Skip to content
Permalink
Browse files

logind: flip KillUserProcesses to on by default

This ensures that users sessions are properly cleaned up after.
The admin can still enable or disable linger for specific users to allow
them to run processes after they log out. Doing that through the user
session is much cleaner and provides better control.

dbus daemon can now be run in the user session (with --enable-user-session,
added in 1.10.2), and most distributions opted to pick this configuration.
In the normal case it makes a lot of sense to kill remaining processes.
The exception is stuff like screen and tmux. But it's easy enough to
work around, a simple example was added to the man page in previous
commit. In the long run those services should integrate with the systemd
users session on their own.

https://bugs.freedesktop.org/show_bug.cgi?id=94508
#2900
  • Loading branch information...
keszybz committed Apr 10, 2016
1 parent 65eb37f commit 97e5530cf2076a2b4fc55755917262607aaa6338
Showing with 27 additions and 6 deletions.
  1. +24 −3 NEWS
  2. +1 −1 man/logind.conf.xml
  3. +1 −1 src/login/logind.c
  4. +1 −1 src/login/logind.conf
27 NEWS
@@ -22,9 +22,26 @@ CHANGES WITH 230 in spe:
* systemd-resolve conveniently resolves DANE records with the --tlsa
option and OPENPGPKEY records with the --openpgp option.

* Testing tool /usr/lib/systemd/systemd-activate is renamed to
systemd-socket-activate and installed into /usr/bin. It is now fully
supported.
* systemd-logind will now by default terminate user processes that are
part of the user session scope unit (session-XX.scope) when the user
logs out. This behaviour is controlled by the
KillUserProcesses=yes|no setting in logind.conf, and previous default
of "no" is now changed to "yes". This means that user sessions will
be properly cleaned up after, but additional steps are necessary to
allow intentionally long-running processes to survive logout.

While the user is logged in at least once, user@.service is running,
and any service that should survive the end of any individual login
session can be started at a user service or scope using systemd-run.
systemd-run(1) man page has been extended with an example which
shows how to run screen in a scope unit underneath user@.service.
The same command works for tmux.

After the user logs out of all sessions, user@.service will be
terminated too, by default, unless the user has "lingering" enabled.
To effectively allow users to run long-term tasks even if they are
logged out, lingering must be enabled for them. See loginctl(1)
for details.

* The unified cgroup hierarchy added in Linux 4.5 is now supported.
Use systemd.unified_cgroup_hierarchy=1 on the kernel command line
@@ -45,6 +62,10 @@ CHANGES WITH 230 in spe:

* The Unique Identifier sent in DHCP requests can be configured.

* Testing tool /usr/lib/systemd/systemd-activate is renamed to
systemd-socket-activate and installed into /usr/bin. It is now fully
supported.

* systemd-journald now uses separate threads to flush changes to
disk when closing journal files.

@@ -124,7 +124,7 @@
corresponding to the session and all processes inside that scope will be
terminated. If false, the scope is "abandonded", see
<citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
and processes are not killed. Defaults to <literal>no</literal>.</para>
and processes are not killed. Defaults to <literal>yes</literal>.</para>

<para>In addition to session processes, user process may run under the user
manager unit <filename>user@.service</filename>. Depending on the linger
@@ -64,7 +64,7 @@ static void manager_reset_config(Manager *m) {
m->runtime_dir_size = PAGE_ALIGN((size_t) (physical_memory() / 10)); /* 10% */
m->user_tasks_max = UINT64_C(12288);

m->kill_user_processes = false;
m->kill_user_processes = true;

m->kill_only_users = strv_free(m->kill_only_users);
m->kill_exclude_users = strv_free(m->kill_exclude_users);
@@ -14,7 +14,7 @@
[Login]
#NAutoVTs=6
#ReserveVT=6
#KillUserProcesses=no
#KillUserProcesses=yes
#KillOnlyUsers=
#KillExcludeUsers=root
#InhibitDelayMaxSec=5

2 comments on commit 97e5530

@small1

This comment has been minimized.

Copy link

small1 replied May 29, 2016

If this gets the default in upcoming systemd releases i will probably switch from using systemd on ALL my servers. And probably on my desktops as well.

I don't want to have to turn that stupid thing off on the servers i maintain. This add extra maintenance as most of the users i have leaves processes in the background.

@poettering

This comment has been minimized.

Copy link
Member

poettering replied May 29, 2016

@small1 please vent your frustrations elsewhere, this is a code commenting tool. As long you don't find any actual code issues please don't comment here.

Please sign in to comment.
You can’t perform that action at this time.