1<?xml version="1.0"?> 2<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" 3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> 4<!-- SPDX-License-Identifier: LGPL-2.1-or-later --> 5 6<refentry id="user@.service"> 7 <refentryinfo> 8 <title>user@.service</title> 9 <productname>systemd</productname> 10 </refentryinfo> 11 12 <refmeta> 13 <refentrytitle>user@.service</refentrytitle> 14 <manvolnum>5</manvolnum> 15 </refmeta> 16 17 <refnamediv> 18 <refname>user@.service</refname> 19 <refname>user-runtime-dir@.service</refname> 20 <refname>systemd-user-runtime-dir</refname> 21 <refpurpose>System units to start the user manager</refpurpose> 22 </refnamediv> 23 24 <refsynopsisdiv> 25 <para><filename>user@<replaceable>UID</replaceable>.service</filename></para> 26 <para><filename>user-runtime-dir@<replaceable>UID</replaceable>.service</filename></para> 27 <para><filename>/usr/lib/systemd/systemd-user-runtime-dir</filename></para> 28 <para><filename>user-<replaceable>UID</replaceable>.slice</filename></para> 29 </refsynopsisdiv> 30 31 <refsect1> 32 <title>Description</title> 33 34 <para>The <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> 35 system manager (PID 1) starts user manager instances as 36 <filename>user@<replaceable>UID</replaceable>.service</filename>, with the user's numerical UID used as 37 the instance identifier. These instances use the same executable as the system manager, but running in a 38 mode where it starts a different set of units. Each <command>systemd --user</command> instance manages a 39 hierarchy of units specific to that user. See 40 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> for a 41 discussion of units and 42 <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry> for a 43 list of units that form the basis of the unit hierarchies of system and user units.</para> 44 45 <para><filename>user@<replaceable>UID</replaceable>.service</filename> is accompanied by the 46 system unit <filename>user-runtime-dir@<replaceable>UID</replaceable>.service</filename>, which 47 creates the user's runtime directory 48 <filename>/run/user/<replaceable>UID</replaceable></filename>, and then removes it when this 49 unit is stopped. <filename>user-runtime-dir@<replaceable>UID</replaceable>.service</filename> 50 executes the <filename>systemd-user-runtime-dir</filename> binary to do the actual work.</para> 51 52 <para>User processes may be started by the <filename>user@.service</filename> instance, in which 53 case they will be part of that unit in the system hierarchy. They may also be started elsewhere, 54 for example by 55 <citerefentry project='die-net'><refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum></citerefentry> or a 56 display manager like <command>gdm</command>, in which case they form a .scope unit (see 57 <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>). 58 Both <filename>user@<replaceable>UID</replaceable>.service</filename> and the scope units are 59 collected under the <filename>user-<replaceable>UID</replaceable>.slice</filename>.</para> 60 61 <para>Individual <filename>user-<replaceable>UID</replaceable>.slice</filename> slices are 62 collected under <filename>user.slice</filename>, see 63 <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>. 64 </para> 65 </refsect1> 66 67 <refsect1> 68 <title>Controlling resources for logged-in users</title> 69 70 <para>Options that control resources available to logged-in users can be configured at a few 71 different levels. As described in the previous section, <filename>user.slice</filename> contains 72 processes of all users, so any resource limits on that slice apply to all users together. The 73 usual way to configure them would be through drop-ins, e.g. <filename 74 index="false">/etc/systemd/system/user.slice.d/resources.conf</filename>. 75 </para> 76 77 <para>The processes of a single user are collected under 78 <filename>user-<replaceable>UID</replaceable>.slice</filename>. Resource limits for that user 79 can be configured through drop-ins for that unit, e.g. <filename 80 index="false">/etc/systemd/system/user-1000.slice.d/resources.conf</filename>. If the limits 81 should apply to all users instead, they may be configured through drop-ins for the truncated 82 unit name, <filename>user-.slice</filename>. For example, configuration in <filename 83 index="false">/etc/systemd/system/user-.slice.d/resources.conf</filename> is included in all 84 <filename>user-<replaceable>UID</replaceable>.slice</filename> units, see 85 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> 86 for a discussion of the drop-in mechanism.</para> 87 88 <para>When a user logs in and a .scope unit is created for the session (see previous section), 89 the creation of the scope may be managed through 90 <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>. 91 This PAM module communicates with 92 <citerefentry><refentrytitle>systemd-logind</refentrytitle><manvolnum>8</manvolnum></citerefentry> 93 to create the session scope and provide access to hardware resources. Resource limits for the 94 scope may be configured through the PAM module configuration, see 95 <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>. 96 Configuring them through the normal unit configuration is also possible, but since 97 the name of the slice unit is generally unpredictable, this is less useful.</para> 98 99 <para>In general any resources that apply to units may be set for 100 <filename>user@<replaceable>UID</replaceable>.service</filename> and the slice 101 units discussed above, see 102 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry> 103 for an overview.</para> 104 </refsect1> 105 106 <refsect1> 107 <title>Examples</title> 108 <example> 109 <title>Hierarchy of control groups with two logged in users</title> 110 111 <programlisting>$ systemd-cgls 112Control group /: 113-.slice 114├─user.slice 115│ ├─user-1000.slice 116│ │ ├─user@1000.service 117│ │ │ ├─pulseaudio.service 118│ │ │ │ └─2386 /usr/bin/pulseaudio --daemonize=no 119│ │ │ └─gnome-terminal-server.service 120│ │ │ └─init.scope 121│ │ │ ├─ 4127 /usr/libexec/gnome-terminal-server 122│ │ │ └─ 4198 zsh 123│ │ … 124│ │ └─session-4.scope 125│ │ ├─ 1264 gdm-session-worker [pam/gdm-password] 126│ │ ├─ 2339 /usr/bin/gnome-shell 127│ │ … 128│ │ ├─session-19.scope 129│ │ ├─6497 sshd: zbyszek [priv] 130│ │ ├─6502 sshd: zbyszek@pts/6 131│ │ ├─6509 -zsh 132│ │ └─6602 systemd-cgls --no-pager 133│ … 134│ └─user-1001.slice 135│ ├─session-20.scope 136│ │ ├─6675 sshd: guest [priv] 137│ │ ├─6708 sshd: guest@pts/6 138│ │ └─6717 -bash 139│ └─user@1001.service 140│ ├─init.scope 141│ │ ├─6680 /usr/lib/systemd/systemd --user 142│ │ └─6688 (sd-pam) 143│ └─sleep.service 144│ └─6706 /usr/bin/sleep 30 145…</programlisting> 146 <para>User with UID 1000 is logged in using <command>gdm</command> (<filename 147 index="false">session-4.scope</filename>) and 148 <citerefentry project='die-net'><refentrytitle>ssh</refentrytitle><manvolnum>1</manvolnum></citerefentry> 149 (<filename index="false">session-19.scope</filename>), and also has a user manager instance 150 running (<filename index="false">user@1000.service</filename>). User with UID 1001 is logged 151 in using <command>ssh</command> (<filename index="false">session-20.scope</filename>) and 152 also has a user manager instance running (<filename 153 index="false">user@1001.service</filename>). Those are all (leaf) system units, and form 154 part of the slice hierarchy, with <filename index="false">user-1000.slice</filename> and 155 <filename index="false">user-1001.slice</filename> below <filename 156 index="false">user.slice</filename>. User units are visible below the 157 <filename>user@.service</filename> instances (<filename 158 index="false">pulseaudio.service</filename>, <filename 159 index="false">gnome-terminal-server.service</filename>, <filename 160 index="false">init.scope</filename>, <filename index="false">sleep.service</filename>). 161 </para> 162 </example> 163 164 <example> 165 <title>Default user resource limits</title> 166 167 <programlisting>$ systemctl cat user-1000.slice 168# /usr/lib/systemd/system/user-.slice.d/10-defaults.conf 169# … 170[Unit] 171Description=User Slice of UID %j 172After=systemd-user-sessions.service 173 174[Slice] 175TasksMax=33%</programlisting> 176 <para>The <filename>user-<replaceable>UID</replaceable>.slice</filename> units by default don't 177 have a unit file. The resource limits are set through a drop-in, which can be easily replaced 178 or extended following standard drop-in mechanisms discussed in the first section.</para> 179 </example> 180 </refsect1> 181 182 <refsect1> 183 <title>See Also</title> 184 <para> 185 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, 186 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, 187 <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>, 188 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>, 189 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, 190 <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>, 191 <citerefentry project='man-pages'><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry> 192 </para> 193 </refsect1> 194</refentry> 195