It seems to be surprisingly difficult to just mount a tmpfs directory when a user logs in and unmount it when a user logs out.
It actually is, because that's exactly what pam_mount does.
Unsing system-login should™ not get you the unmounting issues (that's a pam_auth issue, https://wiki.archlinux.org/index.php?ti … did=491553 ) and obviously, if you want to use more PAMs, you'll have to edit your pam config.
*shrug*
If you worry about bad things to happen if eg. some pam module (tally) is retracted and your config now broken (apparently happens ;-) you could maybe appeal the the maintainer of https://www.archlinux.org/packages/core/any/pambase/ to make it more generic by unconditionally including some system-login-local-config or system-login-custom (to avoid confusion w/ local-login)
]]>WorMzy wrote:As System Administration is closed to regular users, I'm going to move this to Apps/DE.
Isn't that only for creating threads, not replying to them?
I've now made it completely Read Only. No-one can post new topics or replies to System Administration now.
]]>I can use systemd-tmpfiles to create a temporary directory but only on an existing filesystem (unless I've missed an option). While I could place all temporary user directories on a common tmpfs filesystem, my goal is to provide a separate tmpfs filesystem for each user for isolation to and avoid writing temporary date to disk. I see no way to do this with tmpfiles.
Systemd mounts initially seemed promising but I ran into the same problem that I encountered the last time I tried this (and subsequently forgot about it), namely that the "Where" option of the [Mount] section must match the file name. While the unit file supports specifiers such as "%u" as a placeholder for the invoking user's name, this doesn't seem to be supported in the name, even escaped with "systemd-escape -p --suffix=mount ...". I suppose that systemd's mount ordering requires absolute and unambiguous paths so there doesn't seem to be any way to template mount units. And even if it did support specifiers in the mount path, mount units can only be run by the system user. Separate system units per user seems to be the only way to do it, but that's manageable with a script.
As for mounting on login and logout, it seems that I can use automount units to mount the user tmpfs filesystems on demand when the user logs in, but the only automatic unmount option I see is based on an idleness timer. That won't work for me because I need to ensure that the tmpfs directory remains mounted until the user logs out to prevent data loss, even if the user idles for a few days or more.
I still need to check the options for tmpfs in systemd-homed.
It seems to be surprisingly difficult to just mount a tmpfs directory when a user logs in and unmount it when a user logs out.
]]>Xyne wrote:The drawback of user units in my case is that they are located in the user directory
Only those that are specific to a given user. They can also be in /etc/systemd/user/ and will be started at each users login.
^^ This.
To set up a user unit via /etc/ managed enablement, use
systemctl enable --global <unit>
(This is happening for you right now since official repo packages set up user level sockets automatically in /etc/systemd/user/sockets.target.wants/ for socket-activated things like pulseaudio or the gpg-agent.)
]]>The drawback of user units in my case is that they are located in the user directory
Only those that are specific to a given user. They can also be in /etc/systemd/user/ and will be started at each users login.
]]>@Trilby
The drawback of user units in my case is that they are located in the user directory, which is what I want to mount in tmpfs. It seems that I would need to copy the into the parent filesystem at /home/tmp/foo/.config/user-tmpfiles.d/ and then mount a tmpfs filesystem on top of it. I could probably make that work but it seems kludgy. The ideal would be able to use a system unit to mount a tmpfs directory for a user in a given group on login, before any files in the user's home directory are accessed.
I suppose that I could just manually create system instances of systemd-tmpfiles for each member of a given user group, which would be simple to script, but I don't know if I cat sync the mounting to user sessions.
@schard
I'll dig deeper into systemd-homed. So far I haven't been able to find anything about mounting tmpfs filesystems with it.
As System Administration is closed to regular users, I'm going to move this to Apps/DE.
Isn't that only for creating threads, not replying to them?
]]>I suspect that I can achieve the same setup with systemd and user sessions but I can't seem to find the relevant documentation. I asked the question back in 2012 but it wasn't possible then. Can anyone confirm if this has changed?
To give a concrete example, when user "foo" logs in, I want to mount a tmpfs filesystem to /home/tmp/foo.
/home/tmp/foo should be mounted before sourcing bash_profile and the various snippets in /etc/profile.d.
If "foo" logs in on multiple terminals simultaneously, only the first login should mount /home/tmp/foo and all other logins should detect that /home/tmp/foo is already mounted.
/home/tmp/foo should be unmounted when the last session of user "foo" logs out.
I would also like to be able to mount a luks encrypted partition for a user on login, but this does not seem to be possible. However, if I am mistaken, please tell me.
]]>