PAM_SYSTEMD(8) pam_systemd PAM_SYSTEMD(8) pam_systemd - systemd pam_systemd.so pam_systemd systemd systemd-logind.service(8) systemd. JSON[1] . -- systemd-logind.service -- : 1. /run/user/$UID "tmpfs" . 2. $XDG_SESSION_ID. pam_loginuid.so ( ) (/proc/self/sessionid). . 3. systemd . user.slice . user@.service systemd. 4. "$TZ" "$EMAIL" "$LANG" JSON ( ). umask nice . : 1. logind.conf(5) (KillUserProcesses=) . systemd . 2. /run/user/$UID . systemd PAM_SUCCESS . : class= . XDG_SESSION_CLASS ( ) . sd_session_get_class(3) . : 1. +--------------------------------+-------------------------------------+ | | | +--------------------------------+-------------------------------------+ |user | | | | | | | . | | | | | | | | | | | | | | | TTY | | | X | | | | | | . | +--------------------------------+-------------------------------------+ |user-early | user | | | | | | | | | | | | | | | systemd-user-sessions.service(8) | | | | | | | | | | | | | | | . | | | | | | | | | | | | | | | | | | | | | user | | | . ( | | | v256.) | +--------------------------------+-------------------------------------+ |user-light | user | | | | | | | | | user@.service(5) | | | | | | | | | | | | | | | | | | | | | . | | | ( v258.) | +--------------------------------+-------------------------------------+ |user-early-light | | | | user-early | | | | | | | | | user@.service(5) | | | | | | | | | | | | | | | | | | . | | | ( v258.) | +--------------------------------+-------------------------------------+ |user-incomplete | user | | | | | | | | | | | | | | | | | | | | | . | | | | | | systemd-homed.service(8) | | | | | | | | | | | | ssh(1) | | | | | | | | | | | | | | | | | | | | | | | | | | | . | | | | | | | | | | | | user | | | | | | | | | . | +--------------------------------+-------------------------------------+ |greeter | user | | | | | | | | | | | | | | | | | | | | | | | | | | | . | +--------------------------------+-------------------------------------+ |_ | user | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | . | +--------------------------------+-------------------------------------+ |background | | | | | | | | | | | | | | | | cron(8) | | | | | | . | | | | | | | | | | | | | | | TTY X | | | | | | . | +--------------------------------+-------------------------------------+ |background-light | | | | background | | | | | | | | | user@.service(5) | | | | | | | | | | | | | | | | | | . | | | ( v256.) | +--------------------------------+-------------------------------------+ |manager | | | | user@.service(5) | | | | | | | | | . ( | | | v256.) | +--------------------------------+-------------------------------------+ |manager-early | | | | manager | | | | | | . | | | user | | | user-early. | | | ( v256.) | +--------------------------------+-------------------------------------+ |none | | | | | | | logind. | | | | | | | | | | | | . | | | ( v258.) | +--------------------------------+-------------------------------------+ PAM $XDG_SESSION_CLASS ( ) TTY X11 . PAM $XDG_SESSION_CLASS. cron UNIX ( crontab(5)) background background-light cron run0 --setenv=XDG_SESSION_CLASS=user-light user user-light . 197. type= . XDG_SESSION_TYPE ( ) . unspecified tty x11 wayland mir web. sd_session_get_type(3) . 209. desktop= . XDG_SESSION_DESKTOP ( ) . . : GNOME KDE. $XDG_CURRENT_DESKTOP Desktop Entry Specification[2]. ( $XDG_CURRENT_DESKTOP.) sd_session_get_desktop(3) . 240. area= . $HOME ~/Areas/ . $XDG_AREA ( ). . ( pam_systemd_home(8) ) . $HOME . sshd(8) SSH . . area= . . . pam_systemd_home(8). 258. default-capability-bounding-set=, default-capability-ambient-set= ( CAP_WAKE_ALARM CAP_BLOCK_SUSPEND ...) . capabilities(7) . ( ). CAP_WAKE_ALARM PAM systemd user@.service. . 254. debug[=] . . session . : $XDG_SESSION_ID . /proc/self/sessionid. . . sd_id128_get_boot(3) . $XDG_RUNTIME_DIR . . $XDG_RUNTIME_DIR . . $XDG_SESSION_ID . AF_UNIX FIFOs PID . . XDG Base Directory Specification[3] $TZ $EMAIL $LANG JSON . 245. $SHELL_PROMPT_PREFIX $SHELL_PROMPT_SUFFIX $SHELL_WELCOME "shell.prompt.prefix" "shell.prompt.suffix" "shell.welcome" . ( $SHELL_PROMPT_PREFIX $PS1 $SHELL_PROMPT_SUFFIX ) . 257. PAM . PAM . $XDG_SESSION_TYPE . type= . 209. $XDG_SESSION_CLASS . class= . 209. $XDG_SESSION_DESKTOP . desktop= . 209. $XDG_SEAT . 209. $XDG_VTNR VT . ( VT "seat0") 209. $XDG_AREA ( ) ( ). . . 258. $XDG_SESSION_EXTRA_DEVICE_ACCESS . "ID" "xaccess-ID" udev. 260. pam_systemd $XDG_SEAT $XDG_VTNR $DISPLAY ( ). PAM pam_systemd.so PAM. C NUL . . user@.service systemd --user . systemd.resource-control(5) . pam_set_data(3) . systemd.memory_max= MemoryMax=. 239. systemd.tasks_max= TasksMax=. 239. systemd.cpu_weight= CPUWeight=. 239. systemd.io_weight= IOWeight=. 239. systemd.runtime_max_sec= RuntimeMaxSec=. 244. PAM : pam_set_data(handle, "systemd.memory_max", (void *)"200M", cleanup); pam_set_data(handle, "systemd.tasks_max", (void *)"50", cleanup); pam_set_data(handle, "systemd.cpu_weight", (void *)"100", cleanup); pam_set_data(handle, "systemd.io_weight", (void *)"340", cleanup); pam_set_data(handle, "systemd.runtime_max_sec", (void *)"3600", cleanup); PAM systemd-logind.service: #%PAM-1.0 -auth [success=done authtok_err=bad perm_denied=bad maxtries=bad default=ignore] pam_systemd_home.so auth sufficient pam_unix.so auth required pam_deny.so account required pam_nologin.so -account [success=done authtok_expired=bad new_authtok_reqd=bad maxtries=bad acct_expired=bad default=ignore] pam_systemd_home.so account required pam_unix.so -password sufficient pam_systemd_home.so password sufficient pam_unix.so sha512 shadow try_first_pass password required pam_deny.so -session optional pam_keyinit.so revoke -session optional pam_loginuid.so -session optional pam_systemd_home.so -session optional pam_systemd.so session required pam_unix.so systemd(1), systemd-user-sessions.service(8), user@.service(5), systemd-logind.service(8), logind.conf(5), loginctl(1), pam_systemd_home(8), pam.conf(5), pam.d(5), pam(8), pam_loginuid(8), systemd.scope(5), systemd.slice(5), systemd.service(5) 1. JSON https://systemd.io/USER_RECORD 2. https://standards.freedesktop.org/desktop-entry-spec/latest/ 3. XDG https://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html 3 . . : . systemd 260.1 PAM_SYSTEMD(8)