pam_systemd man page on LinuxMint

Man page or keyword search:  
man Server   4994 pages
apropos Keyword Search (all sections)
Output format
LinuxMint logo
[printable version]

PAM_SYSTEMD(8)			  pam_systemd			PAM_SYSTEMD(8)

NAME
       pam_systemd - Register user sessions in the systemd login manager

SYNOPSIS
       pam_systemd.so

DESCRIPTION
       pam_systemd registers user sessions in the systemd login manager
       systemd-logind.service(8), and hence the systemd control group
       hierarchy.

       On login, this module ensures the following:

	1. If it does not exist yet, the user runtime directory
	   /run/user/$USER is created and its ownership changed to the user
	   that is logging in.

	2. The $XDG_SESSION_ID environment variable is initialized. If
	   auditing is available and pam_loginuid.so run before this module
	   (which is highly recommended), the variable is initialized from the
	   auditing session id (/proc/self/sessionid). Otherwise an
	   independent session counter is used.

	3. A new control group /user/$USER/$XDG_SESSION_ID is created and the
	   login process moved into it.

       On logout, this module ensures the following:

	1. If $XDG_SESSION_ID is set and kill-session-processes=1 specified,
	   all remaining processes in the /user/$USER/$XDG_SESSION_ID control
	   group are killed and the control group is removed.

	2. If the last subgroup of the /user/$USER control group was removed
	   the $XDG_RUNTIME_DIR directory and all its contents are removed,
	   too.

       If the system was not booted up with systemd as init system, this
       module does nothing and immediately returns PAM_SUCCESS.

OPTIONS
       The following options are understood:

       kill-session-processes=
	   Takes a boolean argument. If true, all processes created by the
	   user during his session and from his session will be terminated
	   when he logs out from his session.

       kill-only-users=
	   Takes a comma separated list of user names or numeric user ids as
	   argument. If this option is used the effect of the
	   kill-session-processes= options will apply only to the listed
	   users. If this option is not used the option applies to all local
	   users. Note that kill-exclude-users= takes precedence over this
	   list and is hence subtracted from the list specified here.

       kill-exclude-users=
	   Takes a comma separated list of user names or numeric user ids as
	   argument. Users listed in this argument will not be subject to the
	   effect of kill-session-processes=. Note that this option takes
	   precedence over kill-only-users=, and hence whatever is listed for
	   kill-exclude-users= is guaranteed to never be killed by this PAM
	   module, independent of any other configuration setting.

       controllers=
	   Takes a comma separated list of control group controllers in which
	   hierarchies a user/session control group will be created by default
	   for each user logging in, in addition to the control group in the
	   named 'name=systemd' hierarchy. If omitted, defaults to an empty
	   list.

       reset-controllers=
	   Takes a comma separated list of control group controllers in which
	   hierarchies the logged in processes will be reset to the root
	   control group.

       class=
	   Takes a string argument which sets the session class. The
	   XDG_SESSION_CLASS environmental variable takes precedence.

       debug=
	   Takes a boolean argument. If yes, the module will log debugging
	   information as it operates.

       Note that setting kill-session-processes=1 will break tools like
       screen(1).

       Note that kill-session-processes=1 is a stricter version of
       KillUserProcesses=1 which may be configured system-wide in
       logind.conf(5). The former kills processes of a session as soon as it
       ends, the latter kills processes as soon as the last session of the
       user ends.

       If the options are omitted they default to kill-session-processes=0,
       kill-only-users=, kill-exclude-users=, controllers=,
       reset-controllers=, debug=no.

MODULE TYPES PROVIDED
       Only session is provided.

ENVIRONMENT
       The following environment variables are set for the processes of the
       user's session:

       $XDG_SESSION_ID
	   A session identifier, suitable to be used in file names. The string
	   itself should be considered opaque, although often it is just the
	   audit session ID as reported by /proc/self/sessionid. Each ID will
	   be assigned only once during machine uptime. It may hence be used
	   to uniquely label files or other resources of this session.

       $XDG_RUNTIME_DIR
	   Path to a user-private user-writable directory that is bound to the
	   user login time on the machine. It is automatically created the
	   first time a user logs in and removed on his final logout. If a
	   user logs in twice at the same time, both sessions will see the
	   same $XDG_RUNTIME_DIR and the same contents. If a user logs in
	   once, then logs out again, and logs in again, the directory
	   contents will have been lost in between, but applications should
	   not rely on this behavior and must be able to deal with stale
	   files. To store session-private data in this directory the user
	   should include the value of $XDG_SESSION_ID in the filename. This
	   directory shall be used for runtime file system objects such as
	   AF_UNIX sockets, FIFOs, PID files and similar. It is guaranteed
	   that this directory is local and offers the greatest possible file
	   system feature set the operating system provides.

EXAMPLE
	   #%PAM-1.0
	   auth	      required	   pam_unix.so
	   auth	      required	   pam_nologin.so
	   account    required	   pam_unix.so
	   password   required	   pam_unix.so
	   session    required	   pam_unix.so
	   session    required	   pam_loginuid.so
	   session    required	   pam_systemd.so kill-session-processes=1

SEE ALSO
       systemd(1), systemd-logind.service(8), logind.conf(5), loginctl(1),
       pam.conf(5), pam.d(5), pam(8), pam_loginuid(8)

systemd 204							PAM_SYSTEMD(8)
[top]

List of man pages available for LinuxMint

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net