https://stackoverflow.com/questions/15352700
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianThe short answer is no, they're different things, but processes that handle login sessions should handle both of them.
The PAM session is a concept internal to libpam. In brief, when an application that uses PAM starts up, it calls pam_start and then calls one or more PAM functions, which in turn are dispatched by libpam to the PAM modules. Two of those calls are pam_open_session and pam_close_session.
The goal of the PAM session is to handle setup and teardown of a (normally interactive, although not necessarily) login session. Therefore, the PAM modules configured in the session group will generally do things like add the user to utmp, set up any per-login environments (such as a local tmpdir if one configures such a thing), store Kerberos credentials, and so on. On session close, they'll undo those changes.
Note that this means that the process that calls pam_open_session has to stick around for the length of the login session so that it can call pam_close_session at the conclusion. There isn't anything magic that makes this happen.
setsid is something much lower level. setsid is at approximately the same level as a process group, which is a related group of processes normally attached to a tty (a controlling terminal). The purpose of that is primarily for shell session management: your session are all the processes that should generally receive SIGHUP when you close the shell, that you may want to manage with process management (suspend and continue, for example), and so forth. All the processes in the session group for your shell have a controlling terminal set to your pseudo-tty, which has various low-level implications for process control and signal handling.
