| <?xml version="1.0"?> |
| <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" |
| "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> |
| <!-- SPDX-License-Identifier: LGPL-2.1+ --> |
| |
| <refentry id="user@.service"> |
| <refentryinfo> |
| <title>user@.service</title> |
| <productname>systemd</productname> |
| </refentryinfo> |
| |
| <refmeta> |
| <refentrytitle>user@.service</refentrytitle> |
| <manvolnum>5</manvolnum> |
| </refmeta> |
| |
| <refnamediv> |
| <refname>user@.service</refname> |
| <refname>user-runtime-dir@.service</refname> |
| <refname>systemd-user-runtime-dir</refname> |
| <refpurpose>System units to start the user manager</refpurpose> |
| </refnamediv> |
| |
| <refsynopsisdiv> |
| <para><filename>user@<replaceable>UID</replaceable>.service</filename></para> |
| <para><filename>user-runtime-dir@<replaceable>UID</replaceable>.service</filename></para> |
| <para><filename>/usr/lib/systemd/systemd-user-runtime-dir</filename></para> |
| <para><filename>user-<replaceable>UID</replaceable>.slice</filename></para> |
| </refsynopsisdiv> |
| |
| <refsect1> |
| <title>Description</title> |
| |
| <para>The <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> |
| system manager (PID 1) starts user manager instances as |
| <filename>user@<replaceable>UID</replaceable>.service</filename>, with the user's numerical UID used as |
| the instance identifier. These instances use the same executable as the system manager, but running in a |
| mode where it starts a different set of units. Each <command>systemd --user</command> instance manages a |
| hierarchy of units specific to that user. See |
| <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> for a |
| discussion of units and |
| <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry> for a |
| list of units that form the basis of the unit hierarchies of system and user units.</para> |
| |
| <para><filename>user@<replaceable>UID</replaceable>.service</filename> is accompanied by the |
| system unit <filename>user-runtime-dir@<replaceable>UID</replaceable>.service</filename>, which |
| creates the user's runtime directory |
| <filename>/run/user/<replaceable>UID</replaceable></filename>, and then removes it when this |
| unit is stopped. <filename>user-runtime-dir@<replaceable>UID</replaceable>.service</filename> |
| executes the <filename>systemd-user-runtime-dir</filename> binary to do the actual work.</para> |
| |
| <para>User processes may be started by the <filename>user@.service</filename> instance, in which |
| case they will be part of that unit in the system hierarchy. They may also be started elsewhere, |
| for example by |
| <citerefentry project='die-net'><refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum></citerefentry> or a |
| display manager like <command>gdm</command>, in which case they form a .scope unit (see |
| <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>). |
| Both <filename>user@<replaceable>UID</replaceable>.service</filename> and the scope units are |
| collected under the <filename>user-<replaceable>UID</replaceable>.slice</filename>.</para> |
| |
| <para>Individual <filename>user-<replaceable>UID</replaceable>.slice</filename> slices are |
| collected under <filename>user.slice</filename>, see |
| <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>. |
| </para> |
| </refsect1> |
| |
| <refsect1> |
| <title>Controlling resources for logged-in users</title> |
| |
| <para>Options that control resources available to logged-in users can be configured at a few |
| different levels. As described in the previous section, <filename>user.slice</filename> contains |
| processes of all users, so any resource limits on that slice apply to all users together. The |
| usual way to configure them would be through drop-ins, e.g. <filename |
| index="false">/etc/systemd/system/user.slice.d/resources.conf</filename>. |
| </para> |
| |
| <para>The processes of a single user are collected under |
| <filename>user-<replaceable>UID</replaceable>.slice</filename>. Resource limits for that user |
| can be configured through drop-ins for that unit, e.g. <filename |
| index="false">/etc/systemd/system/user-1000.slice.d/resources.conf</filename>. If the limits |
| should apply to all users instead, they may be configured through drop-ins for the truncated |
| unit name, <filename>user-.slice</filename>. For example, configuration in <filename |
| index="false">/etc/systemd/system/user-.slice.d/resources.conf</filename> is included in all |
| <filename>user-<replaceable>UID</replaceable>.slice</filename> units, see |
| <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
| for a discussion of the drop-in mechanism.</para> |
| |
| <para>When a user logs in and a .scope unit is created for the session (see previous section), |
| the creation of the scope may be managed through |
| <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>. |
| This PAM module communicates with |
| <citerefentry><refentrytitle>systemd-logind</refentrytitle><manvolnum>8</manvolnum></citerefentry> |
| to create the session scope and provide access to hardware resources. Resource limits for the |
| scope may be configured through the PAM module configuration, see |
| <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>. |
| Configuring them through the normal unit configuration is also possible, but since |
| the name of the slice unit is generally unpredictable, this is less useful.</para> |
| |
| <para>In general any resources that apply to units may be set for |
| <filename>user@<replaceable>UID</replaceable>.service</filename> and the slice |
| units discussed above, see |
| <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
| for an overview.</para> |
| </refsect1> |
| |
| <refsect1> |
| <title>Examples</title> |
| <example> |
| <title>Hierarchy of control groups with two logged in users</title> |
| |
| <programlisting>$ systemd-cgls |
| Control group /: |
| -.slice |
| ├─user.slice |
| │ ├─user-1000.slice |
| │ │ ├─user@1000.service |
| │ │ │ ├─pulseaudio.service |
| │ │ │ │ └─2386 /usr/bin/pulseaudio --daemonize=no |
| │ │ │ └─gnome-terminal-server.service |
| │ │ │ └─init.scope |
| │ │ │ ├─ 4127 /usr/libexec/gnome-terminal-server |
| │ │ │ └─ 4198 zsh |
| │ │ … |
| │ │ └─session-4.scope |
| │ │ ├─ 1264 gdm-session-worker [pam/gdm-password] |
| │ │ ├─ 2339 /usr/bin/gnome-shell |
| │ │ … |
| │ │ ├─session-19.scope |
| │ │ ├─6497 sshd: zbyszek [priv] |
| │ │ ├─6502 sshd: zbyszek@pts/6 |
| │ │ ├─6509 -zsh |
| │ │ └─6602 systemd-cgls --no-pager |
| │ … |
| │ └─user-1001.slice |
| │ ├─session-20.scope |
| │ │ ├─6675 sshd: guest [priv] |
| │ │ ├─6708 sshd: guest@pts/6 |
| │ │ └─6717 -bash |
| │ └─user@1001.service |
| │ ├─init.scope |
| │ │ ├─6680 /usr/lib/systemd/systemd --user |
| │ │ └─6688 (sd-pam) |
| │ └─sleep.service |
| │ └─6706 /usr/bin/sleep 30 |
| …</programlisting> |
| <para>User with UID 1000 is logged in using <command>gdm</command> (<filename |
| index="false">session-4.scope</filename>) and |
| <citerefentry project='die-net'><refentrytitle>ssh</refentrytitle><manvolnum>1</manvolnum></citerefentry> |
| (<filename index="false">session-19.scope</filename>), and also has a user manager instance |
| running (<filename index="false">user@1000.service</filename>). User with UID 1001 is logged |
| in using <command>ssh</command> (<filename index="false">session-20.scope</filename>) and |
| also has a user manager instance running (<filename |
| index="false">user@1001.service</filename>). Those are all (leaf) system units, and form |
| part of the slice hierarchy, with <filename index="false">user-1000.slice</filename> and |
| <filename index="false">user-1001.slice</filename> below <filename |
| index="false">user.slice</filename>. User units are visible below the |
| <filename>user@.service</filename> instances (<filename |
| index="false">pulseaudio.service</filename>, <filename |
| index="false">gnome-terminal-server.service</filename>, <filename |
| index="false">init.scope</filename>, <filename index="false">sleep.service</filename>). |
| </para> |
| </example> |
| |
| <example> |
| <title>Default user resource limits</title> |
| |
| <programlisting>$ systemctl cat user-1000.slice |
| # /usr/lib/systemd/system/user-.slice.d/10-defaults.conf |
| # … |
| [Unit] |
| Description=User Slice of UID %j |
| After=systemd-user-sessions.service |
| |
| [Slice] |
| TasksMax=33%</programlisting> |
| <para>The <filename>user-<replaceable>UID</replaceable>.slice</filename> units by default don't |
| have a unit file. The resource limits are set through a drop-in, which can be easily replaced |
| or extended following standard drop-in mechanisms discussed in the first section.</para> |
| </example> |
| </refsect1> |
| |
| <refsect1> |
| <title>See Also</title> |
| <para> |
| <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>, |
| <citerefentry project='man-pages'><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry> |
| </para> |
| </refsect1> |
| </refentry> |