aboutsummaryrefslogtreecommitdiffstats
path: root/conf/README.md
diff options
context:
space:
mode:
authorJosé Bollo <jose.bollo@iot.bzh>2018-02-28 20:07:23 +0100
committerJosé Bollo <jose.bollo@iot.bzh>2018-02-28 20:10:46 +0100
commitae33f9100e3b67a8ce07e5ad8b1f0ee73867df6a (patch)
tree9180f8dbd75ff481dae22f5944455f9b6218a0e1 /conf/README.md
parenta44174a09215e7b4dd56084662cc2a068404ffea (diff)
Refactor user session management
Change-Id: Ib6ba886df110d8a23e3760e1818263ec757b9c7c Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Diffstat (limited to 'conf/README.md')
-rw-r--r--conf/README.md47
1 files changed, 47 insertions, 0 deletions
diff --git a/conf/README.md b/conf/README.md
new file mode 100644
index 0000000..e983328
--- /dev/null
+++ b/conf/README.md
@@ -0,0 +1,47 @@
+Configuration of af-main using systemd
+======================================
+
+Mechanism to start user sessions
+--------------------------------
+
+The mechanism to start a session for the user of **UID** is
+to start the service **afm-user-session@UID.service**.
+
+This has the effect of starting a session.
+
+To achieve that goal the first is to start the user session.
+This is done using the 2 systemd directives [1]:
+
+ User=%i
+ PAMName=afm-user-session
+
+The first tells what is the user. %i is replaced by the parameter
+of the service: UID. So the user is referenced here by its number.
+
+For this user, the PAM script **afm-user-session** is evaluated.
+It is implmented by the file */etc/pam.d/afm-user-session*.
+That script MUST refer to *pam_systemd.so* for opening the session
+with systemd. It often takes the form of a line of the form:
+
+ session optional pam_systemd.so
+
+that is directly or indirectly (through includes) activated by
+**afm-user-session**. [2] [3]
+
+The effect of starting a systemd user session is to start the
+user services and the most important one: dbus.
+
+When the user session is started, the service
+**afm-user-session@UID.service** enters its second phase:
+activation of the user session for the framework.
+
+This is achieved by activating the target **afm-user-session@.target**.
+But activating a *system* unit from a *user* session is a
+thing that has to be safe. This is done by the program
+**afm-user-session**. This program runs as rot (with the set-uid)
+and simply execute *systemctl --wait start afm-user-session@UID.target*.
+Where *UID* is the user id of the calling process.
+
+[1] https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+[2] https://www.freedesktop.org/software/systemd/man/pam_systemd.html
+[3] https://linux.die.net/man/5/pam.conf