This plain ∞ groff(1) HTML output has only been fixed slightly — i am sorry for false list indentions etc.!
pam_xdg [v0.8.5, 2024-11-27] — PAM module that manages XDG Base Directories
SYNOPSIS
pam_xdg.so [runtime] [notroot] [track_sessions [per_user_lock]]
DESCRIPTION
pam_xdg.so is a PAM module that manages creation of the XDG_RUNTIME_DIR directory, as well as injection of environment variables denoting all directories specified by the XDG Base Directory Specification 0.8: https://specifications.freedesktop.org/basedir-spec/basedir-spec- latest.html, into user sessions.
When linked into the PAM session system the runtime directory will be created once a user creates his or her first login session. Unless runtime was given all XDG related environment variables will be created in all user sessions with their default or computed values, otherwise only XDG_RUNTIME_DIR. If notroot was given the module will bypass itself for root account logins and perform no actions for root, except removing any possibly existing XDG environment variable. Lastly track_sessions will enable session tracking: once the last session ends, the user’s XDG_RUNTIME_DIR will be recursively removed; on high-load servers then setting per_user_lock will reduce lock file lock contention.
In order to make use of this module, place the following in the ‘session’ part of the control file of desire under /etc/pam.d, on Linux it may be /etc/pam.d/common-session if that exists, on BSD’s the files /etc/pam.d/system as well as /etc/pam.d/login, /etc/pam.d/sshd and /etc/pam.d/su may be desirable, adjusting paths as necessary:
session optional pam_xdg.so notroot track_sessions
SEE ALSO
pam(3), pam.conf(5)
AUTHORS
Steffen Nurpmeso <[email protected]>.
CAVEATS
On Unix systems any “daemonized” program or script is reparented to the program running with PID 1, most likely leaving the PAM user session without PAM recognizing this. Yet careless such code may hold or expect availability of resources of the session it just left, truly performing cleanup when sessions end seems thus unwise. Since so many PAM modules do support session tracking and cleanup pam_xdg.so readded optional support for this.
Copyright (c) 1997 - 2024, Steffen Nurpmeso <[email protected]>
@(#)code-pam_xdg.html-w42 1.5 2024-11-27T23:01:30+0000