[systemd-devel] launching an interactive user session

[Mike Gulick]

Hi systemd-devel,

I'm on Debian Jessie running the default systemd-215.  I have a daemon (running as root, controlled by systemd), whose job it is to launch on-demand VNC servers for other users.  Currently, this daemon uses a shell command like the following to launch the vnc server for a given $USER:

  sudo -i -u $USER /bin/sh -l -c 'cd \$HOME && /path/to/vncserver $ARGS

The issue I'm having is that the user VNC sessions being created all share the same systemd login session as my daemon.  I can see this by running systemd-cgls.  The users of these VNC sessions would like to be able to use "systemd-run --user --scope -p MemoryLimit=X COMMAND" to launch a command with cgroup-based resource limiting.  However without a user session, this results in "Failed to create bus connection: Connection refused".

There's too many users to create static systemd unit files, and it doesn't seem like I can create and load .service files on the fly.  The "machinectl shell" command (https://github.com/systemd/systemd/pull/1022) looks promising, but unfortunately it's not in my systemd yet.  I've tried searching through this mailing list's history, but the results all were dead ends.

It seems like there's a lot of pieces needed to make this work (dbus, XDG env vars, systemd --user), and all of the recommendations say to go through pam_systemd.so.  I'm not afraid of interacting with PAM, but I don't really understand what's needed, and I can't actually authenticate as the user because I don't know their password (currently this daemon is root so it doesn't need a password to switch user).

If there is some kind of shell pipeline, or a wrapper script I can write to automate the necessary steps please let me know.

Thank you very much!

-Mike Gulick​