[systemd-devel] systemd user instance

Kai Krakow hurikhan77 at gmail.com
Mon May 6 14:44:45 PDT 2013 

Hey list,

I've built a server with systemd and it really worked out well. Fast booting 
(that means shorter maintenance times) and most important: Reliable service 
teardown and auto-restarts of crashed services. And yeah, I love the 
journal. I'm logging everything there.

But now I want to (and need to) give some users cron-like abilities. I 
discovered that systemd supports user instances - perfect!

So I enabled a session service for one user (actually, that's me):

# sudo systemctl enable user at kakra.service

But I cannot start it, and the user can neither. Starting it states in the 
journal:

# sudo systemctl start user at kakra.service

May 06 23:35:00 vweb002.jugendinfo.de systemd[1]: Starting User Manager for 
root...
-- Subject: Unit user at kakra.service has begun with start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit user at kakra.service has begun starting up.
May 06 23:35:00 vweb002.jugendinfo.de systemd[4438]: Failed at step PAM 
spawning /usr/lib/systemd/systemd: Operation not permitted
-- Subject: Process /usr/lib/systemd/systemd could not be executed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- Documentation: 
http://www.freedesktop.org/wiki/Software/systemd/catalog/641257651c1b4ec9a8624d7a40a9e1e7
-- 
-- The process /usr/lib/systemd/systemd could not be executed and failed.
-- 
-- The error number returned while executing this process is 1.
May 06 23:35:00 vweb002.xxxxxx.de systemd[1]: Started User Manager for root.
-- Subject: Unit user at kakra.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit user at kakra.service has finished starting up.
-- 
-- The start-up result is done.

Why does it say "Starting user manager for root" (and not my username) and 
why does it fail with pam? If I start "systemd --user &", then I can enable 
and run the user services defined in .config/systemd.

The server is running Gentoo with systemd-201. Here's the systemd unit:

kakra at vweb002 ~ $ cat /etc/systemd/system/user\@kakra.service 
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

[Unit]
Description=User Manager for %u
After=systemd-user-sessions.service

[Service]
User=%I
PAMName=systemd-shared
# in order to allow MEM_CG features to work, add "memory:/" here
ControlGroup=%R/user/%u/shared cpu:/
ControlGroupModify=yes
Type=notify
ExecStart=-/usr/lib/systemd/systemd --user
Environment=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/%U/dbus/user_bus_socket

[Install]
Alias=user@%i.service


# as user:
# systemctl start user at kakra.service
Failed to issue method call: Access denied


kakra at vweb002 ~ $ cat /etc/pam.d/system-auth 
auth            required        pam_env.so 
auth            required        pam_unix.so try_first_pass likeauth nullok 
auth            optional        pam_permit.so
 
account         required        pam_unix.so 
account         optional        pam_permit.so
 
password        required        pam_cracklib.so difok=2 minlen=8 dcredit=2 
ocredit=2 retry=3 
password        required        pam_unix.so try_first_pass use_authtok 
nullok sha512 shadow 
password        optional        pam_permit.so
 
session         required        pam_limits.so 
session         required        pam_env.so 
session         required        pam_unix.so 
session         optional        pam_permit.so

session         optional        pam_loginuid.so
session         optional        pam_systemd.so


Regards,
Kai

More information about the systemd-devel mailing list