2 <!DOCTYPE refentry PUBLIC
"-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
4 <!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
6 <refentry id=
"user_.service">
8 <title>user@.service
</title>
9 <productname>systemd
</productname>
13 <refentrytitle>user@.service
</refentrytitle>
14 <manvolnum>5</manvolnum>
18 <refname>user@.service
</refname>
19 <refname>user-runtime-dir@.service
</refname>
20 <refname>systemd-user-runtime-dir
</refname>
21 <refpurpose>System units to start the user manager
</refpurpose>
25 <para><filename>user@
<replaceable>UID
</replaceable>.service
</filename></para>
26 <para><filename>user-runtime-dir@
<replaceable>UID
</replaceable>.service
</filename></para>
27 <para><filename>/usr/lib/systemd/systemd-user-runtime-dir
</filename></para>
28 <para><filename>user-
<replaceable>UID
</replaceable>.slice
</filename></para>
32 <title>Description
</title>
34 <para>The
<citerefentry><refentrytitle>systemd
</refentrytitle><manvolnum>1</manvolnum></citerefentry>
35 system manager (PID
1) starts user manager instances as
36 <filename>user@
<replaceable>UID
</replaceable>.service
</filename>, with the user's numerical UID used as
37 the instance identifier. These instances use the same executable as the system manager, but running in a
38 mode where it starts a different set of units. Each
<command>systemd --user
</command> instance manages a
39 hierarchy of units specific to that user. See
40 <citerefentry><refentrytitle>systemd
</refentrytitle><manvolnum>1</manvolnum></citerefentry> for a
41 discussion of units and
42 <citerefentry><refentrytitle>systemd.special
</refentrytitle><manvolnum>7</manvolnum></citerefentry> for a
43 list of units that form the basis of the unit hierarchies of system and user units.
</para>
45 <para><filename>user@
<replaceable>UID
</replaceable>.service
</filename> is accompanied by the
46 system unit
<filename>user-runtime-dir@
<replaceable>UID
</replaceable>.service
</filename>, which
47 creates the user's runtime directory
48 <filename>/run/user/
<replaceable>UID
</replaceable></filename>, and then removes it when this
49 unit is stopped.
<filename>user-runtime-dir@
<replaceable>UID
</replaceable>.service
</filename>
50 executes the
<filename>systemd-user-runtime-dir
</filename> binary to do the actual work.
</para>
52 <para>User processes may be started by the
<filename>user@.service
</filename> instance, in which
53 case they will be part of that unit in the system hierarchy. They may also be started elsewhere,
55 <citerefentry project='die-net'
><refentrytitle>sshd
</refentrytitle><manvolnum>8</manvolnum></citerefentry> or a
56 display manager like
<command>gdm
</command>, in which case they form a .scope unit (see
57 <citerefentry><refentrytitle>systemd.scope
</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
58 Both
<filename>user@
<replaceable>UID
</replaceable>.service
</filename> and the scope units are
59 collected under the
<filename>user-
<replaceable>UID
</replaceable>.slice
</filename>.
</para>
61 <para>Individual
<filename>user-
<replaceable>UID
</replaceable>.slice
</filename> slices are
62 collected under
<filename>user.slice
</filename>, see
63 <citerefentry><refentrytitle>systemd.special
</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
68 <title>Controlling resources for logged-in users
</title>
70 <para>Options that control resources available to logged-in users can be configured at a few
71 different levels. As described in the previous section,
<filename>user.slice
</filename> contains
72 processes of all users, so any resource limits on that slice apply to all users together. The
73 usual way to configure them would be through drop-ins, e.g.
<filename
74 index=
"false">/etc/systemd/system/user.slice.d/resources.conf
</filename>.
77 <para>The processes of a single user are collected under
78 <filename>user-
<replaceable>UID
</replaceable>.slice
</filename>. Resource limits for that user
79 can be configured through drop-ins for that unit, e.g.
<filename
80 index=
"false">/etc/systemd/system/user-
1000.slice.d/resources.conf
</filename>. If the limits
81 should apply to all users instead, they may be configured through drop-ins for the truncated
82 unit name,
<filename>user-.slice
</filename>. For example, configuration in
<filename
83 index=
"false">/etc/systemd/system/user-.slice.d/resources.conf
</filename> is included in all
84 <filename>user-
<replaceable>UID
</replaceable>.slice
</filename> units, see
85 <citerefentry><refentrytitle>systemd.unit
</refentrytitle><manvolnum>5</manvolnum></citerefentry>
86 for a discussion of the drop-in mechanism.
</para>
88 <para>When a user logs in and a .scope unit is created for the session (see previous section),
89 the creation of the scope may be managed through
90 <citerefentry><refentrytitle>pam_systemd
</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
91 This PAM module communicates with
92 <citerefentry><refentrytitle>systemd-logind
</refentrytitle><manvolnum>8</manvolnum></citerefentry>
93 to create the session scope and provide access to hardware resources. Resource limits for the
94 scope may be configured through the PAM module configuration, see
95 <citerefentry><refentrytitle>pam_systemd
</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
96 Configuring them through the normal unit configuration is also possible, but since
97 the name of the slice unit is generally unpredictable, this is less useful.
</para>
99 <para>In general any resources that apply to units may be set for
100 <filename>user@
<replaceable>UID
</replaceable>.service
</filename> and the slice
101 units discussed above, see
102 <citerefentry><refentrytitle>systemd.resource-control
</refentrytitle><manvolnum>5</manvolnum></citerefentry>
103 for an overview.
</para>
107 <title>Examples
</title>
109 <title>Hierarchy of control groups with two logged in users
</title>
111 <programlisting>$ systemd-cgls
116 │ │ ├─user@
1000.service
117 │ │ │ ├─pulseaudio.service
118 │ │ │ │ └─
2386 /usr/bin/pulseaudio --daemonize=no
119 │ │ │ └─gnome-terminal-server.service
121 │ │ │ ├─
4127 /usr/libexec/gnome-terminal-server
124 │ │ └─session-
4.scope
125 │ │ ├─
1264 gdm-session-worker [pam/gdm-password]
126 │ │ ├─
2339 /usr/bin/gnome-shell
128 │ │ ├─session-
19.scope
129 │ │ ├─
6497 sshd: zbyszek [priv]
130 │ │ ├─
6502 sshd: zbyszek@pts/
6
132 │ │ └─
6602 systemd-cgls --no-pager
136 │ │ ├─
6675 sshd: guest [priv]
137 │ │ ├─
6708 sshd: guest@pts/
6
139 │ └─user@
1001.service
141 │ │ ├─
6680 /usr/lib/systemd/systemd --user
144 │ └─
6706 /usr/bin/sleep
30
146 <para>User with UID
1000 is logged in using
<command>gdm
</command> (
<filename
147 index=
"false">session-
4.scope
</filename>) and
148 <citerefentry project='die-net'
><refentrytitle>ssh
</refentrytitle><manvolnum>1</manvolnum></citerefentry>
149 (
<filename index=
"false">session-
19.scope
</filename>), and also has a user manager instance
150 running (
<filename index=
"false">user@
1000.service
</filename>). User with UID
1001 is logged
151 in using
<command>ssh
</command> (
<filename index=
"false">session-
20.scope
</filename>) and
152 also has a user manager instance running (
<filename
153 index=
"false">user@
1001.service
</filename>). Those are all (leaf) system units, and form
154 part of the slice hierarchy, with
<filename index=
"false">user-
1000.slice
</filename> and
155 <filename index=
"false">user-
1001.slice
</filename> below
<filename
156 index=
"false">user.slice
</filename>. User units are visible below the
157 <filename>user@.service
</filename> instances (
<filename
158 index=
"false">pulseaudio.service
</filename>,
<filename
159 index=
"false">gnome-terminal-server.service
</filename>,
<filename
160 index=
"false">init.scope
</filename>,
<filename index=
"false">sleep.service
</filename>).
165 <title>Default user resource limits
</title>
167 <programlisting>$ systemctl cat user-
1000.slice
168 # /usr/lib/systemd/system/user-.slice.d/
10-defaults.conf
171 Description=User Slice of UID %j
172 After=systemd-user-sessions.service
175 TasksMax=
33%
</programlisting>
176 <para>The
<filename>user-
<replaceable>UID
</replaceable>.slice
</filename> units by default don't
177 have a unit file. The resource limits are set through a drop-in, which can be easily replaced
178 or extended following standard drop-in mechanisms discussed in the first section.
</para>
183 <title>See Also
</title>
184 <para><simplelist type=
"inline">
185 <member><citerefentry><refentrytitle>systemd
</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
186 <member><citerefentry><refentrytitle>systemd.service
</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
187 <member><citerefentry><refentrytitle>systemd.slice
</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
188 <member><citerefentry><refentrytitle>systemd.resource-control
</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
189 <member><citerefentry><refentrytitle>systemd.exec
</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
190 <member><citerefentry><refentrytitle>systemd.special
</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
191 <member><citerefentry project='man-pages'
><refentrytitle>pam
</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>