1 <?xml version='
1.0'
?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*-->
2 <!DOCTYPE refentry PUBLIC
"-//OASIS//DTD DocBook XML V4.2//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
4 <!ENTITY % entities SYSTEM
"custom-entities.ent" >
9 SPDX-License-Identifier: LGPL-2.1+
12 <refentry id=
"logind.conf" conditional='ENABLE_LOGIND'
13 xmlns:
xi=
"http://www.w3.org/2001/XInclude">
15 <title>logind.conf
</title>
16 <productname>systemd
</productname>
20 <contrib>Developer
</contrib>
21 <firstname>Lennart
</firstname>
22 <surname>Poettering
</surname>
23 <email>lennart@poettering.net
</email>
29 <refentrytitle>logind.conf
</refentrytitle>
30 <manvolnum>5</manvolnum>
34 <refname>logind.conf
</refname>
35 <refname>logind.conf.d
</refname>
36 <refpurpose>Login manager configuration files
</refpurpose>
40 <para><filename>/etc/systemd/logind.conf
</filename></para>
41 <para><filename>/etc/systemd/logind.conf.d/*.conf
</filename></para>
42 <para><filename>/run/systemd/logind.conf.d/*.conf
</filename></para>
43 <para><filename>/usr/lib/systemd/logind.conf.d/*.conf
</filename></para>
47 <title>Description
</title>
49 <para>These files configure various parameters of the systemd login manager,
50 <citerefentry><refentrytitle>systemd-logind.service
</refentrytitle><manvolnum>8</manvolnum></citerefentry>. See
51 <citerefentry><refentrytitle>systemd.syntax
</refentrytitle><manvolnum>5</manvolnum></citerefentry>
52 for a general description of the syntax.
</para>
55 <xi:include href=
"standard-conf.xml" xpointer=
"main-conf" />
58 <title>Options
</title>
60 <para>All options are configured in the
61 <literal>[Login]
</literal> section:
</para>
66 <term><varname>NAutoVTs=
</varname></term>
68 <listitem><para>Takes a positive integer. Configures how many
69 virtual terminals (VTs) to allocate by default that, when
70 switched to and are previously unused,
71 <literal>autovt
</literal> services are automatically spawned
72 on. These services are instantiated from the template unit
73 <filename>autovt@.service
</filename> for the respective VT TTY
74 name, for example,
<filename>autovt@tty4.service
</filename>.
75 By default,
<filename>autovt@.service
</filename> is linked to
76 <filename>getty@.service
</filename>. In other words, login
77 prompts are started dynamically as the user switches to unused
78 virtual terminals. Hence, this parameter controls how many
79 login
<literal>gettys
</literal> are available on the VTs. If a
80 VT is already used by some other subsystem (for example, a
81 graphical login), this kind of activation will not be
82 attempted. Note that the VT configured in
83 <varname>ReserveVT=
</varname> is always subject to this kind
84 of activation, even if it is not one of the VTs configured
85 with the
<varname>NAutoVTs=
</varname> directive. Defaults to
86 6. When set to
0, automatic spawning of
87 <literal>autovt
</literal> services is
88 disabled.
</para></listitem>
92 <term><varname>ReserveVT=
</varname></term>
94 <listitem><para>Takes a positive integer. Identifies one
95 virtual terminal that shall unconditionally be reserved for
96 <filename>autovt@.service
</filename> activation (see above).
97 The VT selected with this option will be marked busy
98 unconditionally, so that no other subsystem will allocate it.
99 This functionality is useful to ensure that, regardless of how
100 many VTs are allocated by other subsystems, one login
101 <literal>getty
</literal> is always available. Defaults to
6
102 (in other words, there will always be a
103 <literal>getty
</literal> available on Alt-F6.). When set to
0,
104 VT reservation is disabled.
</para></listitem>
108 <term><varname>KillUserProcesses=
</varname></term>
110 <listitem><para>Takes a boolean argument. Configures whether the processes of a
111 user should be killed when the user logs out. If true, the scope unit
112 corresponding to the session and all processes inside that scope will be
113 terminated. If false, the scope is
"abandoned", see
114 <citerefentry><refentrytitle>systemd.scope
</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
115 and processes are not killed. Defaults to
<literal>&KILL_USER_PROCESSES;</literal>,
116 but see the options
<varname>KillOnlyUsers=
</varname> and
117 <varname>KillExcludeUsers=
</varname> below.
</para>
119 <para>In addition to session processes, user process may run under the user
120 manager unit
<filename>user@.service
</filename>. Depending on the linger
121 settings, this may allow users to run processes independent of their login
122 sessions. See the description of
<command>enable-linger
</command> in
123 <citerefentry><refentrytitle>loginctl
</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
126 <para>Note that setting
<varname>KillUserProcesses=yes
</varname>
127 will break tools like
128 <citerefentry project='die-net'
><refentrytitle>screen
</refentrytitle><manvolnum>1</manvolnum></citerefentry>
130 <citerefentry project='die-net'
><refentrytitle>tmux
</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
131 unless they are moved out of the session scope. See example in
132 <citerefentry><refentrytitle>systemd-run
</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
137 <term><varname>KillOnlyUsers=
</varname></term>
138 <term><varname>KillExcludeUsers=
</varname></term>
140 <listitem><para>These settings take space-separated lists of usernames that override
141 the
<varname>KillUserProcesses=
</varname> setting. A user name may be added to
142 <varname>KillExcludeUsers=
</varname> to exclude the processes in the session scopes of
143 that user from being killed even if
<varname>KillUserProcesses=yes
</varname> is set. If
144 <varname>KillExcludeUsers=
</varname> is not set, the
<literal>root
</literal> user is
145 excluded by default.
<varname>KillExcludeUsers=
</varname> may be set to an empty value
146 to override this default. If a user is not excluded,
<varname>KillOnlyUsers=
</varname>
147 is checked next. If this setting is specified, only the session scopes of those users
148 will be killed. Otherwise, users are subject to the
149 <varname>KillUserProcesses=yes
</varname> setting.
</para></listitem>
153 <term><varname>IdleAction=
</varname></term>
155 <listitem><para>Configures the action to take when the system
156 is idle. Takes one of
157 <literal>ignore
</literal>,
158 <literal>poweroff
</literal>,
159 <literal>reboot
</literal>,
160 <literal>halt
</literal>,
161 <literal>kexec
</literal>,
162 <literal>suspend
</literal>,
163 <literal>hibernate
</literal>,
164 <literal>hybrid-sleep
</literal>,
165 <literal>suspend-then-hibernate
</literal>, and
166 <literal>lock
</literal>.
167 Defaults to
<literal>ignore
</literal>.
</para>
169 <para>Note that this requires that user sessions correctly
170 report the idle status to the system. The system will execute
171 the action after all sessions report that they are idle, no
172 idle inhibitor lock is active, and subsequently, the time
173 configured with
<varname>IdleActionSec=
</varname> (see below)
179 <term><varname>IdleActionSec=
</varname></term>
181 <listitem><para>Configures the delay after which the action
182 configured in
<varname>IdleAction=
</varname> (see above) is
183 taken after the system is idle.
</para></listitem>
187 <term><varname>InhibitDelayMaxSec=
</varname></term>
189 <listitem><para>Specifies the maximum time a system shutdown
190 or sleep request is delayed due to an inhibitor lock of type
191 <literal>delay
</literal> being active before the inhibitor is
192 ignored and the operation executes anyway. Defaults to
197 <term><varname>HandlePowerKey=
</varname></term>
198 <term><varname>HandleSuspendKey=
</varname></term>
199 <term><varname>HandleHibernateKey=
</varname></term>
200 <term><varname>HandleLidSwitch=
</varname></term>
201 <term><varname>HandleLidSwitchExternalPower=
</varname></term>
202 <term><varname>HandleLidSwitchDocked=
</varname></term>
204 <listitem><para>Controls how logind shall handle the
205 system power and sleep keys and the lid switch to trigger
206 actions such as system power-off or suspend. Can be one of
207 <literal>ignore
</literal>,
208 <literal>poweroff
</literal>,
209 <literal>reboot
</literal>,
210 <literal>halt
</literal>,
211 <literal>kexec
</literal>,
212 <literal>suspend
</literal>,
213 <literal>hibernate
</literal>,
214 <literal>hybrid-sleep
</literal>,
215 <literal>suspend-then-hibernate
</literal>, and
216 <literal>lock
</literal>.
217 If
<literal>ignore
</literal>, logind will never handle these
218 keys. If
<literal>lock
</literal>, all running sessions will be
219 screen-locked; otherwise, the specified action will be taken
220 in the respective event. Only input devices with the
221 <literal>power-switch
</literal> udev tag will be watched for
222 key/lid switch events.
<varname>HandlePowerKey=
</varname>
223 defaults to
<literal>poweroff
</literal>.
224 <varname>HandleSuspendKey=
</varname> and
225 <varname>HandleLidSwitch=
</varname> default to
226 <literal>suspend
</literal>.
227 <varname>HandleLidSwitchExternalPower=
</varname> is completely
228 ignored by default (for backwards compatibility) — an explicit
229 value must be set before it will be used to determine
230 behaviour.
<varname>HandleLidSwitchDocked=
</varname> defaults
231 to
<literal>ignore
</literal>.
232 <varname>HandleHibernateKey=
</varname> defaults to
233 <literal>hibernate
</literal>. If the system is inserted in a
234 docking station, or if more than one display is connected, the
235 action specified by
<varname>HandleLidSwitchDocked=
</varname>
236 occurs; if the system is on external power the action (if any)
237 specified by
<varname>HandleLidSwitchExternalPower=
</varname>
238 occurs; otherwise the
<varname>HandleLidSwitch=
</varname>
239 action occurs.
</para>
241 <para>A different application may disable logind's handling of system power and
242 sleep keys and the lid switch by taking a low-level inhibitor lock
243 (
<literal>handle-power-key
</literal>,
<literal>handle-suspend-key
</literal>,
244 <literal>handle-hibernate-key
</literal>,
<literal>handle-lid-switch
</literal>).
245 This is most commonly used by graphical desktop environments
246 to take over suspend and hibernation handling, and to use their own configuration
247 mechanisms. If a low-level inhibitor lock is taken, logind will not take any
248 action when that key or switch is triggered and the
<varname>Handle*=
</varname>
249 settings are irrelevant.
</para></listitem>
253 <term><varname>PowerKeyIgnoreInhibited=
</varname></term>
254 <term><varname>SuspendKeyIgnoreInhibited=
</varname></term>
255 <term><varname>HibernateKeyIgnoreInhibited=
</varname></term>
256 <term><varname>LidSwitchIgnoreInhibited=
</varname></term>
258 <listitem><para>Controls whether actions that
<command>systemd-logind
</command>
259 takes when the power and sleep keys and the lid switch are triggered are subject
260 to high-level inhibitor locks (
"shutdown",
"sleep",
"idle"). Low level inhibitor
261 locks (
<literal>handle-power-key
</literal>,
<literal>handle-suspend-key
</literal>,
262 <literal>handle-hibernate-key
</literal>,
<literal>handle-lid-switch
</literal>),
263 are always honored, irrespective of this setting.
</para>
265 <para>These settings take boolean arguments. If
<literal>no
</literal>, the
266 inhibitor locks taken by applications are respected. If
<literal>yes
</literal>,
267 "shutdown",
"sleep", and
"idle" inhibitor locks are ignored.
268 <varname>PowerKeyIgnoreInhibited=
</varname>,
269 <varname>SuspendKeyIgnoreInhibited=
</varname>, and
270 <varname>HibernateKeyIgnoreInhibited=
</varname> default to
<literal>no
</literal>.
271 <varname>LidSwitchIgnoreInhibited=
</varname> defaults to
<literal>yes
</literal>.
272 This means that when
<command>systemd-logind
</command> is handling events by
273 itself (no low level inhibitor locks are taken by another application), the lid
274 switch does not respect suspend blockers by default, but the power and sleep keys
275 do.
</para></listitem>
279 <term><varname>HoldoffTimeoutSec=
</varname></term>
281 <listitem><para>Specifies the timeout after system startup or
282 system resume in which systemd will hold off on reacting to
283 lid events. This is required for the system to properly
284 detect any hotplugged devices so systemd can ignore lid events
285 if external monitors, or docks, are connected. If set to
0,
286 systemd will always react immediately, possibly before the
287 kernel fully probed all hotplugged devices. This is safe, as
288 long as you do not care for systemd to account for devices
289 that have been plugged or unplugged while the system was off.
290 Defaults to
30s.
</para></listitem>
294 <term><varname>RuntimeDirectorySize=
</varname></term>
296 <listitem><para>Sets the size limit on the
297 <varname>$XDG_RUNTIME_DIR
</varname> runtime directory for each
298 user who logs in. Takes a size in bytes, optionally suffixed
299 with the usual K, G, M, and T suffixes, to the base
1024
300 (IEC). Alternatively, a numerical percentage suffixed by
301 <literal>%
</literal> may be specified, which sets the size
302 limit relative to the amount of physical RAM. Defaults to
10%.
303 Note that this size is a safety limit only. As each runtime
304 directory is a tmpfs file system, it will only consume as much
305 memory as is needed.
</para></listitem>
309 <term><varname>InhibitorsMax=
</varname></term>
311 <listitem><para>Controls the maximum number of concurrent inhibitors to permit. Defaults to
8192
312 (
8K).
</para></listitem>
316 <term><varname>SessionsMax=
</varname></term>
318 <listitem><para>Controls the maximum number of concurrent user sessions to manage. Defaults to
8192
319 (
8K). Depending on how the
<filename>pam_systemd.so
</filename> module is included in the PAM stack
320 configuration, further login sessions will either be refused, or permitted but not tracked by
321 <filename>systemd-logind
</filename>.
</para></listitem>
325 <term><varname>RemoveIPC=
</varname></term>
327 <listitem><para>Controls whether System V and POSIX IPC objects belonging to the user shall be removed when the
328 user fully logs out. Takes a boolean argument. If enabled, the user may not consume IPC resources after the
329 last of the user's sessions terminated. This covers System V semaphores, shared memory and message queues, as
330 well as POSIX shared memory and message queues. Note that IPC objects of the root user and other system users
331 are excluded from the effect of this setting. Defaults to
<literal>yes
</literal>.
</para></listitem>
338 <title>See Also
</title>
340 <citerefentry><refentrytitle>systemd
</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
341 <citerefentry><refentrytitle>systemd-logind.service
</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
342 <citerefentry><refentrytitle>loginctl
</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
343 <citerefentry><refentrytitle>systemd-system.conf
</refentrytitle><manvolnum>5</manvolnum></citerefentry>