From a99655b0521cb9ede20e8d21622280dcfbdd02c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 20 Jul 2018 15:49:57 +0200 Subject: [PATCH] man: add a description of user@.service, user-runtime-dir@.service, user-*.slice Fixes #9590. --- man/rules/meson.build | 1 + man/systemd.special.xml | 3 +- man/user@.service.xml | 190 +++++++++++++++++++++++++++ units/user-.slice.d/10-defaults.conf | 1 + units/user-runtime-dir@.service.in | 1 + units/user@.service.in | 1 + 6 files changed, 196 insertions(+), 1 deletion(-) create mode 100644 man/user@.service.xml diff --git a/man/rules/meson.build b/man/rules/meson.build index 9673ef8886..35bc1743d9 100644 --- a/man/rules/meson.build +++ b/man/rules/meson.build @@ -842,6 +842,7 @@ manpages = [ ''], ['udev_new', '3', ['udev_ref', 'udev_unref'], ''], ['udevadm', '8', [], ''], + ['user@.service', '5', ['user-runtime-dir@.service'], ''], ['vconsole.conf', '5', [], 'ENABLE_VCONSOLE'] ] # Really, do not edit. diff --git a/man/systemd.special.xml b/man/systemd.special.xml index 9e1ebe84ca..38006c6abd 100644 --- a/man/systemd.special.xml +++ b/man/systemd.special.xml @@ -1075,7 +1075,8 @@ systemd.target5, systemd.slice5, bootup7, - systemd-fstab-generator8 + systemd-fstab-generator8, + user@.service5 diff --git a/man/user@.service.xml b/man/user@.service.xml new file mode 100644 index 0000000000..fc9c3e786c --- /dev/null +++ b/man/user@.service.xml @@ -0,0 +1,190 @@ + + + + + + + user@.service + systemd + + + + user@.service + 5 + + + + user@.service + user-runtime-dir@.service + System units to manager user processes + + + + user@UID.service + user-runtime-dir@UID.service + user-UID.slice + + + + Description + + The + systemd1 + system manager (PID 1) starts user manager instances as + user@UID.service, where the user's numerical UID + is used as the instance identifier. Each systemd --user instance manages a + hierarchy of its own units. See + systemd1 for + a discussion of systemd units and + systemd.special1 + for a list of units that form the basis of the unit hierarchies of system and user units. + + user@UID.service is accompanied by the + system unit user-runtime-dir@UID.service, which + creates the user's runtime directory + /run/user/UID, and then removes it when this + unit is stopped. + + User processes may be started by the user@.service instance, in which + case they will be part of that unit in the system hierarchy. They may also be started elsewhere, + for example by + sshd8 or a + display manager like gdm, in which case they form a .scope unit (see + systemd.scope5). + Both user@UID.service and the scope units are + collected under a user-UID.slice. + + Individual user-UID.slice slices are + collected under user.slice, see + systemd.special8. + + + + + Controlling resources for logged-in users + + Options that control resources available to logged-in users can be configured at a few + different levels. As described in the previous section, user.slice contains + processes of all users, so any resource limits on that slice apply to all users together. The + usual way to configure them would be through drop-ins, e.g. /etc/systemd/system/user.slice.d/resources.conf. + + + The processes of a single user are collected under + user-UID.slice. Resource limits for that user + can be configured through drop-ins for that unit, e.g. /etc/systemd/system/user-1000.slice.d/resources.conf. If the limits + should apply to all users instead, they may be configured through drop-ins for the truncated + unit name, user-.slice. For example, configuration in /etc/systemd/system/user-.slice.d/resources.conf is included in all + user-UID.slice units, see + systemd.unit5 + for a discussion of the drop-in mechanism. + + When a user logs in and a .scope unit is created for the session (see previous section), + the creation of the scope may be managed through + pam_systemd8. + This PAM module communicates with + systemd-logind8 + to create the session scope and provide access to hardware resources. Resource limits for the + scope may be configured through the PAM module configuration, see + pam_systemd8. + Configuring them through the normal unit configuration is also possible, but since + the name of the slice unit is generally unpredictable, this is less useful. + + In general any resources that apply to units may be set for + user@UID.service and the slice + units discussed above, see + systemd.resource-control5 + for an overview. + + + + Examples + + Hierarchy of control groups with two logged in users + + $ systemd-cgls +Control group /: +-.slice +├─user.slice +│ ├─user-1000.slice +│ │ ├─user@1000.service +│ │ │ ├─pulseaudio.service +│ │ │ │ └─2386 /usr/bin/pulseaudio --daemonize=no +│ │ │ └─gnome-terminal-server.service +│ │ │ └─init.scope +│ │ │ ├─ 4127 /usr/libexec/gnome-terminal-server +│ │ │ └─ 4198 zsh +│ │ … +│ │ └─session-4.scope +│ │ ├─ 1264 gdm-session-worker [pam/gdm-password] +│ │ ├─ 2339 /usr/bin/gnome-shell +│ │ … +│ │ ├─session-19.scope +│ │ ├─6497 sshd: zbyszek [priv] +│ │ ├─6502 sshd: zbyszek@pts/6 +│ │ ├─6509 -zsh +│ │ └─6602 systemd-cgls --no-pager +│ … +│ └─user-1001.slice +│ ├─session-20.scope +│ │ ├─6675 sshd: guest [priv] +│ │ ├─6708 sshd: guest@pts/6 +│ │ └─6717 -bash +│ └─user@1001.service +│ ├─init.scope +│ │ ├─6680 /usr/lib/systemd/systemd --user +│ │ └─6688 (sd-pam) +│ └─sleep.service +│ └─6706 /usr/bin/sleep 30 +… + User with UID 1000 is logged in using gdm (session-4.scope) and + ssh1 + (session-19.scope), and also has a user manager instance + running (user@1000.service). User with UID 1001 is logged + in using ssh (session-20.scope) and + also has a user manager instance running (user@1001.service). Those are all (leaf) system units, and form + part of the slice hierarchy, with user-1000.slice and + user-1001.slice below user.slice. User units are visible below the + user@.service instances (pulseaudio.service, gnome-terminal-server.service, init.scope, sleep.service). + + + + + Default user resource limits + + $ systemctl cat user-1000.slice +# /usr/lib/systemd/system/user-.slice.d/10-defaults.conf +# … +[Unit] +Description=User Slice of UID %j +After=systemd-user-sessions.service + +[Slice] +TasksMax=33% + The user-UID.slice units by default don't + have a unit file. The resource limits are set through a drop-in, which can be easily replaced + or extended following standard drop-in mechanisms discussed in the first section. + + + + + See Also + + systemd1, + systemd.service5, + systemd.slice5, + systemd.resource-control5, + systemd.exec5, + systemd.special7, + pam8 + + + diff --git a/units/user-.slice.d/10-defaults.conf b/units/user-.slice.d/10-defaults.conf index 95ab11b30b..f1d118562c 100644 --- a/units/user-.slice.d/10-defaults.conf +++ b/units/user-.slice.d/10-defaults.conf @@ -9,6 +9,7 @@ [Unit] Description=User Slice of UID %j +Documentation=man:user@.service(5) After=systemd-user-sessions.service [Slice] diff --git a/units/user-runtime-dir@.service.in b/units/user-runtime-dir@.service.in index 8c02beda3b..3a852b68a6 100644 --- a/units/user-runtime-dir@.service.in +++ b/units/user-runtime-dir@.service.in @@ -9,6 +9,7 @@ [Unit] Description=/run/user/%i mount wrapper +Documentation=man:user@.service(5) StopWhenUnneeded=yes [Service] diff --git a/units/user@.service.in b/units/user@.service.in index b88108e1b7..07107a66ee 100644 --- a/units/user@.service.in +++ b/units/user@.service.in @@ -9,6 +9,7 @@ [Unit] Description=User Manager for UID %i +Documentation=man:user@.service(5) After=systemd-user-sessions.service After=user-runtime-dir@%i.service Requires=user-runtime-dir@%i.service