环境
- Red Hat Enterprise Linux (RHEL) 7
问题
- We could see
/run/user/1000filesystem , is this a symptom of any issue? - Why do I see multiple of tmpfs filesystems / partitions in the output of df?
- Why do I see a
/run/user/$UIDdirectory when the user is not logged in (i.e. does not appear in the output ofworwho)?
决议
The directory /run/user/$UID is used by pam_systemd to store files that previously where put in /tmp.
This is normal and should not cause any issues.
NOTE: since systemd-219.19, /run/user/$UID is mounted as tmpfs.
The manual page of pam_systemd(8) gives more indications on this.
# man pam_systemd
根源
From the pam_systemd(8) manual page:
pam_systemd registers user sessions with the systemd login manager systemd-logind.service(8), and hence the systemd control group hierarchy.
On login, this module ensures the following:
If it does not exist yet, the user runtime directory /run/user/$USER is created and its ownership changed to the user that is logging in. Then, /run/user/$USER is mounted as tmpfs.
The $XDG_SESSION_ID environment variable is initialized. If auditing is available and pam_loginuid.so was run before this module (which is highly recommended), the variable is
initialized from the auditing session id (/proc/self/sessionid). Otherwise, an independent session counter is used.A new systemd scope unit is created for the session. If this is the first concurrent session of the user, an implicit slice below user.slice is automatically created and the
scope placed into it.On logout, this module ensures the following:
If enabled in logind.conf(5), all processes of the session are terminated. If the last concurrent session of a user ends, the user's slice unit will be terminated too.
If the last concurrent session of a user ends, the $XDG_RUNTIME_DIR directory and all its contents are removed, too. Then, /run/user/$USER is unmounted.
If the system was not booted up with systemd as init system, this module does nothing and immediately returns PAM_SUCCESS.
诊断步骤
The logged in users (a.k.a. users with active logind sessions) can be see with the loginctl command.
[root@node2 ~]# loginctl
SESSION UID USER SEAT
6 1000 george
7 0 root
2 sessions listed.
[root@node2 ~]# mount | grep user
tmpfs on /run/user/1000 type tmpfs (rw,nosuid,nodev,relatime,size=1190072k,mode=700,uid=1000,gid=1000)
gvfsd-fuse on /run/user/1000/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000)
tmpfs on /run/user/0 type tmpfs (rw,nosuid,nodev,relatime,size=1190072k,mode=700)
[root@node2 ~]# df | grep user
tmpfs 1190072 52 1190020 1% /run/user/1000
tmpfs 1190072 0 1190072 0% /run/user/0
Again with the loginctl command we can see some more details about any user with an active session. This can help identify why the user has an active session (i.e. what processes is the user running).
[root@node2 ~]# loginctl user-status 1000
george (1000)
Since: Wed 2016-04-20 09:39:38 CEST; 1min 45s ago
State: active
Sessions: *6
Unit: user-1000.slice
└─session-6.scope
├─6868 sshd: george [priv]
├─6874 sshd: george@pts/0
└─6875 -bash
Apr 20 09:39:38 node2 systemd[1]: Starting user-1000.slice.
Apr 20 09:39:38 node2 sshd[6868]: pam_unix(sshd:session): session opened for user george by (uid=0)
[root@node2 ~]# loginctl show-user george
UID=1000
GID=1000
Name=george
Timestamp=Wed 2016-04-20 09:39:38 CEST
TimestampMonotonic=925489438
RuntimePath=/run/user/1000
Slice=user-1000.slice
Display=6
State=active
Sessions=6
IdleHint=no
IdleSinceHint=0
IdleSinceHintMonotonic=0
Linger=no
Traditionally the w and who commands have been used to check which users are logged in. However, in RHEL7, loginctl has more reliable data. For example, if a user is connected through sftp, they do not have an terminal connection (no tty or pty/pts). Because of this, the user does not appear in w or who, but they do appear in loginctl and they have a /run/user/$UID directory and an active session. Again, this can be checked with the loginctl commands shown above.
来源:oschina
链接:https://my.oschina.net/longquan/blog/4313763