[systemd-devel] launching an interactive user session

Andrei Borzenkov arvidjaar at gmail.com
Sat May 21 07:36:21 UTC 2016 

20.05.2016 23:10, Mike Gulick пишет:
> Hi systemd-devel,
> 
> I'm on Debian Jessie running the default systemd-215.  I have a
> daemon (running as root, controlled by systemd), whose job it is to
> launch on-demand VNC servers for other users.  Currently, this daemon
> uses a shell command like the following to launch the vnc server for
> a given $USER:
> 
> sudo -i -u $USER /bin/sh -l -c 'cd \$HOME && /path/to/vncserver
> $ARGS
> 
> The issue I'm having is that the user VNC sessions being created all
> share the same systemd login session as my daemon.  I can see this by
> running systemd-cgls.  The users of these VNC sessions would like to
> be able to use "systemd-run --user --scope -p MemoryLimit=X COMMAND"
> to launch a command with cgroup-based resource limiting.  However
> without a user session, this results in "Failed to create bus
> connection: Connection refused".
> 
> There's too many users to create static systemd unit files, and it
> doesn't seem like I can create and load .service files on the fly.
> The "machinectl shell" command
> (https://github.com/systemd/systemd/pull/1022) looks promising, but
> unfortunately it's not in my systemd yet.  I've tried searching
> through this mailing list's history, but the results all were dead
> ends.
> 
> It seems like there's a lot of pieces needed to make this work (dbus,
> XDG env vars, systemd --user), and all of the recommendations say to
> go through pam_systemd.so.  I'm not afraid of interacting with PAM,
> but I don't really understand what's needed, and I can't actually
> authenticate as the user because I don't know their password
> (currently this daemon is root so it doesn't need a password to
> switch user).
> 
> If there is some kind of shell pipeline, or a wrapper script I can
> write to automate the necessary steps please let me know.
> 

Rather heavy weight solution is to enable lingering for all users in
question. In this case user instance is started automatically when
system boots and persists until system shutdown. VNC can then be started
as user-level service.

I believe recently there was discussion about global knobs to enable
lingering for all users at once.

More information about the systemd-devel mailing list