pam_systemd.xml revision e670b166a08b7c1031a9e7d7675fa9a29c3e19c9
97a9a944b5887e91042b019776c41d5dd74557aferikabele<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
97a9a944b5887e91042b019776c41d5dd74557aferikabele "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
a945f35eff8b6a88009ce73de6d4c862ce58de3cslive This file is part of systemd.
5a58787efeb02a1c3f06569d019ad81fd2efa06end Copyright 2010 Lennart Poettering
5a58787efeb02a1c3f06569d019ad81fd2efa06end systemd is free software; you can redistribute it and/or modify it
5a58787efeb02a1c3f06569d019ad81fd2efa06end under the terms of the GNU Lesser General Public License as published by
5a58787efeb02a1c3f06569d019ad81fd2efa06end the Free Software Foundation; either version 2.1 of the License, or
5a58787efeb02a1c3f06569d019ad81fd2efa06end (at your option) any later version.
5a58787efeb02a1c3f06569d019ad81fd2efa06end systemd is distributed in the hope that it will be useful, but
52fff662005b1866a3ff09bb6c902800c5cc6dedjerenkrantz WITHOUT ANY WARRANTY; without even the implied warranty of
5a58787efeb02a1c3f06569d019ad81fd2efa06end MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5a58787efeb02a1c3f06569d019ad81fd2efa06end Lesser General Public License for more details.
4b5981e276e93df97c34e4da05ca5cf8bbd937dand You should have received a copy of the GNU Lesser General Public License
5a58787efeb02a1c3f06569d019ad81fd2efa06end along with systemd; If not, see <http://www.gnu.org/licenses/>.
ad74a0524a06bfe11b7de9e3b4ce7233ab3bd3f7nd <refentryinfo>
5a58787efeb02a1c3f06569d019ad81fd2efa06end <authorgroup>
9b6a3a558cc90ffdaa0b50bd02546ffec424ded7slive </authorgroup>
ced7ef1f8c0df1805da0e87dbc5a1b6282910573nd </refentryinfo>
97a9a944b5887e91042b019776c41d5dd74557aferikabele <refnamediv>
f8396ed8364b56ec8adeaa49cac35a929758a29eslive <refpurpose>Register user sessions in the systemd login manager</refpurpose>
5a58787efeb02a1c3f06569d019ad81fd2efa06end </refnamediv>
5a58787efeb02a1c3f06569d019ad81fd2efa06end <refsynopsisdiv>
5a58787efeb02a1c3f06569d019ad81fd2efa06end </refsynopsisdiv>
117c1f888a14e73cdd821dc6c23eb0411144a41cnd <refsect1>
117c1f888a14e73cdd821dc6c23eb0411144a41cnd sessions in the systemd login manager
117c1f888a14e73cdd821dc6c23eb0411144a41cnd <citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
117c1f888a14e73cdd821dc6c23eb0411144a41cnd and hence the systemd control group hierarchy.</para>
117c1f888a14e73cdd821dc6c23eb0411144a41cnd <para>On login, this module ensures the following:</para>
2bc7f1cf720973a67f8ff7a8d523e40569ae5b6cnd <orderedlist>
117c1f888a14e73cdd821dc6c23eb0411144a41cnd user runtime directory
117c1f888a14e73cdd821dc6c23eb0411144a41cnd created and its ownership changed to the user
5a58787efeb02a1c3f06569d019ad81fd2efa06end variable is initialized. If auditing is
5a58787efeb02a1c3f06569d019ad81fd2efa06end available and
5a58787efeb02a1c3f06569d019ad81fd2efa06end this module (which is highly recommended), the
5a58787efeb02a1c3f06569d019ad81fd2efa06end variable is initialized from the auditing
5a58787efeb02a1c3f06569d019ad81fd2efa06end session id
a63f0ab647ad2ab72efc9bea7a66e24e9ebc5cc2nd an independent session counter is
8a6d5edcb07aeccca7afba02a17dd6904d6b206ctrawick is created and the login process moved into
8a6d5edcb07aeccca7afba02a17dd6904d6b206ctrawick </orderedlist>
8a6d5edcb07aeccca7afba02a17dd6904d6b206ctrawick <para>On logout, this module ensures the following:</para>
ea8a727ff298d2f5368b55b7ae8d87091ae106e7nd <orderedlist>
06ba4a61654b3763ad65f52283832ebf058fdf1cslive <option>kill-session-processes=1</option> specified, all
92510838f2eb125726e15c5eb4f7a23c7a0396e4slive remaining processes in the
ced7ef1f8c0df1805da0e87dbc5a1b6282910573nd control group are killed and the control group
92510838f2eb125726e15c5eb4f7a23c7a0396e4slive was removed the
8a6d5edcb07aeccca7afba02a17dd6904d6b206ctrawick and all its contents are
8a6d5edcb07aeccca7afba02a17dd6904d6b206ctrawick </orderedlist>
8a6d5edcb07aeccca7afba02a17dd6904d6b206ctrawick <para>If the system was not booted up with systemd as
8a6d5edcb07aeccca7afba02a17dd6904d6b206ctrawick init system, this module does nothing and immediately
8a6d5edcb07aeccca7afba02a17dd6904d6b206ctrawick returns PAM_SUCCESS.</para>
8a6d5edcb07aeccca7afba02a17dd6904d6b206ctrawick </refsect1>
8a6d5edcb07aeccca7afba02a17dd6904d6b206ctrawick <varlistentry>
ced7ef1f8c0df1805da0e87dbc5a1b6282910573nd argument. If true, all processes
8a6d5edcb07aeccca7afba02a17dd6904d6b206ctrawick created by the user during his session
e7131afdda636994bf3c7a6b2e77e5960fb62633nd and from his session will be
8a6d5edcb07aeccca7afba02a17dd6904d6b206ctrawick terminated when he logs out from his
ced7ef1f8c0df1805da0e87dbc5a1b6282910573nd </varlistentry>
8a6d5edcb07aeccca7afba02a17dd6904d6b206ctrawick <varlistentry>
8a6d5edcb07aeccca7afba02a17dd6904d6b206ctrawick separated list of user names or
8a6d5edcb07aeccca7afba02a17dd6904d6b206ctrawick numeric user ids as argument. If this
8a6d5edcb07aeccca7afba02a17dd6904d6b206ctrawick option is used the effect of the
8a6d5edcb07aeccca7afba02a17dd6904d6b206ctrawick will apply only to the listed
92510838f2eb125726e15c5eb4f7a23c7a0396e4slive users. If this option is not used the
92510838f2eb125726e15c5eb4f7a23c7a0396e4slive option applies to all local
97a9a944b5887e91042b019776c41d5dd74557aferikabele users. Note that
ea8a727ff298d2f5368b55b7ae8d87091ae106e7nd takes precedence over this list and is
8a6d5edcb07aeccca7afba02a17dd6904d6b206ctrawick hence subtracted from the list
ea8a727ff298d2f5368b55b7ae8d87091ae106e7nd </varlistentry>
ea8a727ff298d2f5368b55b7ae8d87091ae106e7nd <varlistentry>
e8d485701957d5c6de870111c112e168a894d49and separated list of user names or
e8d485701957d5c6de870111c112e168a894d49and numeric user ids as argument. Users
e8d485701957d5c6de870111c112e168a894d49and listed in this argument will not be
9b6a3a558cc90ffdaa0b50bd02546ffec424ded7slive subject to the effect of
9b6a3a558cc90ffdaa0b50bd02546ffec424ded7slive that this option takes precedence
9b6a3a558cc90ffdaa0b50bd02546ffec424ded7slive hence whatever is listed for
97a9a944b5887e91042b019776c41d5dd74557aferikabele is guaranteed to never be killed by
9b6a3a558cc90ffdaa0b50bd02546ffec424ded7slive this PAM module, independent of any
9b6a3a558cc90ffdaa0b50bd02546ffec424ded7slive other configuration
5a58787efeb02a1c3f06569d019ad81fd2efa06end </varlistentry>
ad74a0524a06bfe11b7de9e3b4ce7233ab3bd3f7nd <varlistentry>
4b22542f6f38567cae7873b176188a6622f67eb0fielding separated list of control group
5a58787efeb02a1c3f06569d019ad81fd2efa06end controllers in which hierarchies a
<citerefentry><refentrytitle>logind.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>. The
auth required pam_unix.so
auth required pam_nologin.so
account required pam_unix.so
password required pam_unix.so
session required pam_unix.so
session required pam_loginuid.so
<citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,