man: add a description of user@.service, user-runtime-dir@.service, user-*.slice

Fixes #9590.

(cherry picked from commit a99655b0521cb9ede20e8d21622280dcfbdd02c7)

1 files changed, 190 insertions, 0 deletions

diff --git a/man/user@.service.xml b/man/user@.service.xml
new file mode 100644
index 000000000..9969bdf25
--- /dev/null
+++ b/man/user@.service.xml
@@ -0,0 +1,190 @@
+<?xml version="1.0"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<!-- SPDX-License-Identifier: LGPL-2.1+ -->
+
+<refentry id="user@.service">
+  <refentryinfo>
+    <title>user@.service</title>
+    <productname>elogind</productname>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>user@.service</refentrytitle>
+    <manvolnum>5</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>user@.service</refname>
+    <refname>user-runtime-dir@.service</refname>
+    <refpurpose>System units to manager user processes</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <para><filename>user@<replaceable>UID</replaceable>.service</filename></para>
+    <para><filename>user-runtime-dir@<replaceable>UID</replaceable>.service</filename></para>
+    <para><filename>user-<replaceable>UID</replaceable>.slice</filename></para>
+  </refsynopsisdiv>
+
+  <refsect1>
+    <title>Description</title>
+
+    <para>The
+    <citerefentry><refentrytitle>elogind</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+    system manager (PID 1) starts user manager instances as
+    <filename>user@<replaceable>UID</replaceable>.service</filename>, where the user's numerical UID
+    is used as the instance identifier. Each <command>elogind --user</command> instance manages a
+    hierarchy of its own units. See
+    <citerefentry><refentrytitle>elogind</refentrytitle><manvolnum>1</manvolnum></citerefentry> for
+    a discussion of elogind units and
+    <citerefentry><refentrytitle>elogind.special</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+    for a list of units that form the basis of the unit hierarchies of system and user units.</para>
+
+    <para><filename>user@<replaceable>UID</replaceable>.service</filename> is accompanied by the
+    system unit <filename>user-runtime-dir@<replaceable>UID</replaceable>.service</filename>, which
+    creates the user's runtime directory
+    <filename>/run/user/<replaceable>UID</replaceable></filename>, and then removes it when this
+    unit is stopped.</para>
+
+    <para>User processes may be started by the <filename>user@.service</filename> instance, in which
+    case they will be part of that unit in the system hierarchy. They may also be started elsewhere,
+    for example by
+    <citerefentry><refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum></citerefentry> or a
+    display manager like <command>gdm</command>, in which case they form a .scope unit (see
+    <citerefentry><refentrytitle>elogind.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
+    Both <filename>user@<replaceable>UID</replaceable>.service</filename> and the scope units are
+    collected under a <filename>user-<replaceable>UID</replaceable>.slice</filename>.</para>
+
+    <para>Individual <filename>user-<replaceable>UID</replaceable>.slice</filename> slices are
+    collected under <filename>user.slice</filename>, see
+    <citerefentry><refentrytitle>elogind.special</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
+    </para>
+  </refsect1>
+
+  <refsect1>
+    <title>Controlling resources for logged-in users</title>
+
+    <para>Options that control resources available to logged-in users can be configured at a few
+    different levels. As described in the previous section, <filename>user.slice</filename> contains
+    processes of all users, so any resource limits on that slice apply to all users together. The
+    usual way to configure them would be through drop-ins, e.g. <filename
+    noindex='true'>/etc/elogind/system/user.slice.d/resources.conf</filename>.
+    </para>
+
+    <para>The processes of a single user are collected under
+    <filename>user-<replaceable>UID</replaceable>.slice</filename>. Resource limits for that user
+    can be configured through drop-ins for that unit, e.g. <filename
+    noindex='true'>/etc/elogind/system/user-1000.slice.d/resources.conf</filename>. If the limits
+    should apply to all users instead, they may be configured through drop-ins for the truncated
+    unit name, <filename>user-.slice</filename>. For example, configuration in <filename
+    noindex='true'>/etc/elogind/system/user-.slice.d/resources.conf</filename> is included in all
+    <filename>user-<replaceable>UID</replaceable>.slice</filename> units, see
+    <citerefentry><refentrytitle>elogind.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+    for a discussion of the drop-in mechanism.</para>
+
+    <para>When a user logs in and a .scope unit is created for the session (see previous section),
+    the creation of the scope may be managed through
+    <citerefentry><refentrytitle>pam_elogind</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
+    This PAM module communicates with
+    <citerefentry><refentrytitle>elogind</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+    to create the session scope and provide access to hardware resources. Resource limits for the
+    scope may be configured through the PAM module configuration, see
+    <citerefentry><refentrytitle>pam_elogind</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
+    Configuring them through the normal unit configuration is also possible, but since
+    the name of the slice unit is generally unpredictable, this is less useful.</para>
+
+    <para>In general any resources that apply to units may be set for
+    <filename>user@<replaceable>UID</replaceable>.service</filename> and the slice
+    units discussed above, see
+    <citerefentry><refentrytitle>elogind.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+    for an overview.</para>
+  </refsect1>
+
+  <refsect1>
+    <title>Examples</title>
+    <example>
+      <title>Hierarchy of control groups with two logged in users</title>
+
+      <programlisting>$ elogind-cgls
+Control group /:
+-.slice
+├─user.slice
+│ ├─user-1000.slice
+│ │ ├─user@1000.service
+│ │ │ ├─pulseaudio.service
+│ │ │ │ └─2386 /usr/bin/pulseaudio --daemonize=no
+│ │ │ └─gnome-terminal-server.service
+│ │ │   └─init.scope
+│ │ │     ├─ 4127 /usr/libexec/gnome-terminal-server
+│ │ │     └─ 4198 zsh
+│ │ …
+│ │ └─session-4.scope
+│ │   ├─ 1264 gdm-session-worker [pam/gdm-password]
+│ │   ├─ 2339 /usr/bin/gnome-shell
+│ │   …
+│ │ ├─session-19.scope
+│ │   ├─6497 sshd: zbyszek [priv]
+│ │   ├─6502 sshd: zbyszek@pts/6
+│ │   ├─6509 -zsh
+│ │   └─6602 elogind-cgls --no-pager
+│ …
+│ └─user-1001.slice
+│   ├─session-20.scope
+│   │ ├─6675 sshd: guest [priv]
+│   │ ├─6708 sshd: guest@pts/6
+│   │ └─6717 -bash
+│   └─user@1001.service
+│     ├─init.scope
+│     │ ├─6680 /usr/lib/elogind/elogind --user
+│     │ └─6688 (sd-pam)
+│     └─sleep.service
+│       └─6706 /usr/bin/sleep 30
+…</programlisting>
+      <para>User with UID 1000 is logged in using <command>gdm</command> (<filename
+      noindex='true'>session-4.scope</filename>) and
+      <citerefentry><refentrytitle>ssh</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+      (<filename noindex='true'>session-19.scope</filename>), and also has a user manager instance
+      running (<filename noindex='true'>user@1000.service</filename>).  User with UID 1001 is logged
+      in using <command>ssh</command> (<filename noindex='true'>session-20.scope</filename>) and
+      also has a user manager instance running (<filename
+      noindex='true'>user@1001.service</filename>).  Those are all (leaf) system units, and form
+      part of the slice hierarchy, with <filename noindex='true'>user-1000.slice</filename> and
+      <filename noindex='true'>user-1001.slice</filename> below <filename
+      noindex='true'>user.slice</filename>.  User units are visible below the
+      <filename>user@.service</filename> instances (<filename
+      noindex='true'>pulseaudio.service</filename>, <filename
+      noindex='true'>gnome-terminal-server.service</filename>, <filename
+      noindex='true'>init.scope</filename>, <filename noindex='true'>sleep.service</filename>).
+      </para>
+    </example>
+
+    <example>
+      <title>Default user resource limits</title>
+
+      <programlisting>$ systemctl cat user-1000.slice
+# /usr/lib/elogind/system/user-.slice.d/10-defaults.conf
+# …
+[Unit]
+Description=User Slice of UID %j
+After=elogind-user-sessions.service
+
+[Slice]
+TasksMax=33%</programlisting>
+     <para>The <filename>user-<replaceable>UID</replaceable>.slice</filename> units by default don't
+     have a unit file. The resource limits are set through a drop-in, which can be easily replaced
+     or extended following standard drop-in mechanisms discussed in the first section.</para>
+    </example>
+  </refsect1>
+
+  <refsect1>
+    <title>See Also</title>
+    <para>
+      <citerefentry><refentrytitle>elogind</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>elogind.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>elogind.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>elogind.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>elogind.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>elogind.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
+      <citerefentry project='man-pages'><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+    </para>
+  </refsect1>
+</refentry>