Thanks for your answer. Still I'm quite confused.
On 12/10/2020 18:21, Mantas Mikulėnas wrote:
It's a worker process which calls pam_open_session() and
pam_close_session() on behalf of the user@<uid>.service unit.
Well I may be misunderstanding but this user@<uid>.service seems like a
top level (for this user) placeholder for various other services units
and/or scope, among which the init.scope corresponding to the sd-pam and
systemd --user processes).
So you mean that any service in this placeholder can and do use the
sd-pam helper to call pam_open_session() and pam_close_session instead
of doing it themselves, passing it the relevant PAMName ?
So when you see sd-pam under user@<uid>.service, that means it's
handling the "systemd-user" PAM service.
I'm not sure I understood in which cases this PAM service name is used
They're different but related. Systemd user sessions are always managed
through PAM (the pam_systemd module), so whenever cron calls
pam_open_session() it indirectly starts a systemd session as well.
You mean crond running as the user who has his own crontab does call
pam_open_session() which is defined in the pam_systemd module ?
If this is correct, this has indeed nothing to do with the sd-pam
pam_open_seesion() mentionned above or does it ?
- what does the first error message refers to and why does the
systemd-user pam service name get passed ? and by which systemd (system
or user) ?
Your systemd --user instance is run as a service
Yes I understood that. But again I'm not really sure what services or
other units it is supposed to run if I didn't defined user custom
services. Is it responsible to run things like the user's UI termnials
for instance ?
Because of that, the service needs to have its own PAM service name and
makes its own PAM calls independently from crond or anything else.
Ok so it's this service (systemd --user) which uses the systemd-user PAM
service name ? Passed to the generic sd-pam worker ? Correct ?
- what is the failing systemd job the second message refers to ? Does
this mean that the crond "session" gets created by the systemd --user
instance (as some gnome apps in other contexts for instance) ?
No, it's mostly the opposite – the starting of user@<uid>.service is
triggered by crond opening its PAM session.
Sorry I don't get it : what service exactly is started ? crond opening
its PAM session does not cause a systemd --user to be instanciated or
does it ? I thought the only way to have a systemd --user was through
the creation via pam_systemd notifying systemd-logind at a user fist
login (and/or to linger the user)
Thanks for your help
--
Thomas HUMMEL
_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
