blob: b9d1461404319e818a44ded815211efa2ea19888 [file] [log] [blame] [raw]
<?xml version="1.0"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1+ -->
<refentry id="user@.service">
<refentryinfo>
<title>user@.service</title>
<productname>systemd</productname>
</refentryinfo>
<refmeta>
<refentrytitle>user@.service</refentrytitle>
<manvolnum>5</manvolnum>
</refmeta>
<refnamediv>
<refname>user@.service</refname>
<refname>user-runtime-dir@.service</refname>
<refname>systemd-user-runtime-dir</refname>
<refpurpose>System units to start the user manager</refpurpose>
</refnamediv>
<refsynopsisdiv>
<para><filename>user@<replaceable>UID</replaceable>.service</filename></para>
<para><filename>user-runtime-dir@<replaceable>UID</replaceable>.service</filename></para>
<para><filename>/usr/lib/systemd/systemd-user-runtime-dir</filename></para>
<para><filename>user-<replaceable>UID</replaceable>.slice</filename></para>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
<para>The <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
system manager (PID 1) starts user manager instances as
<filename>user@<replaceable>UID</replaceable>.service</filename>, with the user's numerical UID used as
the instance identifier. These instances use the same executable as the system manager, but running in a
mode where it starts a different set of units. Each <command>systemd --user</command> instance manages a
hierarchy of units specific to that user. See
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> for a
discussion of units and
<citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry> for a
list of units that form the basis of the unit hierarchies of system and user units.</para>
<para><filename>user@<replaceable>UID</replaceable>.service</filename> is accompanied by the
system unit <filename>user-runtime-dir@<replaceable>UID</replaceable>.service</filename>, which
creates the user's runtime directory
<filename>/run/user/<replaceable>UID</replaceable></filename>, and then removes it when this
unit is stopped. <filename>user-runtime-dir@<replaceable>UID</replaceable>.service</filename>
executes the <filename>systemd-user-runtime-dir</filename> binary to do the actual work.</para>
<para>User processes may be started by the <filename>user@.service</filename> instance, in which
case they will be part of that unit in the system hierarchy. They may also be started elsewhere,
for example by
<citerefentry project='die-net'><refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum></citerefentry> or a
display manager like <command>gdm</command>, in which case they form a .scope unit (see
<citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
Both <filename>user@<replaceable>UID</replaceable>.service</filename> and the scope units are
collected under the <filename>user-<replaceable>UID</replaceable>.slice</filename>.</para>
<para>Individual <filename>user-<replaceable>UID</replaceable>.slice</filename> slices are
collected under <filename>user.slice</filename>, see
<citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
</para>
</refsect1>
<refsect1>
<title>Controlling resources for logged-in users</title>
<para>Options that control resources available to logged-in users can be configured at a few
different levels. As described in the previous section, <filename>user.slice</filename> contains
processes of all users, so any resource limits on that slice apply to all users together. The
usual way to configure them would be through drop-ins, e.g. <filename
index="false">/etc/systemd/system/user.slice.d/resources.conf</filename>.
</para>
<para>The processes of a single user are collected under
<filename>user-<replaceable>UID</replaceable>.slice</filename>. Resource limits for that user
can be configured through drop-ins for that unit, e.g. <filename
index="false">/etc/systemd/system/user-1000.slice.d/resources.conf</filename>. If the limits
should apply to all users instead, they may be configured through drop-ins for the truncated
unit name, <filename>user-.slice</filename>. For example, configuration in <filename
index="false">/etc/systemd/system/user-.slice.d/resources.conf</filename> is included in all
<filename>user-<replaceable>UID</replaceable>.slice</filename> units, see
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for a discussion of the drop-in mechanism.</para>
<para>When a user logs in and a .scope unit is created for the session (see previous section),
the creation of the scope may be managed through
<citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
This PAM module communicates with
<citerefentry><refentrytitle>systemd-logind</refentrytitle><manvolnum>8</manvolnum></citerefentry>
to create the session scope and provide access to hardware resources. Resource limits for the
scope may be configured through the PAM module configuration, see
<citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
Configuring them through the normal unit configuration is also possible, but since
the name of the slice unit is generally unpredictable, this is less useful.</para>
<para>In general any resources that apply to units may be set for
<filename>user@<replaceable>UID</replaceable>.service</filename> and the slice
units discussed above, see
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for an overview.</para>
</refsect1>
<refsect1>
<title>Examples</title>
<example>
<title>Hierarchy of control groups with two logged in users</title>
<programlisting>$ systemd-cgls
Control group /:
-.slice
├─user.slice
│ ├─user-1000.slice
│ │ ├─user@1000.service
│ │ │ ├─pulseaudio.service
│ │ │ │ └─2386 /usr/bin/pulseaudio --daemonize=no
│ │ │ └─gnome-terminal-server.service
│ │ │ └─init.scope
│ │ │ ├─ 4127 /usr/libexec/gnome-terminal-server
│ │ │ └─ 4198 zsh
│ │ …
│ │ └─session-4.scope
│ │ ├─ 1264 gdm-session-worker [pam/gdm-password]
│ │ ├─ 2339 /usr/bin/gnome-shell
│ │ …
│ │ ├─session-19.scope
│ │ ├─6497 sshd: zbyszek [priv]
│ │ ├─6502 sshd: zbyszek@pts/6
│ │ ├─6509 -zsh
│ │ └─6602 systemd-cgls --no-pager
│ …
│ └─user-1001.slice
│ ├─session-20.scope
│ │ ├─6675 sshd: guest [priv]
│ │ ├─6708 sshd: guest@pts/6
│ │ └─6717 -bash
│ └─user@1001.service
│ ├─init.scope
│ │ ├─6680 /usr/lib/systemd/systemd --user
│ │ └─6688 (sd-pam)
│ └─sleep.service
│ └─6706 /usr/bin/sleep 30
</programlisting>
<para>User with UID 1000 is logged in using <command>gdm</command> (<filename
index="false">session-4.scope</filename>) and
<citerefentry project='die-net'><refentrytitle>ssh</refentrytitle><manvolnum>1</manvolnum></citerefentry>
(<filename index="false">session-19.scope</filename>), and also has a user manager instance
running (<filename index="false">user@1000.service</filename>). User with UID 1001 is logged
in using <command>ssh</command> (<filename index="false">session-20.scope</filename>) and
also has a user manager instance running (<filename
index="false">user@1001.service</filename>). Those are all (leaf) system units, and form
part of the slice hierarchy, with <filename index="false">user-1000.slice</filename> and
<filename index="false">user-1001.slice</filename> below <filename
index="false">user.slice</filename>. User units are visible below the
<filename>user@.service</filename> instances (<filename
index="false">pulseaudio.service</filename>, <filename
index="false">gnome-terminal-server.service</filename>, <filename
index="false">init.scope</filename>, <filename index="false">sleep.service</filename>).
</para>
</example>
<example>
<title>Default user resource limits</title>
<programlisting>$ systemctl cat user-1000.slice
# /usr/lib/systemd/system/user-.slice.d/10-defaults.conf
# …
[Unit]
Description=User Slice of UID %j
After=systemd-user-sessions.service
[Slice]
TasksMax=33%</programlisting>
<para>The <filename>user-<replaceable>UID</replaceable>.slice</filename> units by default don't
have a unit file. The resource limits are set through a drop-in, which can be easily replaced
or extended following standard drop-in mechanisms discussed in the first section.</para>
</example>
</refsect1>
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
<citerefentry project='man-pages'><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>
</para>
</refsect1>
</refentry>