2016-07-31
(Not) changing the stop timeout for systemd login session scopes
I wrote earlier about an irritating systemd reboot behavior, where systemd may twiddle its thumbs for
a minute and a half before killing some still-running user processes
and actually rebooting your machine. In that entry I suggested that
changing DefaultTimeoutStopSec in /etc/systemd/user.conf (or in
a file in user.conf.d) would fix this, and then reversed myself
in an update. That still leaves us with the question: how do you
change this for user scopes?
The answer is that you basically can't. As far as I can tell, there
is no way in systemd to change TimeoutStopSec for just user scopes
(or just some user scopes). You can set DefaultTimeoutStopSec in
/etc/systemd/system.conf (or in a file in system.conf.d), but
then it affects everything instead of just user scopes.
(It's possible that you're okay with this; you may be of the view that when you say 'shut the machine down', you want the machine down within a relatively short period even if some daemons are being balky. And aggressively killing such balky processes is certainly traditional Unix shutdown behavior; systemd is being really quite laid back here. This is an appealing argument, but I haven't had the courage to put it into practice on my machines.)
As you can see in systemctl status's little CGroup layout chart,
your user processes are in the following inheritance tree:
user.slice -> user-NNN.slice -> session-N.scope
You can create systemd override files for user.slice or even
user-NNN.slice, but they can't contain either DefaultTimeoutStopSec
or TimeoutStopSec directives. The former must go in a [Manager]
section and the latter must go in a [Service] one, and neither
section is accepted in slice units. There is a 'user@NNN.service'
that is set up as part of logging in, and since it's a .service
unit you can set a TimeoutStopSec in systemd override files for
it (either for all users or for a specific UID), but it isn't used
for very much and what you set for it doesn't affect your session
scope, which is where we need to get the timeout value set.
If you want to use a really blunt hammer you can set KillUserProcesses
in /etc/systemd/logind.conf (or in a logind.conf.d file).
However, this has one definite and one probable drawback. The
definite drawback is that this kneecaps screen, tmux, and any
other way of keeping processes running when you're not logged in,
unless you always remember to use the workarounds (and you realize
that you need them in each particular circumstance).
(I don't know what it does to things like web server CGIs run as
you via suexec or processes started under your UID as part of
delivering mail. Probably all of those processes count as part of
the relevant service.)
The probable drawback is that I suspect systemd does this process killing in the same way it does it for reboots, which means that the default 90 second timeout applies. So if you're logging in with processes that will linger, you log out, and then you immediately try to reboot the machine, you're still going to be waiting almost the entire timeout interval.