--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<!-- SPDX-License-Identifier: LGPL-2.1+ -->
+
+<refentry id="user@.service">
+ <refentryinfo>
+ <title>user@.service</title>
+ <productname>systemd</productname>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle>user@.service</refentrytitle>
+ <manvolnum>5</manvolnum>
+ </refmeta>
+
+ <refnamediv>
+ <refname>user@.service</refname>
+ <refname>user-runtime-dir@.service</refname>
+ <refpurpose>System units to manager user processes</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <para><filename>user@<replaceable>UID</replaceable>.service</filename></para>
+ <para><filename>user-runtime-dir@<replaceable>UID</replaceable>.service</filename></para>
+ <para><filename>user-<replaceable>UID</replaceable>.slice</filename></para>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>Description</title>
+
+ <para>The
+ <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+ system manager (PID 1) starts user manager instances as
+ <filename>user@<replaceable>UID</replaceable>.service</filename>, where the user's numerical UID
+ is used as the instance identifier. Each <command>systemd --user</command> instance manages a
+ hierarchy of its own units. See
+ <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> for
+ a discussion of systemd units and
+ <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+ for a list of units that form the basis of the unit hierarchies of system and user units.</para>
+
+ <para><filename>user@<replaceable>UID</replaceable>.service</filename> is accompanied by the
+ system unit <filename>user-runtime-dir@<replaceable>UID</replaceable>.service</filename>, which
+ creates the user's runtime directory
+ <filename>/run/user/<replaceable>UID</replaceable></filename>, and then removes it when this
+ unit is stopped.</para>
+
+ <para>User processes may be started by the <filename>user@.service</filename> instance, in which
+ case they will be part of that unit in the system hierarchy. They may also be started elsewhere,
+ for example by
+ <citerefentry><refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum></citerefentry> or a
+ display manager like <command>gdm</command>, in which case they form a .scope unit (see
+ <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
+ Both <filename>user@<replaceable>UID</replaceable>.service</filename> and the scope units are
+ collected under a <filename>user-<replaceable>UID</replaceable>.slice</filename>.</para>
+
+ <para>Individual <filename>user-<replaceable>UID</replaceable>.slice</filename> slices are
+ collected under <filename>user.slice</filename>, see
+ <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>Controlling resources for logged-in users</title>
+
+ <para>Options that control resources available to logged-in users can be configured at a few
+ different levels. As described in the previous section, <filename>user.slice</filename> contains
+ processes of all users, so any resource limits on that slice apply to all users together. The
+ usual way to configure them would be through drop-ins, e.g. <filename
+ noindex='true'>/etc/systemd/system/user.slice.d/resources.conf</filename>.
+ </para>
+
+ <para>The processes of a single user are collected under
+ <filename>user-<replaceable>UID</replaceable>.slice</filename>. Resource limits for that user
+ can be configured through drop-ins for that unit, e.g. <filename
+ noindex='true'>/etc/systemd/system/user-1000.slice.d/resources.conf</filename>. If the limits
+ should apply to all users instead, they may be configured through drop-ins for the truncated
+ unit name, <filename>user-.slice</filename>. For example, configuration in <filename
+ noindex='true'>/etc/systemd/system/user-.slice.d/resources.conf</filename> is included in all
+ <filename>user-<replaceable>UID</replaceable>.slice</filename> units, see
+ <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for a discussion of the drop-in mechanism.</para>
+
+ <para>When a user logs in and a .scope unit is created for the session (see previous section),
+ the creation of the scope may be managed through
+ <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
+ This PAM module communicates with
+ <citerefentry><refentrytitle>systemd-logind</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ to create the session scope and provide access to hardware resources. Resource limits for the
+ scope may be configured through the PAM module configuration, see
+ <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
+ Configuring them through the normal unit configuration is also possible, but since
+ the name of the slice unit is generally unpredictable, this is less useful.</para>
+
+ <para>In general any resources that apply to units may be set for
+ <filename>user@<replaceable>UID</replaceable>.service</filename> and the slice
+ units discussed above, see
+ <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for an overview.</para>
+ </refsect1>
+
+ <refsect1>
+ <title>Examples</title>
+ <example>
+ <title>Hierarchy of control groups with two logged in users</title>
+
+ <programlisting>$ systemd-cgls
+Control group /:
+-.slice
+├─user.slice
+│ ├─user-1000.slice
+│ │ ├─user@1000.service
+│ │ │ ├─pulseaudio.service
+│ │ │ │ └─2386 /usr/bin/pulseaudio --daemonize=no
+│ │ │ └─gnome-terminal-server.service
+│ │ │ └─init.scope
+│ │ │ ├─ 4127 /usr/libexec/gnome-terminal-server
+│ │ │ └─ 4198 zsh
+│ │ …
+│ │ └─session-4.scope
+│ │ ├─ 1264 gdm-session-worker [pam/gdm-password]
+│ │ ├─ 2339 /usr/bin/gnome-shell
+│ │ …
+│ │ ├─session-19.scope
+│ │ ├─6497 sshd: zbyszek [priv]
+│ │ ├─6502 sshd: zbyszek@pts/6
+│ │ ├─6509 -zsh
+│ │ └─6602 systemd-cgls --no-pager
+│ …
+│ └─user-1001.slice
+│ ├─session-20.scope
+│ │ ├─6675 sshd: guest [priv]
+│ │ ├─6708 sshd: guest@pts/6
+│ │ └─6717 -bash
+│ └─user@1001.service
+│ ├─init.scope
+│ │ ├─6680 /usr/lib/systemd/systemd --user
+│ │ └─6688 (sd-pam)
+│ └─sleep.service
+│ └─6706 /usr/bin/sleep 30
+…</programlisting>
+ <para>User with UID 1000 is logged in using <command>gdm</command> (<filename
+ noindex='true'>session-4.scope</filename>) and
+ <citerefentry><refentrytitle>ssh</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+ (<filename noindex='true'>session-19.scope</filename>), and also has a user manager instance
+ running (<filename noindex='true'>user@1000.service</filename>). User with UID 1001 is logged
+ in using <command>ssh</command> (<filename noindex='true'>session-20.scope</filename>) and
+ also has a user manager instance running (<filename
+ noindex='true'>user@1001.service</filename>). Those are all (leaf) system units, and form
+ part of the slice hierarchy, with <filename noindex='true'>user-1000.slice</filename> and
+ <filename noindex='true'>user-1001.slice</filename> below <filename
+ noindex='true'>user.slice</filename>. User units are visible below the
+ <filename>user@.service</filename> instances (<filename
+ noindex='true'>pulseaudio.service</filename>, <filename
+ noindex='true'>gnome-terminal-server.service</filename>, <filename
+ noindex='true'>init.scope</filename>, <filename noindex='true'>sleep.service</filename>).
+ </para>
+ </example>
+
+ <example>
+ <title>Default user resource limits</title>
+
+ <programlisting>$ systemctl cat user-1000.slice
+# /usr/lib/systemd/system/user-.slice.d/10-defaults.conf
+# …
+[Unit]
+Description=User Slice of UID %j
+After=systemd-user-sessions.service
+
+[Slice]
+TasksMax=33%</programlisting>
+ <para>The <filename>user-<replaceable>UID</replaceable>.slice</filename> units by default don't
+ have a unit file. The resource limits are set through a drop-in, which can be easily replaced
+ or extended following standard drop-in mechanisms discussed in the first section.</para>
+ </example>
+ </refsect1>
+
+ <refsect1>
+ <title>See Also</title>
+ <para>
+ <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
+ <citerefentry project='man-pages'><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ </para>
+ </refsect1>
+</refentry>