man/sd-login.xml

   1 <?xml version='1.0'?> <!--*-nxml-*-->
   2 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
   3   "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
   4
   5 <!--
   6   SPDX-License-Identifier: LGPL-2.1+
   7
   8   This file is part of systemd.
   9
  10   Copyright 2010 Lennart Poettering
  11 -->
  12
  13 <refentry id="sd-login" conditional='HAVE_PAM'
  14   xmlns:xi="http://www.w3.org/2001/XInclude">
  15
  16   <refentryinfo>
  17     <title>sd-login</title>
  18     <productname>systemd</productname>
  19
  20     <authorgroup>
  21       <author>
  22         <contrib>Developer</contrib>
  23         <firstname>Lennart</firstname>
  24         <surname>Poettering</surname>
  25         <email>lennart@poettering.net</email>
  26       </author>
  27     </authorgroup>
  28   </refentryinfo>
  29
  30   <refmeta>
  31     <refentrytitle>sd-login</refentrytitle>
  32     <manvolnum>3</manvolnum>
  33   </refmeta>
  34
  35   <refnamediv>
  36     <refname>sd-login</refname>
  37     <refpurpose>APIs for
  38     tracking logins</refpurpose>
  39   </refnamediv>
  40
  41   <refsynopsisdiv>
  42     <funcsynopsis>
  43       <funcsynopsisinfo>#include &lt;systemd/sd-login.h&gt;</funcsynopsisinfo>
  44     </funcsynopsis>
  45
  46     <cmdsynopsis>
  47       <command>pkg-config --cflags --libs libsystemd</command>
  48     </cmdsynopsis>
  49   </refsynopsisdiv>
  50
  51   <refsect1>
  52     <title>Description</title>
  53
  54     <para><filename>sd-login.h</filename> provides APIs to introspect
  55     and monitor seat, login session and user status information on the
  56     local system. </para>
  57
  58     <para>Note that these APIs only allow purely passive access and
  59     monitoring of seats, sessions and users. To actively make changes
  60     to the seat configuration, terminate login sessions, or switch
  61     session on a seat you need to utilize the D-Bus API of
  62     systemd-logind, instead.</para>
  63
  64     <para>These functions synchronously access data in
  65     <filename>/proc</filename>, <filename>/sys/fs/cgroup</filename>
  66     and <filename>/run</filename>. All of these are virtual file
  67     systems, hence the runtime cost of the accesses is relatively
  68     cheap.</para>
  69
  70     <para>It is possible (and often a very good choice) to mix calls
  71     to the synchronous interface of <filename>sd-login.h</filename>
  72     with the asynchronous D-Bus interface of systemd-logind. However,
  73     if this is done you need to think a bit about possible races since
  74     the stream of events from D-Bus and from
  75     <filename>sd-login.h</filename> interfaces such as the login
  76     monitor are asynchronous and not ordered against each
  77     other.</para>
  78
  79     <para>If the functions return string arrays, these are generally
  80     <constant>NULL</constant> terminated and need to be freed by the
  81     caller with the libc
  82     <citerefentry project='man-pages'><refentrytitle>free</refentrytitle><manvolnum>3</manvolnum></citerefentry>
  83     call after use, including the strings referenced therein.
  84     Similarly, individual strings returned need to be freed, as
  85     well.</para>
  86
  87     <para>As a special exception, instead of an empty string array
  88     <constant>NULL</constant> may be returned, which should be treated
  89     equivalent to an empty string array.</para>
  90
  91     <para>See
  92     <citerefentry><refentrytitle>sd_pid_get_session</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
  93     <citerefentry><refentrytitle>sd_uid_get_state</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
  94     <citerefentry><refentrytitle>sd_session_is_active</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
  95     <citerefentry><refentrytitle>sd_seat_get_active</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
  96     <citerefentry><refentrytitle>sd_get_seats</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
  97     <citerefentry><refentrytitle>sd_login_monitor_new</refentrytitle><manvolnum>3</manvolnum></citerefentry>
  98     for more information about the functions
  99     implemented.</para>
 100   </refsect1>
 101
 102   <refsect1>
 103     <title>Definition of Terms</title>
 104
 105     <variablelist>
 106       <varlistentry>
 107         <term>seat</term>
 108
 109         <listitem><para>A seat consists of all hardware devices assigned to a specific
 110         workplace. It consists of at least one graphics device, and usually also includes
 111         keyboard, mouse. It can also include video cameras, sound cards and more. Seats
 112         are identified by seat names, which are strings (&lt;= 255 characters), that start
 113         with the four characters <literal>seat</literal> followed by at least one
 114         character from the range [a-zA-Z0-9], <literal>_</literal> and
 115         <literal>-</literal>. They are suitable for use as file names. Seat names may or
 116         may not be stable and may be reused if a seat becomes available again.
 117         </para></listitem>
 118       </varlistentry>
 119
 120       <varlistentry>
 121         <term>session</term>
 122
 123         <listitem><para>A session is defined by the time a user is logged in until they
 124         log out. A session is bound to one or no seats (the latter for 'virtual' ssh
 125         logins). Multiple sessions can be attached to the same seat, but only one of them
 126         can be active, the others are in the background. A session is identified by a
 127         short string.</para>
 128
 129         <para>
 130         <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
 131         ensures that audit sessions are identical to systemd sessions, and uses the audit
 132         session ID as session ID in systemd (if auditing is enabled). In general the
 133         session identifier is a short string consisting only of [a-zA-Z0-9],
 134         <literal>_</literal> and <literal>-</literal>, suitable for use as a file name.
 135         Session IDs are unique on the local machine and are
 136         never reused as long as the machine is online. A user (the way we know it on UNIX)
 137         corresponds to the person using a computer. A single user can have multiple
 138         sessions open at the same time. A user is identified by a numeric user id (UID) or
 139         a user name (a string). A multi-session system allows multiple user sessions on
 140         the same seat at the same time. A multi-seat system allows multiple independent
 141         seats that can be individually and simultaneously used by different users.</para>
 142         </listitem>
 143       </varlistentry>
 144     </variablelist>
 145
 146     <para>All hardware devices that are eligible to being assigned to a seat, are assigned
 147     to one. A device can be assigned to only one seat at a time. If a device is not
 148     assigned to any particular other seat it is implicitly assigned to the special default
 149     seat called <literal>seat0</literal>.</para>
 150
 151     <para>Note that hardware like printers, hard disks or network cards is generally not
 152     assigned to a specific seat. They are available to all seats equally. (Well, with one
 153     exception: USB sticks can be assigned to a seat.)</para>
 154
 155     <para><literal>seat0</literal> always exists.</para>
 156   </refsect1>
 157
 158   <refsect1>
 159     <title>udev Rules</title>
 160
 161     <para>Assignment of hardware devices to seats is managed inside the udev database, via
 162     settings on the devices:</para>
 163
 164     <variablelist>
 165       <varlistentry>
 166         <term>Tag <literal>seat</literal></term>
 167
 168         <listitem><para>When set, a device is eligible to be assigned to a seat. This tag
 169         is set for graphics devices, mice, keyboards, video cards, sound cards and
 170         more. Note that some devices like sound cards consist of multiple subdevices
 171         (i.e. a PCM for input and another one for output). This tag will be set only for
 172         the originating device, not for the individual subdevices. A UI for configuring
 173         assignment of devices to seats should enumerate and subscribe to all devices with
 174         this tag set and show them in the UI. Note that USB hubs can be assigned to a seat
 175         as well, in which case all (current and future) devices plugged into it will also
 176         be assigned to the same seat (unless they are explicitly assigned to another
 177         seat).
 178         </para></listitem>
 179       </varlistentry>
 180
 181       <varlistentry>
 182         <term>Tag <literal>master-of-seat</literal></term>
 183
 184         <listitem><para>When set, this device is enough for a seat to be considered
 185         existent. This tag is usually set for the framebuffer device of graphics cards. A
 186         seat hence consists of an arbitrary number of devices marked with the
 187         <literal>seat</literal> tag, but (at least) one of these devices needs to be
 188         tagged with <literal>master-of-seat</literal> before the seat is actually
 189         considered to be around.</para></listitem>
 190       </varlistentry>
 191
 192       <varlistentry>
 193         <term>Property <varname>ID_SEAT</varname></term>
 194
 195         <listitem><para>This property specifies the name of the seat a specific device is
 196         assigned to. If not set the device is assigned to <literal>seat0</literal>. Also,
 197         to speed up enumeration of hardware belonging to a specific seat, the seat is also
 198         set as tag on the device. I.e. if the property
 199         <varname>ID_SEAT=seat-waldo</varname> is set for a device, the tag
 200         <literal>seat-waldo</literal> will be set as well. Note that if a device is
 201         assigned to <literal>seat0</literal>, it will usually not carry such a tag and you
 202         need to enumerate all devices and check the <varname>ID_SEAT</varname> property
 203         manually. Again, if a device is assigned to seat0 this is visible on the device in
 204         two ways: with a property <varname>ID_SEAT=seat0</varname> and with no property
 205         <varname>ID_SEAT</varname> set for it at all.</para></listitem>
 206       </varlistentry>
 207
 208       <varlistentry>
 209         <term>Property <varname>ID_AUTOSEAT</varname></term>
 210
 211         <listitem><para>When set to <literal>1</literal>, this device automatically
 212         generates a new and independent seat, which is named after the path of the
 213         device. This is set for specialized USB hubs like the Plugable devices, which when
 214         plugged in should create a hotplug seat without further configuration.</para>
 215         </listitem>
 216       </varlistentry>
 217
 218       <varlistentry>
 219         <term>Property <varname>ID_FOR_SEAT</varname></term>
 220
 221         <listitem><para>When creating additional (manual) seats starting from a graphics
 222         device this is a good choice to name the seat after. It is created from the path
 223         of the device. This is useful in UIs for configuring seats: as soon as you create
 224         a new seat from a graphics device, read this property and prefix it with
 225         <literal>seat-</literal> and use it as name for the seat.</para></listitem>
 226       </varlistentry>
 227     </variablelist>
 228
 229     <para>A seat exists only and exclusively because a properly tagged device with the
 230     right <varname>ID_SEAT</varname> property exists. Besides udev rules there is no
 231     persistent data about seats stored on disk.</para>
 232
 233     <para>Note that
 234     <citerefentry><refentrytitle>systemd-logind</refentrytitle><manvolnum>8</manvolnum></citerefentry>
 235     manages ACLs on a number of device classes, to allow user code to access the device
 236     nodes attached to a seat as long as the user has an active session on it. This is
 237     mostly transparent to applications. As mentioned above, for certain user software it
 238     might be a good idea to watch whether they can access device nodes instead of thinking
 239     about seats.</para>
 240   </refsect1>
 241
 242   <xi:include href="libsystemd-pkgconfig.xml" />
 243
 244   <refsect1>
 245     <title>See Also</title>
 246     <para>
 247       <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
 248       <citerefentry><refentrytitle>sd_pid_get_session</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 249       <citerefentry><refentrytitle>sd_uid_get_state</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 250       <citerefentry><refentrytitle>sd_session_is_active</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 251       <citerefentry><refentrytitle>sd_seat_get_active</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 252       <citerefentry><refentrytitle>sd_get_seats</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 253       <citerefentry><refentrytitle>sd_login_monitor_new</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 254       <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 255       <citerefentry project='die-net'><refentrytitle>pkg-config</refentrytitle><manvolnum>1</manvolnum></citerefentry>
 256     </para>
 257
 258     <para>
 259       <ulink url="https://www.freedesktop.org/wiki/Software/systemd/multiseat">Multi-Seat on Linux</ulink>
 260       for an introduction to multi-seat support on Linux and the background for this set of APIs.
 261     </para>
 262   </refsect1>
 263
 264 </refentry>