Sorting out systemd's system.conf, user.conf, and logind.conf

September 14, 2017

Here's a mistake that I've made more than once and that I'm going to try to get rid of by writing it down.

Systemd organizes running processes into a tree of, well, let's call them units for now (mechanically they're control groups), which partly manifests in the form of slice units. One of the big divisions in this hierarchy is between processes involved in services, which are put under system.slice, and user session processes, which are under user.slice. There are many situations where you would like to apply different settings to user processes than to system ones, partly because these processes are fundamentally different in several respects.

(For example, all services should normally have some way to explicitly stop them and this will normally do some sort of orderly shutdown of the service involved. User slices, sessions, and scopes have no such thing and thus no real concept of an 'orderly shutdown'; all you can do is hit them with various Unix signals until they go away. For user stuff, the orderly shutdown was generally supposed to happen when the user logged off.)

Systemd has two configuration files, system.conf and user.conf. One of the things system.conf can do is set global defaults for all units and all processes, both system processes (things under system.slice) and user processes (things under user.slice), for example DefaultTimeoutStopSec and DefaultCPUAccounting. As mentioned, there are plenty of times when you'd like to set or change these things only for user processes. You would think that systemd would provide a way to do this, and further if you're irritated with systemd and not paying close attention, you might think that user.conf can be used to set these things just for user processes. After all, surely systemd provides a way to do this obvious thing and 'user' is right there in the file's name. This is wrong.

What user.conf is for is covered in the manpage for both files; it sets these values for systemd user instances, which are per-user systemd instances that the user can control and do things with. Systemd user instances can be used for interesting things (see the Arch wiki on them), but I don't currently deal with any systems that use them actively so they're not on my mind much.

(Both Ubuntu 16.04 and Fedora 26 do start systemd user instances for people, but I don't think anyone on our systems uses them for anything; right now, they're just there.)

If systemd ever allows you to set things like DefaultCPUAccounting only for user processes, instead of globally, the place it might wind up is logind.conf, which configures systemd-logind, which is the systemd bit that actually sets up user slices, sessions, scopes, and so on (often in part through pam_systemd). This seems a logical location to me because systemd-logind is where user stuff is controlled in general and logind.conf already has the UserTasksMax setting. I don't know if anything like this is being contemplated by the systemd people, though, and there are alternate approaches such as allowing user-${UID}.slice slices to be templated (although in the current setup, this would require renaming them to have an @ in their name, eg user@${UID}.slice).

(I'm sure this seems like a silly mistake to make, and it certainly sounds like it when I've written it out like this. All I can say is that I've already made this mistake at least twice that I can remember; the most recent time made it into an irritated tweet that exhibited my misunderstanding.)


Comments on this page:

I got a bit confused by this, as the reasons you weren't able to set these two directives were different for each one. I can't see a link to them, so here:

SystemdLoginScopeTimeout

Ubuntu1604FairShareScheduling

The latter is particularly confusing, as there is a natural way to do it, which you describe as being documented, but did not actually work in 16.04. This is the one where having user-$UID.slice as a templated unit would allow a workaround. Templated slices don't help with StopTimeout, because as you noted in the post, you can't set that on slice units.

Also on a similar topic:

SystemdDynamicUserLimits

Written on 14 September 2017.
« System shutdown is complicated and involves policy decisions
Firefox 57 and the state of old pre-WebExtensions addons »

Page tools: View Source, View Normal, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Thu Sep 14 00:34:52 2017
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.