loginctl - 控制 systemd 登录管理器

loginctl - Control the systemd login manager

Redhat/centos平台使用loginctl管理登录用户与session

loginctl用途

• 控制 systemd 登录管理器
• 管理当前登录的用户和session

loginctl安装

loginctl [OPTIONS...] {COMMAND} [NAME...]

1. 查看所属的rpm包

[root@blog ~]# whereis loginctl
loginctl: /usr/bin/loginctl /usr/share/man/man1/loginctl.1.gz

[root@blog ~]# rpm -qf /usr/bin/loginctl
systemd-239-18.el8_1.4.x86_64

2. 如果找不到loginctl命令，可以用yum安装

[root@blog ~]# yum install systemd

3. 查看版本和帮助

[root@node-137 ~]# loginctl --version
systemd 219
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN

[root@blog ~]# loginctl --help 

开启loginctl服务

loginctl在使用时需要systemd-logind.service开启

[root@redis local]# loginctl list-sessions
Failed to list-sessions: Unit systemd-logind.service is masked.
[root@redis local]# systemctl start systemd-logind.service
Failed to start systemd-logind.service: Unit systemd-logind.service is masked.

#如果服务被mask,需要先取消mask再start

[root@redis local]# systemctl unmask systemd-logind.service
Removed /etc/systemd/system/systemd-logind.service.
[root@redis local]# systemctl start systemd-logind.service

session操作

1. 列出本机所有的session
   只执行loginctl 和loginctl list-sessions效果一样，list-sessions是 loginctl的默认操作

[root@node-137 ~]# loginctl
   SESSION        UID USER             SEAT
        31       1000 yurq
        15          0 root
        14          0 root
        30       1000 yurq

4 sessions listed.

可以看到：同一个用户可以开启多个session

2. 显示一个session的详细信息

[root@node-137 ~]# loginctl show-session 30
Id=30
User=1000
Name=yurq
Timestamp=Fri 2023-11-24 13:16:25 CST
TimestampMonotonic=12800340928
VTNr=0
Remote=yes
RemoteHost=192.168.17.1
Service=sshd
Scope=session-30.scope
Leader=5648
Audit=30
Type=tty
Class=user
Active=yes
State=closing
IdleHint=no
IdleSinceHint=0
IdleSinceHintMonotonic=0
LockedHint=no

3. 显示一个session的状态:
   session-status: session状态，指定一个session id,可以看到这个session开启的进程等信息

[root@node-137 ~]# loginctl session-status 30
30 - yurq (1000)
           Since: Fri 2023-11-24 13:16:25 CST; 1h 30min ago
          Leader: 5648
          Remote: 192.168.17.1
         Service: sshd; type tty; class user
           State: closing
            Unit: session-30.scope
                  └─5739 podman

Nov 24 13:16:25 node-137 sshd[5648]: pam_unix(sshd:session): session opened for user yurq by (uid=0)
Nov 24 13:16:25 node-137 systemd[1]: Started Session 30 of user yurq.
Nov 24 14:41:58 node-137 sshd[5648]: pam_unix(sshd:session): session closed for user yurq

4. 结束指定的session
   杀死指定会话的所有进程、释放所有与此会话相关的资源
   terminate-session 结束指定的session

[root@node-137 ~]# loginctl terminate-session 30
[root@node-137 ~]# loginctl
   SESSION        UID USER             SEAT
        42          0 root
        43          0 root

2 sessions listed.

5. kill-session 杀死session
   与terminate session基本相同,但可以指定发送的信号。如果不加参数，则signal为SIGTERM

[root@node-137 ~]# loginctl kill-session 46

如果指定SIGSTOP，则session没有退出，但用户的终端会停止响应

[root@node-137 ~]# loginctl kill-session 45 --signal=SIGSTOP

man参考：

 -s, --signal=
           When used with kill-session or kill-user, choose which signal to send to selected processes.
           Must be one of the well known signal specifiers, such as SIGTERM,
           SIGINT or SIGSTOP. If omitted, defaults to SIGTERM.

6. 查看自己的tty的session

[root@node-137 ~]# tty
/dev/pts/0
[root@node-137 ~]# loginctl session-status 42
42 - root (0)
           Since: Fri 2023-11-24 14:42:29 CST; 14min ago
          Leader: 6526 (sshd)
          Remote: 192.168.17.1
         Service: sshd; type tty; class user
           State: active
            Unit: session-42.scope
                  ├─6526 sshd: root@pts/0
                  ├─6530 -bash
                  ├─6765 loginctl session-status 42
                  └─6766 less

Nov 24 14:42:29 node-137 sshd[6526]: pam_unix(sshd:session): session opened for user root by (uid=0)
Nov 24 14:42:29 node-137 systemd[1]: Started Session 42 of user root.

user操作

1. 列出所有用户

[root@node-137 ~]# loginctl list-users
       UID USER
         0 root
      1000 yurq

2 users listed.

2. 查看当前登录用户的详细信息

[root@node-137 ~]# loginctl show-user yurq
UID=1000
GID=1000
Name=yurq
Timestamp=Fri 2023-11-24 13:16:25 CST
TimestampMonotonic=12800338419
RuntimePath=/run/user/1000
Slice=user-1000.slice
Display=45
State=active
Sessions=45
IdleHint=no
IdleSinceHint=0
IdleSinceHintMonotonic=0
Linger=yes

3. 查看登录用户的状态

[root@node-137 ~]# loginctl user-status yurq
yurq (1000)
           Since: Fri 2023-11-24 13:16:25 CST; 1h 43min ago
           State: active
        Sessions: *45
            Unit: user-1000.slice
                  └─session-45.scope
                    ├─6641 sshd: yurq [priv]
                    ├─6644 sshd: yurq@pts/1
                    └─6646 -bash

Nov 24 13:16:25 node-137 sshd[5648]: pam_unix(sshd:session): session opened for user yurq by (uid=0)
Nov 24 13:16:25 node-137 systemd[1]: Created slice User Slice of yurq.
...
Nov 24 14:52:37 node-137 sshd[6643]: pam_unix(sshd:session): session closed for user yurq

4. 结束指定用户的所有session

loginctl terminate-user yurq

5. 停止用户的终端

[webop@blog ~]$ loginctl kill-user webop --signal=SIGSTOP

管理用户服务

loginctl enable-linger [USER…], disable-linger [USER…]

启用/禁止用户逗留(相当于保持登录状态)。 如果指定了用户名或UID， 那么系统将会在启动时自动为这些用户派生出用户管理器， 并且在用户登出后继续保持运行。 这样就可以允许未登录的用户在后台运行持续时间很长的服务。 如果没有指定任何参数， 那么将作用于当前调用者的用户。