | [Unit] | |
167 | Description=User Slice of UID %j | |
168 | After=systemd-user-sessions.service | |
169 | ||
170 | [Slice] | |
171 | TasksMax=33%</programlisting> | |
172 | <para>The <filename>user-<replaceable>UID</replaceable>.slice</filename> units by default don't | |
173 | have a unit file. The resource limits are set through a drop-in, which can be easily replaced | |
174 | or extended following standard drop-in mechanisms discussed in the first section.</para> | |
175 | </example> | |
176 | </refsect1> | |
177 | ||
178 | <refsect1> | |
179 | <title>See Also</title> | |
180 | <para> | |
181 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
182 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
183 | <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
184 | <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
185 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
186 | <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>, | |
187 | <citerefentry project='man-pages'><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
188 | </para> | |
189 | </refsect1> | |
190 | </refentry> |