]>
Commit | Line | Data |
---|---|---|
514094f9 | 1 | <?xml version='1.0'?> |
3a54a157 | 2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" |
c7f7e859 MK |
3 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ |
4 | <!ENTITY % entities SYSTEM "custom-entities.ent" > | |
5 | %entities; | |
6 | ]> | |
db9ecf05 | 7 | <!-- SPDX-License-Identifier: LGPL-2.1-or-later --> |
8fa365e5 | 8 | |
d3fae78f | 9 | <refentry id="logind.conf" conditional='ENABLE_LOGIND' |
798d3a52 ZJS |
10 | xmlns:xi="http://www.w3.org/2001/XInclude"> |
11 | <refentryinfo> | |
12 | <title>logind.conf</title> | |
13 | <productname>systemd</productname> | |
798d3a52 ZJS |
14 | </refentryinfo> |
15 | ||
16 | <refmeta> | |
17 | <refentrytitle>logind.conf</refentrytitle> | |
18 | <manvolnum>5</manvolnum> | |
19 | </refmeta> | |
20 | ||
21 | <refnamediv> | |
22 | <refname>logind.conf</refname> | |
23 | <refname>logind.conf.d</refname> | |
24 | <refpurpose>Login manager configuration files</refpurpose> | |
25 | </refnamediv> | |
26 | ||
27 | <refsynopsisdiv> | |
12b42c76 TG |
28 | <para><filename>/etc/systemd/logind.conf</filename></para> |
29 | <para><filename>/etc/systemd/logind.conf.d/*.conf</filename></para> | |
798d3a52 | 30 | <para><filename>/run/systemd/logind.conf.d/*.conf</filename></para> |
12b42c76 | 31 | <para><filename>/usr/lib/systemd/logind.conf.d/*.conf</filename></para> |
798d3a52 ZJS |
32 | </refsynopsisdiv> |
33 | ||
34 | <refsect1> | |
35 | <title>Description</title> | |
36 | ||
0f943ae4 ZJS |
37 | <para>These files configure various parameters of the systemd login manager, |
38 | <citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>. See | |
675fa6ea | 39 | <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>7</manvolnum></citerefentry> |
0f943ae4 | 40 | for a general description of the syntax.</para> |
798d3a52 ZJS |
41 | </refsect1> |
42 | ||
e93549ef | 43 | <xi:include href="standard-conf.xml" xpointer="main-conf" /> |
798d3a52 ZJS |
44 | |
45 | <refsect1> | |
46 | <title>Options</title> | |
47 | ||
48 | <para>All options are configured in the | |
bdac5608 | 49 | [Login] section:</para> |
798d3a52 | 50 | |
d2acdcc6 | 51 | <variablelist class='config-directives'> |
798d3a52 ZJS |
52 | |
53 | <varlistentry> | |
54 | <term><varname>NAutoVTs=</varname></term> | |
55 | ||
56 | <listitem><para>Takes a positive integer. Configures how many | |
57 | virtual terminals (VTs) to allocate by default that, when | |
58 | switched to and are previously unused, | |
59 | <literal>autovt</literal> services are automatically spawned | |
60 | on. These services are instantiated from the template unit | |
61 | <filename>autovt@.service</filename> for the respective VT TTY | |
62 | name, for example, <filename>autovt@tty4.service</filename>. | |
63 | By default, <filename>autovt@.service</filename> is linked to | |
64 | <filename>getty@.service</filename>. In other words, login | |
65 | prompts are started dynamically as the user switches to unused | |
66 | virtual terminals. Hence, this parameter controls how many | |
67 | login <literal>gettys</literal> are available on the VTs. If a | |
68 | VT is already used by some other subsystem (for example, a | |
69 | graphical login), this kind of activation will not be | |
70 | attempted. Note that the VT configured in | |
71 | <varname>ReserveVT=</varname> is always subject to this kind | |
72 | of activation, even if it is not one of the VTs configured | |
73 | with the <varname>NAutoVTs=</varname> directive. Defaults to | |
74 | 6. When set to 0, automatic spawning of | |
75 | <literal>autovt</literal> services is | |
76 | disabled.</para></listitem> | |
77 | </varlistentry> | |
78 | ||
79 | <varlistentry> | |
80 | <term><varname>ReserveVT=</varname></term> | |
81 | ||
82 | <listitem><para>Takes a positive integer. Identifies one | |
83 | virtual terminal that shall unconditionally be reserved for | |
84 | <filename>autovt@.service</filename> activation (see above). | |
85 | The VT selected with this option will be marked busy | |
86 | unconditionally, so that no other subsystem will allocate it. | |
87 | This functionality is useful to ensure that, regardless of how | |
88 | many VTs are allocated by other subsystems, one login | |
89 | <literal>getty</literal> is always available. Defaults to 6 | |
90 | (in other words, there will always be a | |
91 | <literal>getty</literal> available on Alt-F6.). When set to 0, | |
92 | VT reservation is disabled.</para></listitem> | |
93 | </varlistentry> | |
94 | ||
95 | <varlistentry> | |
96 | <term><varname>KillUserProcesses=</varname></term> | |
97 | ||
65eb37f8 ZJS |
98 | <listitem><para>Takes a boolean argument. Configures whether the processes of a |
99 | user should be killed when the user logs out. If true, the scope unit | |
100 | corresponding to the session and all processes inside that scope will be | |
4f25723c | 101 | terminated. If false, the scope is "abandoned", see |
65eb37f8 | 102 | <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
c7f7e859 | 103 | and processes are not killed. Defaults to <literal>&KILL_USER_PROCESSES;</literal>, |
921f831d ZJS |
104 | but see the options <varname>KillOnlyUsers=</varname> and |
105 | <varname>KillExcludeUsers=</varname> below.</para> | |
65eb37f8 ZJS |
106 | |
107 | <para>In addition to session processes, user process may run under the user | |
108 | manager unit <filename>user@.service</filename>. Depending on the linger | |
109 | settings, this may allow users to run processes independent of their login | |
110 | sessions. See the description of <command>enable-linger</command> in | |
111 | <citerefentry><refentrytitle>loginctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>. | |
112 | </para> | |
113 | ||
114 | <para>Note that setting <varname>KillUserProcesses=yes</varname> | |
798d3a52 | 115 | will break tools like |
65eb37f8 ZJS |
116 | <citerefentry project='die-net'><refentrytitle>screen</refentrytitle><manvolnum>1</manvolnum></citerefentry> |
117 | and | |
118 | <citerefentry project='die-net'><refentrytitle>tmux</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
119 | unless they are moved out of the session scope. See example in | |
120 | <citerefentry><refentrytitle>systemd-run</refentrytitle><manvolnum>1</manvolnum></citerefentry>. | |
121 | </para></listitem> | |
798d3a52 ZJS |
122 | </varlistentry> |
123 | ||
124 | <varlistentry> | |
125 | <term><varname>KillOnlyUsers=</varname></term> | |
126 | <term><varname>KillExcludeUsers=</varname></term> | |
127 | ||
41b6ae4d ZJS |
128 | <listitem><para>These settings take space-separated lists of usernames that override the |
129 | <varname>KillUserProcesses=</varname> setting. A user name may be added to | |
130 | <varname>KillExcludeUsers=</varname> to exclude the processes in the session scopes of that user from | |
131 | being killed even if <varname>KillUserProcesses=yes</varname> is set. If | |
132 | <varname>KillExcludeUsers=</varname> is not set, the <literal>root</literal> user is excluded by | |
133 | default. <varname>KillExcludeUsers=</varname> may be set to an empty value to override this | |
134 | default. If a user is not excluded, <varname>KillOnlyUsers=</varname> is checked next. If this | |
135 | setting is specified, only the processes in the session scopes of those users will be | |
136 | killed. Otherwise, users are subject to the <varname>KillUserProcesses=yes</varname> setting. | |
137 | </para></listitem> | |
798d3a52 ZJS |
138 | </varlistentry> |
139 | ||
140 | <varlistentry> | |
141 | <term><varname>IdleAction=</varname></term> | |
142 | ||
143 | <listitem><para>Configures the action to take when the system | |
144 | is idle. Takes one of | |
145 | <literal>ignore</literal>, | |
146 | <literal>poweroff</literal>, | |
147 | <literal>reboot</literal>, | |
148 | <literal>halt</literal>, | |
149 | <literal>kexec</literal>, | |
150 | <literal>suspend</literal>, | |
151 | <literal>hibernate</literal>, | |
c58493c0 | 152 | <literal>hybrid-sleep</literal>, |
e68c79db | 153 | <literal>suspend-then-hibernate</literal>, and |
798d3a52 ZJS |
154 | <literal>lock</literal>. |
155 | Defaults to <literal>ignore</literal>.</para> | |
156 | ||
157 | <para>Note that this requires that user sessions correctly | |
158 | report the idle status to the system. The system will execute | |
159 | the action after all sessions report that they are idle, no | |
160 | idle inhibitor lock is active, and subsequently, the time | |
161 | configured with <varname>IdleActionSec=</varname> (see below) | |
162 | has expired.</para> | |
163 | </listitem> | |
164 | </varlistentry> | |
165 | ||
166 | <varlistentry> | |
167 | <term><varname>IdleActionSec=</varname></term> | |
168 | ||
169 | <listitem><para>Configures the delay after which the action | |
170 | configured in <varname>IdleAction=</varname> (see above) is | |
171 | taken after the system is idle.</para></listitem> | |
172 | </varlistentry> | |
173 | ||
174 | <varlistentry> | |
175 | <term><varname>InhibitDelayMaxSec=</varname></term> | |
176 | ||
177 | <listitem><para>Specifies the maximum time a system shutdown | |
178 | or sleep request is delayed due to an inhibitor lock of type | |
179 | <literal>delay</literal> being active before the inhibitor is | |
180 | ignored and the operation executes anyway. Defaults to | |
181 | 5.</para></listitem> | |
182 | </varlistentry> | |
183 | ||
9afe9efb LP |
184 | <varlistentry> |
185 | <term><varname>UserStopDelaySec=</varname></term> | |
186 | ||
187 | <listitem><para>Specifies how long to keep the user record and per-user service | |
188 | <filename>user@.service</filename> around for a user after they logged out fully. If set to zero, the per-user | |
189 | service is terminated immediately when the last session of the user has ended. If this option is configured to | |
190 | non-zero rapid logout/login cycles are sped up, as the user's service manager is not constantly restarted. If | |
191 | set to <literal>infinity</literal> the per-user service for a user is never terminated again after first login, | |
192 | and continues to run until system shutdown. Defaults to 10s.</para></listitem> | |
193 | </varlistentry> | |
194 | ||
798d3a52 ZJS |
195 | <varlistentry> |
196 | <term><varname>HandlePowerKey=</varname></term> | |
a520bb66 YA |
197 | <term><varname>HandlePowerKeyLongPress=</varname></term> |
198 | <term><varname>HandleRebootKey=</varname></term> | |
199 | <term><varname>HandleRebootKeyLongPress=</varname></term> | |
798d3a52 | 200 | <term><varname>HandleSuspendKey=</varname></term> |
a520bb66 | 201 | <term><varname>HandleSuspendKeyLongPress=</varname></term> |
798d3a52 | 202 | <term><varname>HandleHibernateKey=</varname></term> |
a520bb66 | 203 | <term><varname>HandleHibernateKeyLongPress=</varname></term> |
798d3a52 | 204 | <term><varname>HandleLidSwitch=</varname></term> |
e25937a3 | 205 | <term><varname>HandleLidSwitchExternalPower=</varname></term> |
798d3a52 ZJS |
206 | <term><varname>HandleLidSwitchDocked=</varname></term> |
207 | ||
30e0343b LP |
208 | <listitem><para>Controls how logind shall handle the system power, reboot and sleep keys and the lid |
209 | switch to trigger actions such as system power-off, reboot or suspend. Can be one of | |
210 | <literal>ignore</literal>, <literal>poweroff</literal>, <literal>reboot</literal>, | |
211 | <literal>halt</literal>, <literal>kexec</literal>, <literal>suspend</literal>, | |
212 | <literal>hibernate</literal>, <literal>hybrid-sleep</literal>, | |
213 | <literal>suspend-then-hibernate</literal>, <literal>lock</literal>, and | |
214 | <literal>factory-reset</literal>. If <literal>ignore</literal>, <command>systemd-logind</command> | |
215 | will never handle these keys. If <literal>lock</literal>, all running sessions will be screen-locked; | |
216 | otherwise, the specified action will be taken in the respective event. Only input devices with the | |
217 | <literal>power-switch</literal> udev tag will be watched for key/lid switch | |
218 | events.</para> | |
219 | ||
220 | <para><varname>HandlePowerKey=</varname> defaults to <literal>poweroff</literal>, | |
221 | <varname>HandleRebootKey=</varname> defaults to <literal>reboot</literal>, | |
222 | <varname>HandleSuspendKey=</varname> defaults to <literal>suspend</literal>, | |
223 | <varname>HandleHibernateKey=</varname> defaults to <literal>hibernate</literal>, | |
224 | <varname>HandlePowerKeyLongPress=</varname> defaults to <literal>ignore</literal>, | |
225 | <varname>HandleRebootKeyLongPress=</varname> defaults to <literal>poweroff</literal>, | |
226 | <varname>HandleSuspendKeyLongPress=</varname> defaults to <literal>hibernate</literal>, | |
227 | <varname>HandleHibernateKeyLongPress=</varname> defaults to <literal>ignore</literal>. | |
228 | <varname>HandleLidSwitch=</varname> defaults to <literal>suspend</literal>. | |
229 | <varname>HandleLidSwitchExternalPower=</varname> is completely ignored by default (for backwards | |
230 | compatibility) — an explicit value must be set before it will be used to determine | |
231 | behaviour. <varname>HandleLidSwitchDocked=</varname> defaults to <literal>ignore</literal>. If the | |
232 | system is inserted in a docking station, or if more than one display is connected, the action | |
233 | specified by <varname>HandleLidSwitchDocked=</varname> occurs; if the system is on external power the | |
234 | action (if any) specified by <varname>HandleLidSwitchExternalPower=</varname> occurs; otherwise the | |
235 | <varname>HandleLidSwitch=</varname> action occurs.</para> | |
05b2a8fd ZJS |
236 | |
237 | <para>A different application may disable logind's handling of system power and | |
238 | sleep keys and the lid switch by taking a low-level inhibitor lock | |
3daffa82 | 239 | (<literal>handle-power-key</literal>, <literal>handle-suspend-key</literal>, |
adbb2b6a | 240 | <literal>handle-hibernate-key</literal>, <literal>handle-lid-switch</literal>, |
a520bb66 | 241 | <literal>handle-reboot-key</literal>). |
3daffa82 | 242 | This is most commonly used by graphical desktop environments |
05b2a8fd ZJS |
243 | to take over suspend and hibernation handling, and to use their own configuration |
244 | mechanisms. If a low-level inhibitor lock is taken, logind will not take any | |
245 | action when that key or switch is triggered and the <varname>Handle*=</varname> | |
246 | settings are irrelevant.</para></listitem> | |
798d3a52 ZJS |
247 | </varlistentry> |
248 | ||
249 | <varlistentry> | |
250 | <term><varname>PowerKeyIgnoreInhibited=</varname></term> | |
251 | <term><varname>SuspendKeyIgnoreInhibited=</varname></term> | |
252 | <term><varname>HibernateKeyIgnoreInhibited=</varname></term> | |
253 | <term><varname>LidSwitchIgnoreInhibited=</varname></term> | |
adbb2b6a | 254 | <term><varname>RebootKeyIgnoreInhibited=</varname></term> |
798d3a52 | 255 | |
05b2a8fd | 256 | <listitem><para>Controls whether actions that <command>systemd-logind</command> |
adbb2b6a RM |
257 | takes when the power, reboot and sleep keys and the lid switch are triggered are subject |
258 | to high-level inhibitor locks ("shutdown", "reboot", "sleep", "idle"). Low level inhibitor | |
3daffa82 | 259 | locks (<literal>handle-power-key</literal>, <literal>handle-suspend-key</literal>, |
adbb2b6a RM |
260 | <literal>handle-hibernate-key</literal>, <literal>handle-lid-switch</literal>, |
261 | <literal>handle-reboot-key</literal>), | |
3daffa82 | 262 | are always honored, irrespective of this setting.</para> |
05b2a8fd ZJS |
263 | |
264 | <para>These settings take boolean arguments. If <literal>no</literal>, the | |
265 | inhibitor locks taken by applications are respected. If <literal>yes</literal>, | |
adbb2b6a | 266 | "shutdown", "reboot" "sleep", and "idle" inhibitor locks are ignored. |
798d3a52 | 267 | <varname>PowerKeyIgnoreInhibited=</varname>, |
adbb2b6a RM |
268 | <varname>SuspendKeyIgnoreInhibited=</varname>, |
269 | <varname>HibernateKeyIgnoreInhibited=</varname> and | |
270 | <varname>RebootKeyIgnoreInhibited=</varname> default to <literal>no</literal>. | |
05b2a8fd ZJS |
271 | <varname>LidSwitchIgnoreInhibited=</varname> defaults to <literal>yes</literal>. |
272 | This means that when <command>systemd-logind</command> is handling events by | |
273 | itself (no low level inhibitor locks are taken by another application), the lid | |
274 | switch does not respect suspend blockers by default, but the power and sleep keys | |
275 | do.</para></listitem> | |
798d3a52 ZJS |
276 | </varlistentry> |
277 | ||
9d10cbee DH |
278 | <varlistentry> |
279 | <term><varname>HoldoffTimeoutSec=</varname></term> | |
280 | ||
e9dd6984 | 281 | <listitem><para>Specifies a period of time after system startup or |
9d10cbee | 282 | system resume in which systemd will hold off on reacting to |
a8eaaee7 JE |
283 | lid events. This is required for the system to properly |
284 | detect any hotplugged devices so systemd can ignore lid events | |
9d10cbee DH |
285 | if external monitors, or docks, are connected. If set to 0, |
286 | systemd will always react immediately, possibly before the | |
287 | kernel fully probed all hotplugged devices. This is safe, as | |
288 | long as you do not care for systemd to account for devices | |
289 | that have been plugged or unplugged while the system was off. | |
290 | Defaults to 30s.</para></listitem> | |
291 | </varlistentry> | |
292 | ||
798d3a52 ZJS |
293 | <varlistentry> |
294 | <term><varname>RuntimeDirectorySize=</varname></term> | |
295 | ||
296 | <listitem><para>Sets the size limit on the | |
297 | <varname>$XDG_RUNTIME_DIR</varname> runtime directory for each | |
298 | user who logs in. Takes a size in bytes, optionally suffixed | |
299 | with the usual K, G, M, and T suffixes, to the base 1024 | |
300 | (IEC). Alternatively, a numerical percentage suffixed by | |
301 | <literal>%</literal> may be specified, which sets the size | |
302 | limit relative to the amount of physical RAM. Defaults to 10%. | |
303 | Note that this size is a safety limit only. As each runtime | |
304 | directory is a tmpfs file system, it will only consume as much | |
90558f31 LP |
305 | memory as is needed.</para></listitem> |
306 | </varlistentry> | |
307 | ||
cc1c85fb TM |
308 | <varlistentry> |
309 | <term><varname>RuntimeDirectoryInodesMax=</varname></term> | |
310 | ||
311 | <listitem><para>Sets the limit on number of inodes for the | |
312 | <varname>$XDG_RUNTIME_DIR</varname> runtime directory for each | |
313 | user who logs in. Takes a number, optionally suffixed with the | |
314 | usual K, G, M, and T suffixes, to the base 1024 (IEC). | |
315 | Defaults to <varname>RuntimeDirectorySize=</varname> divided | |
316 | by 4096. Note that this size is a safety limit only. | |
317 | As each runtime directory is a tmpfs file system, it will | |
318 | only consume as much memory as is needed.</para></listitem> | |
319 | </varlistentry> | |
320 | ||
c5a11ae2 LP |
321 | <varlistentry> |
322 | <term><varname>InhibitorsMax=</varname></term> | |
323 | ||
324 | <listitem><para>Controls the maximum number of concurrent inhibitors to permit. Defaults to 8192 | |
325 | (8K).</para></listitem> | |
326 | </varlistentry> | |
327 | ||
183e0738 LP |
328 | <varlistentry> |
329 | <term><varname>SessionsMax=</varname></term> | |
330 | ||
331 | <listitem><para>Controls the maximum number of concurrent user sessions to manage. Defaults to 8192 | |
332 | (8K). Depending on how the <filename>pam_systemd.so</filename> module is included in the PAM stack | |
333 | configuration, further login sessions will either be refused, or permitted but not tracked by | |
334 | <filename>systemd-logind</filename>.</para></listitem> | |
335 | </varlistentry> | |
336 | ||
798d3a52 ZJS |
337 | <varlistentry> |
338 | <term><varname>RemoveIPC=</varname></term> | |
339 | ||
f59d94bc LP |
340 | <listitem><para>Controls whether System V and POSIX IPC objects belonging to the user shall be removed when the |
341 | user fully logs out. Takes a boolean argument. If enabled, the user may not consume IPC resources after the | |
342 | last of the user's sessions terminated. This covers System V semaphores, shared memory and message queues, as | |
343 | well as POSIX shared memory and message queues. Note that IPC objects of the root user and other system users | |
344 | are excluded from the effect of this setting. Defaults to <literal>yes</literal>.</para></listitem> | |
798d3a52 ZJS |
345 | </varlistentry> |
346 | ||
82325af3 MS |
347 | <varlistentry> |
348 | <term><varname>StopIdleSessionSec=</varname></term> | |
349 | ||
350 | <listitem><para>Specifies a timeout in seconds, or a time span value after which | |
351 | <filename>systemd-logind</filename> checks the idle state of all sessions. Every session that is idle for | |
352 | longer then the timeout will be stopped. Defaults to <literal>infinity</literal> | |
353 | (<filename>systemd-logind</filename> is not checking the idle state of sessions). For details about the syntax | |
354 | of time spans, see | |
355 | <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>. | |
356 | </para></listitem> | |
357 | </varlistentry> | |
798d3a52 ZJS |
358 | </variablelist> |
359 | </refsect1> | |
360 | ||
361 | <refsect1> | |
362 | <title>See Also</title> | |
363 | <para> | |
364 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
365 | <citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, | |
366 | <citerefentry><refentrytitle>loginctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
367 | <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
368 | </para> | |
369 | </refsect1> | |
8fa365e5 LP |
370 | |
371 | </refentry> |