]>
Commit | Line | Data |
---|---|---|
a99655b0 | 1 | <?xml version="1.0"?> |
3a54a157 ZJS |
2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" |
3 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> | |
a99655b0 ZJS |
4 | <!-- SPDX-License-Identifier: LGPL-2.1+ --> |
5 | ||
6 | <refentry id="user@.service"> | |
7 | <refentryinfo> | |
8 | <title>user@.service</title> | |
9 | <productname>systemd</productname> | |
10 | </refentryinfo> | |
11 | ||
12 | <refmeta> | |
13 | <refentrytitle>user@.service</refentrytitle> | |
14 | <manvolnum>5</manvolnum> | |
15 | </refmeta> | |
16 | ||
17 | <refnamediv> | |
18 | <refname>user@.service</refname> | |
19 | <refname>user-runtime-dir@.service</refname> | |
bc210346 | 20 | <refpurpose>System units to manage user processes</refpurpose> |
a99655b0 ZJS |
21 | </refnamediv> |
22 | ||
23 | <refsynopsisdiv> | |
24 | <para><filename>user@<replaceable>UID</replaceable>.service</filename></para> | |
25 | <para><filename>user-runtime-dir@<replaceable>UID</replaceable>.service</filename></para> | |
26 | <para><filename>user-<replaceable>UID</replaceable>.slice</filename></para> | |
27 | </refsynopsisdiv> | |
28 | ||
29 | <refsect1> | |
30 | <title>Description</title> | |
31 | ||
32 | <para>The | |
33 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
34 | system manager (PID 1) starts user manager instances as | |
35 | <filename>user@<replaceable>UID</replaceable>.service</filename>, where the user's numerical UID | |
36 | is used as the instance identifier. Each <command>systemd --user</command> instance manages a | |
37 | hierarchy of its own units. See | |
38 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> for | |
39 | a discussion of systemd units and | |
40 | <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
41 | for a list of units that form the basis of the unit hierarchies of system and user units.</para> | |
42 | ||
43 | <para><filename>user@<replaceable>UID</replaceable>.service</filename> is accompanied by the | |
44 | system unit <filename>user-runtime-dir@<replaceable>UID</replaceable>.service</filename>, which | |
45 | creates the user's runtime directory | |
46 | <filename>/run/user/<replaceable>UID</replaceable></filename>, and then removes it when this | |
47 | unit is stopped.</para> | |
48 | ||
49 | <para>User processes may be started by the <filename>user@.service</filename> instance, in which | |
50 | case they will be part of that unit in the system hierarchy. They may also be started elsewhere, | |
51 | for example by | |
62641751 | 52 | <citerefentry project='die-net'><refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum></citerefentry> or a |
a99655b0 ZJS |
53 | display manager like <command>gdm</command>, in which case they form a .scope unit (see |
54 | <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>). | |
55 | Both <filename>user@<replaceable>UID</replaceable>.service</filename> and the scope units are | |
56 | collected under a <filename>user-<replaceable>UID</replaceable>.slice</filename>.</para> | |
57 | ||
58 | <para>Individual <filename>user-<replaceable>UID</replaceable>.slice</filename> slices are | |
59 | collected under <filename>user.slice</filename>, see | |
60 | <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>8</manvolnum></citerefentry>. | |
61 | </para> | |
62 | </refsect1> | |
63 | ||
64 | <refsect1> | |
65 | <title>Controlling resources for logged-in users</title> | |
66 | ||
67 | <para>Options that control resources available to logged-in users can be configured at a few | |
68 | different levels. As described in the previous section, <filename>user.slice</filename> contains | |
69 | processes of all users, so any resource limits on that slice apply to all users together. The | |
70 | usual way to configure them would be through drop-ins, e.g. <filename | |
b0343f8c | 71 | index="false">/etc/systemd/system/user.slice.d/resources.conf</filename>. |
a99655b0 ZJS |
72 | </para> |
73 | ||
74 | <para>The processes of a single user are collected under | |
75 | <filename>user-<replaceable>UID</replaceable>.slice</filename>. Resource limits for that user | |
76 | can be configured through drop-ins for that unit, e.g. <filename | |
b0343f8c | 77 | index="false">/etc/systemd/system/user-1000.slice.d/resources.conf</filename>. If the limits |
a99655b0 ZJS |
78 | should apply to all users instead, they may be configured through drop-ins for the truncated |
79 | unit name, <filename>user-.slice</filename>. For example, configuration in <filename | |
b0343f8c | 80 | index="false">/etc/systemd/system/user-.slice.d/resources.conf</filename> is included in all |
a99655b0 ZJS |
81 | <filename>user-<replaceable>UID</replaceable>.slice</filename> units, see |
82 | <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
83 | for a discussion of the drop-in mechanism.</para> | |
84 | ||
85 | <para>When a user logs in and a .scope unit is created for the session (see previous section), | |
86 | the creation of the scope may be managed through | |
87 | <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>. | |
88 | This PAM module communicates with | |
89 | <citerefentry><refentrytitle>systemd-logind</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
90 | to create the session scope and provide access to hardware resources. Resource limits for the | |
91 | scope may be configured through the PAM module configuration, see | |
92 | <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>. | |
93 | Configuring them through the normal unit configuration is also possible, but since | |
94 | the name of the slice unit is generally unpredictable, this is less useful.</para> | |
95 | ||
96 | <para>In general any resources that apply to units may be set for | |
97 | <filename>user@<replaceable>UID</replaceable>.service</filename> and the slice | |
98 | units discussed above, see | |
99 | <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
100 | for an overview.</para> | |
101 | </refsect1> | |
102 | ||
103 | <refsect1> | |
104 | <title>Examples</title> | |
105 | <example> | |
106 | <title>Hierarchy of control groups with two logged in users</title> | |
107 | ||
108 | <programlisting>$ systemd-cgls | |
109 | Control group /: | |
110 | -.slice | |
111 | ├─user.slice | |
112 | │ ├─user-1000.slice | |
113 | │ │ ├─user@1000.service | |
114 | │ │ │ ├─pulseaudio.service | |
115 | │ │ │ │ └─2386 /usr/bin/pulseaudio --daemonize=no | |
116 | │ │ │ └─gnome-terminal-server.service | |
117 | │ │ │ └─init.scope | |
118 | │ │ │ ├─ 4127 /usr/libexec/gnome-terminal-server | |
119 | │ │ │ └─ 4198 zsh | |
120 | │ │ … | |
121 | │ │ └─session-4.scope | |
122 | │ │ ├─ 1264 gdm-session-worker [pam/gdm-password] | |
123 | │ │ ├─ 2339 /usr/bin/gnome-shell | |
124 | │ │ … | |
125 | │ │ ├─session-19.scope | |
126 | │ │ ├─6497 sshd: zbyszek [priv] | |
127 | │ │ ├─6502 sshd: zbyszek@pts/6 | |
128 | │ │ ├─6509 -zsh | |
129 | │ │ └─6602 systemd-cgls --no-pager | |
130 | │ … | |
131 | │ └─user-1001.slice | |
132 | │ ├─session-20.scope | |
133 | │ │ ├─6675 sshd: guest [priv] | |
134 | │ │ ├─6708 sshd: guest@pts/6 | |
135 | │ │ └─6717 -bash | |
136 | │ └─user@1001.service | |
137 | │ ├─init.scope | |
138 | │ │ ├─6680 /usr/lib/systemd/systemd --user | |
139 | │ │ └─6688 (sd-pam) | |
140 | │ └─sleep.service | |
141 | │ └─6706 /usr/bin/sleep 30 | |
142 | …</programlisting> | |
143 | <para>User with UID 1000 is logged in using <command>gdm</command> (<filename | |
b0343f8c | 144 | index="false">session-4.scope</filename>) and |
62641751 | 145 | <citerefentry project='die-net'><refentrytitle>ssh</refentrytitle><manvolnum>1</manvolnum></citerefentry> |
b0343f8c ZJS |
146 | (<filename index="false">session-19.scope</filename>), and also has a user manager instance |
147 | running (<filename index="false">user@1000.service</filename>). User with UID 1001 is logged | |
148 | in using <command>ssh</command> (<filename index="false">session-20.scope</filename>) and | |
a99655b0 | 149 | also has a user manager instance running (<filename |
b0343f8c ZJS |
150 | index="false">user@1001.service</filename>). Those are all (leaf) system units, and form |
151 | part of the slice hierarchy, with <filename index="false">user-1000.slice</filename> and | |
152 | <filename index="false">user-1001.slice</filename> below <filename | |
153 | index="false">user.slice</filename>. User units are visible below the | |
a99655b0 | 154 | <filename>user@.service</filename> instances (<filename |
b0343f8c ZJS |
155 | index="false">pulseaudio.service</filename>, <filename |
156 | index="false">gnome-terminal-server.service</filename>, <filename | |
157 | index="false">init.scope</filename>, <filename index="false">sleep.service</filename>). | |
a99655b0 ZJS |
158 | </para> |
159 | </example> | |
160 | ||
161 | <example> | |
162 | <title>Default user resource limits</title> | |
163 | ||
164 | <programlisting>$ systemctl cat user-1000.slice | |
165 | # /usr/lib/systemd/system/user-.slice.d/10-defaults.conf | |
166 | # … | |
167 | [Unit] | |
168 | Description=User Slice of UID %j | |
169 | After=systemd-user-sessions.service | |
170 | ||
171 | [Slice] | |
172 | TasksMax=33%</programlisting> | |
173 | <para>The <filename>user-<replaceable>UID</replaceable>.slice</filename> units by default don't | |
174 | have a unit file. The resource limits are set through a drop-in, which can be easily replaced | |
175 | or extended following standard drop-in mechanisms discussed in the first section.</para> | |
176 | </example> | |
177 | </refsect1> | |
178 | ||
179 | <refsect1> | |
180 | <title>See Also</title> | |
181 | <para> | |
182 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
183 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
184 | <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
185 | <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
186 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
187 | <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>, | |
188 | <citerefentry project='man-pages'><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
189 | </para> | |
190 | </refsect1> | |
191 | </refentry> |