1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
|
<?xml version="1.0"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1+ -->
<refentry id="user@.service">
<refentryinfo>
<title>user@.service</title>
<productname>systemd</productname>
</refentryinfo>
<refmeta>
<refentrytitle>user@.service</refentrytitle>
<manvolnum>5</manvolnum>
</refmeta>
<refnamediv>
<refname>user@.service</refname>
<refname>user-runtime-dir@.service</refname>
<refpurpose>System units to manager user processes</refpurpose>
</refnamediv>
<refsynopsisdiv>
<para><filename>user@<replaceable>UID</replaceable>.service</filename></para>
<para><filename>user-runtime-dir@<replaceable>UID</replaceable>.service</filename></para>
<para><filename>user-<replaceable>UID</replaceable>.slice</filename></para>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
<para>The
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
system manager (PID 1) starts user manager instances as
<filename>user@<replaceable>UID</replaceable>.service</filename>, where the user's numerical UID
is used as the instance identifier. Each <command>systemd --user</command> instance manages a
hierarchy of its own units. See
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> for
a discussion of systemd units and
<citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>1</manvolnum></citerefentry>
for a list of units that form the basis of the unit hierarchies of system and user units.</para>
<para><filename>user@<replaceable>UID</replaceable>.service</filename> is accompanied by the
system unit <filename>user-runtime-dir@<replaceable>UID</replaceable>.service</filename>, which
creates the user's runtime directory
<filename>/run/user/<replaceable>UID</replaceable></filename>, and then removes it when this
unit is stopped.</para>
<para>User processes may be started by the <filename>user@.service</filename> instance, in which
case they will be part of that unit in the system hierarchy. They may also be started elsewhere,
for example by
<citerefentry><refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum></citerefentry> or a
display manager like <command>gdm</command>, in which case they form a .scope unit (see
<citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
Both <filename>user@<replaceable>UID</replaceable>.service</filename> and the scope units are
collected under a <filename>user-<replaceable>UID</replaceable>.slice</filename>.</para>
<para>Individual <filename>user-<replaceable>UID</replaceable>.slice</filename> slices are
collected under <filename>user.slice</filename>, see
<citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
</para>
</refsect1>
<refsect1>
<title>Controlling resources for logged-in users</title>
<para>Options that control resources available to logged-in users can be configured at a few
different levels. As described in the previous section, <filename>user.slice</filename> contains
processes of all users, so any resource limits on that slice apply to all users together. The
usual way to configure them would be through drop-ins, e.g. <filename
noindex='true'>/etc/systemd/system/user.slice.d/resources.conf</filename>.
</para>
<para>The processes of a single user are collected under
<filename>user-<replaceable>UID</replaceable>.slice</filename>. Resource limits for that user
can be configured through drop-ins for that unit, e.g. <filename
noindex='true'>/etc/systemd/system/user-1000.slice.d/resources.conf</filename>. If the limits
should apply to all users instead, they may be configured through drop-ins for the truncated
unit name, <filename>user-.slice</filename>. For example, configuration in <filename
noindex='true'>/etc/systemd/system/user-.slice.d/resources.conf</filename> is included in all
<filename>user-<replaceable>UID</replaceable>.slice</filename> units, see
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for a discussion of the drop-in mechanism.</para>
<para>When a user logs in and a .scope unit is created for the session (see previous section),
the creation of the scope may be managed through
<citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
This PAM module communicates with
<citerefentry><refentrytitle>systemd-logind</refentrytitle><manvolnum>8</manvolnum></citerefentry>
to create the session scope and provide access to hardware resources. Resource limits for the
scope may be configured through the PAM module configuration, see
<citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
Configuring them through the normal unit configuration is also possible, but since
the name of the slice unit is generally unpredictable, this is less useful.</para>
<para>In general any resources that apply to units may be set for
<filename>user@<replaceable>UID</replaceable>.service</filename> and the slice
units discussed above, see
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for an overview.</para>
</refsect1>
<refsect1>
<title>Examples</title>
<example>
<title>Hierarchy of control groups with two logged in users</title>
<programlisting>$ systemd-cgls
Control group /:
-.slice
├─user.slice
│ ├─user-1000.slice
│ │ ├─user@1000.service
│ │ │ ├─pulseaudio.service
│ │ │ │ └─2386 /usr/bin/pulseaudio --daemonize=no
│ │ │ └─gnome-terminal-server.service
│ │ │ └─init.scope
│ │ │ ├─ 4127 /usr/libexec/gnome-terminal-server
│ │ │ └─ 4198 zsh
│ │ …
│ │ └─session-4.scope
│ │ ├─ 1264 gdm-session-worker [pam/gdm-password]
│ │ ├─ 2339 /usr/bin/gnome-shell
│ │ …
│ │ ├─session-19.scope
│ │ ├─6497 sshd: zbyszek [priv]
│ │ ├─6502 sshd: zbyszek@pts/6
│ │ ├─6509 -zsh
│ │ └─6602 systemd-cgls --no-pager
│ …
│ └─user-1001.slice
│ ├─session-20.scope
│ │ ├─6675 sshd: guest [priv]
│ │ ├─6708 sshd: guest@pts/6
│ │ └─6717 -bash
│ └─user@1001.service
│ ├─init.scope
│ │ ├─6680 /usr/lib/systemd/systemd --user
│ │ └─6688 (sd-pam)
│ └─sleep.service
│ └─6706 /usr/bin/sleep 30
…</programlisting>
<para>User with UID 1000 is logged in using <command>gdm</command> (<filename
noindex='true'>session-4.scope</filename>) and
<citerefentry><refentrytitle>ssh</refentrytitle><manvolnum>1</manvolnum></citerefentry>
(<filename noindex='true'>session-19.scope</filename>), and also has a user manager instance
running (<filename noindex='true'>user@1000.service</filename>). User with UID 1001 is logged
in using <command>ssh</command> (<filename noindex='true'>session-20.scope</filename>) and
also has a user manager instance running (<filename
noindex='true'>user@1001.service</filename>). Those are all (leaf) system units, and form
part of the slice hierarchy, with <filename noindex='true'>user-1000.slice</filename> and
<filename noindex='true'>user-1001.slice</filename> below <filename
noindex='true'>user.slice</filename>. User units are visible below the
<filename>user@.service</filename> instances (<filename
noindex='true'>pulseaudio.service</filename>, <filename
noindex='true'>gnome-terminal-server.service</filename>, <filename
noindex='true'>init.scope</filename>, <filename noindex='true'>sleep.service</filename>).
</para>
</example>
<example>
<title>Default user resource limits</title>
<programlisting>$ systemctl cat user-1000.slice
# /usr/lib/systemd/system/user-.slice.d/10-defaults.conf
# …
[Unit]
Description=User Slice of UID %j
After=systemd-user-sessions.service
[Slice]
TasksMax=33%</programlisting>
<para>The <filename>user-<replaceable>UID</replaceable>.slice</filename> units by default don't
have a unit file. The resource limits are set through a drop-in, which can be easily replaced
or extended following standard drop-in mechanisms discussed in the first section.</para>
</example>
</refsect1>
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
<citerefentry project='man-pages'><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>
</para>
</refsect1>
</refentry>
|
