]> git.ipfire.org Git - thirdparty/systemd.git/blob - man/logind.conf.xml
travis: add more ASan options
[thirdparty/systemd.git] / man / logind.conf.xml
1 <?xml version='1.0'?>
2 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
4 <!ENTITY % entities SYSTEM "custom-entities.ent" >
5 %entities;
6 ]>
7 <!-- SPDX-License-Identifier: LGPL-2.1+ -->
8
9 <refentry id="logind.conf" conditional='ENABLE_LOGIND'
10 xmlns:xi="http://www.w3.org/2001/XInclude">
11 <refentryinfo>
12 <title>logind.conf</title>
13 <productname>systemd</productname>
14 </refentryinfo>
15
16 <refmeta>
17 <refentrytitle>logind.conf</refentrytitle>
18 <manvolnum>5</manvolnum>
19 </refmeta>
20
21 <refnamediv>
22 <refname>logind.conf</refname>
23 <refname>logind.conf.d</refname>
24 <refpurpose>Login manager configuration files</refpurpose>
25 </refnamediv>
26
27 <refsynopsisdiv>
28 <para><filename>/etc/systemd/logind.conf</filename></para>
29 <para><filename>/etc/systemd/logind.conf.d/*.conf</filename></para>
30 <para><filename>/run/systemd/logind.conf.d/*.conf</filename></para>
31 <para><filename>/usr/lib/systemd/logind.conf.d/*.conf</filename></para>
32 </refsynopsisdiv>
33
34 <refsect1>
35 <title>Description</title>
36
37 <para>These files configure various parameters of the systemd login manager,
38 <citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>. See
39 <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>5</manvolnum></citerefentry>
40 for a general description of the syntax.</para>
41 </refsect1>
42
43 <xi:include href="standard-conf.xml" xpointer="main-conf" />
44
45 <refsect1>
46 <title>Options</title>
47
48 <para>All options are configured in the
49 <literal>[Login]</literal> section:</para>
50
51 <variablelist class='config-directives'>
52
53 <varlistentry>
54 <term><varname>NAutoVTs=</varname></term>
55
56 <listitem><para>Takes a positive integer. Configures how many
57 virtual terminals (VTs) to allocate by default that, when
58 switched to and are previously unused,
59 <literal>autovt</literal> services are automatically spawned
60 on. These services are instantiated from the template unit
61 <filename>autovt@.service</filename> for the respective VT TTY
62 name, for example, <filename>autovt@tty4.service</filename>.
63 By default, <filename>autovt@.service</filename> is linked to
64 <filename>getty@.service</filename>. In other words, login
65 prompts are started dynamically as the user switches to unused
66 virtual terminals. Hence, this parameter controls how many
67 login <literal>gettys</literal> are available on the VTs. If a
68 VT is already used by some other subsystem (for example, a
69 graphical login), this kind of activation will not be
70 attempted. Note that the VT configured in
71 <varname>ReserveVT=</varname> is always subject to this kind
72 of activation, even if it is not one of the VTs configured
73 with the <varname>NAutoVTs=</varname> directive. Defaults to
74 6. When set to 0, automatic spawning of
75 <literal>autovt</literal> services is
76 disabled.</para></listitem>
77 </varlistentry>
78
79 <varlistentry>
80 <term><varname>ReserveVT=</varname></term>
81
82 <listitem><para>Takes a positive integer. Identifies one
83 virtual terminal that shall unconditionally be reserved for
84 <filename>autovt@.service</filename> activation (see above).
85 The VT selected with this option will be marked busy
86 unconditionally, so that no other subsystem will allocate it.
87 This functionality is useful to ensure that, regardless of how
88 many VTs are allocated by other subsystems, one login
89 <literal>getty</literal> is always available. Defaults to 6
90 (in other words, there will always be a
91 <literal>getty</literal> available on Alt-F6.). When set to 0,
92 VT reservation is disabled.</para></listitem>
93 </varlistentry>
94
95 <varlistentry>
96 <term><varname>KillUserProcesses=</varname></term>
97
98 <listitem><para>Takes a boolean argument. Configures whether the processes of a
99 user should be killed when the user logs out. If true, the scope unit
100 corresponding to the session and all processes inside that scope will be
101 terminated. If false, the scope is "abandoned", see
102 <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
103 and processes are not killed. Defaults to <literal>&KILL_USER_PROCESSES;</literal>,
104 but see the options <varname>KillOnlyUsers=</varname> and
105 <varname>KillExcludeUsers=</varname> below.</para>
106
107 <para>In addition to session processes, user process may run under the user
108 manager unit <filename>user@.service</filename>. Depending on the linger
109 settings, this may allow users to run processes independent of their login
110 sessions. See the description of <command>enable-linger</command> in
111 <citerefentry><refentrytitle>loginctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
112 </para>
113
114 <para>Note that setting <varname>KillUserProcesses=yes</varname>
115 will break tools like
116 <citerefentry project='die-net'><refentrytitle>screen</refentrytitle><manvolnum>1</manvolnum></citerefentry>
117 and
118 <citerefentry project='die-net'><refentrytitle>tmux</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
119 unless they are moved out of the session scope. See example in
120 <citerefentry><refentrytitle>systemd-run</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
121 </para></listitem>
122 </varlistentry>
123
124 <varlistentry>
125 <term><varname>KillOnlyUsers=</varname></term>
126 <term><varname>KillExcludeUsers=</varname></term>
127
128 <listitem><para>These settings take space-separated lists of usernames that override
129 the <varname>KillUserProcesses=</varname> setting. A user name may be added to
130 <varname>KillExcludeUsers=</varname> to exclude the processes in the session scopes of
131 that user from being killed even if <varname>KillUserProcesses=yes</varname> is set. If
132 <varname>KillExcludeUsers=</varname> is not set, the <literal>root</literal> user is
133 excluded by default. <varname>KillExcludeUsers=</varname> may be set to an empty value
134 to override this default. If a user is not excluded, <varname>KillOnlyUsers=</varname>
135 is checked next. If this setting is specified, only the session scopes of those users
136 will be killed. Otherwise, users are subject to the
137 <varname>KillUserProcesses=yes</varname> setting.</para></listitem>
138 </varlistentry>
139
140 <varlistentry>
141 <term><varname>IdleAction=</varname></term>
142
143 <listitem><para>Configures the action to take when the system
144 is idle. Takes one of
145 <literal>ignore</literal>,
146 <literal>poweroff</literal>,
147 <literal>reboot</literal>,
148 <literal>halt</literal>,
149 <literal>kexec</literal>,
150 <literal>suspend</literal>,
151 <literal>hibernate</literal>,
152 <literal>hybrid-sleep</literal>,
153 <literal>suspend-then-hibernate</literal>, and
154 <literal>lock</literal>.
155 Defaults to <literal>ignore</literal>.</para>
156
157 <para>Note that this requires that user sessions correctly
158 report the idle status to the system. The system will execute
159 the action after all sessions report that they are idle, no
160 idle inhibitor lock is active, and subsequently, the time
161 configured with <varname>IdleActionSec=</varname> (see below)
162 has expired.</para>
163 </listitem>
164 </varlistentry>
165
166 <varlistentry>
167 <term><varname>IdleActionSec=</varname></term>
168
169 <listitem><para>Configures the delay after which the action
170 configured in <varname>IdleAction=</varname> (see above) is
171 taken after the system is idle.</para></listitem>
172 </varlistentry>
173
174 <varlistentry>
175 <term><varname>InhibitDelayMaxSec=</varname></term>
176
177 <listitem><para>Specifies the maximum time a system shutdown
178 or sleep request is delayed due to an inhibitor lock of type
179 <literal>delay</literal> being active before the inhibitor is
180 ignored and the operation executes anyway. Defaults to
181 5.</para></listitem>
182 </varlistentry>
183
184 <varlistentry>
185 <term><varname>UserStopDelaySec=</varname></term>
186
187 <listitem><para>Specifies how long to keep the user record and per-user service
188 <filename>user@.service</filename> around for a user after they logged out fully. If set to zero, the per-user
189 service is terminated immediately when the last session of the user has ended. If this option is configured to
190 non-zero rapid logout/login cycles are sped up, as the user's service manager is not constantly restarted. If
191 set to <literal>infinity</literal> the per-user service for a user is never terminated again after first login,
192 and continues to run until system shutdown. Defaults to 10s.</para></listitem>
193 </varlistentry>
194
195 <varlistentry>
196 <term><varname>HandlePowerKey=</varname></term>
197 <term><varname>HandleSuspendKey=</varname></term>
198 <term><varname>HandleHibernateKey=</varname></term>
199 <term><varname>HandleLidSwitch=</varname></term>
200 <term><varname>HandleLidSwitchExternalPower=</varname></term>
201 <term><varname>HandleLidSwitchDocked=</varname></term>
202
203 <listitem><para>Controls how logind shall handle the
204 system power and sleep keys and the lid switch to trigger
205 actions such as system power-off or suspend. Can be one of
206 <literal>ignore</literal>,
207 <literal>poweroff</literal>,
208 <literal>reboot</literal>,
209 <literal>halt</literal>,
210 <literal>kexec</literal>,
211 <literal>suspend</literal>,
212 <literal>hibernate</literal>,
213 <literal>hybrid-sleep</literal>,
214 <literal>suspend-then-hibernate</literal>, and
215 <literal>lock</literal>.
216 If <literal>ignore</literal>, logind will never handle these
217 keys. If <literal>lock</literal>, all running sessions will be
218 screen-locked; otherwise, the specified action will be taken
219 in the respective event. Only input devices with the
220 <literal>power-switch</literal> udev tag will be watched for
221 key/lid switch events. <varname>HandlePowerKey=</varname>
222 defaults to <literal>poweroff</literal>.
223 <varname>HandleSuspendKey=</varname> and
224 <varname>HandleLidSwitch=</varname> default to
225 <literal>suspend</literal>.
226 <varname>HandleLidSwitchExternalPower=</varname> is completely
227 ignored by default (for backwards compatibility) — an explicit
228 value must be set before it will be used to determine
229 behaviour. <varname>HandleLidSwitchDocked=</varname> defaults
230 to <literal>ignore</literal>.
231 <varname>HandleHibernateKey=</varname> defaults to
232 <literal>hibernate</literal>. If the system is inserted in a
233 docking station, or if more than one display is connected, the
234 action specified by <varname>HandleLidSwitchDocked=</varname>
235 occurs; if the system is on external power the action (if any)
236 specified by <varname>HandleLidSwitchExternalPower=</varname>
237 occurs; otherwise the <varname>HandleLidSwitch=</varname>
238 action occurs.</para>
239
240 <para>A different application may disable logind's handling of system power and
241 sleep keys and the lid switch by taking a low-level inhibitor lock
242 (<literal>handle-power-key</literal>, <literal>handle-suspend-key</literal>,
243 <literal>handle-hibernate-key</literal>, <literal>handle-lid-switch</literal>).
244 This is most commonly used by graphical desktop environments
245 to take over suspend and hibernation handling, and to use their own configuration
246 mechanisms. If a low-level inhibitor lock is taken, logind will not take any
247 action when that key or switch is triggered and the <varname>Handle*=</varname>
248 settings are irrelevant.</para></listitem>
249 </varlistentry>
250
251 <varlistentry>
252 <term><varname>PowerKeyIgnoreInhibited=</varname></term>
253 <term><varname>SuspendKeyIgnoreInhibited=</varname></term>
254 <term><varname>HibernateKeyIgnoreInhibited=</varname></term>
255 <term><varname>LidSwitchIgnoreInhibited=</varname></term>
256
257 <listitem><para>Controls whether actions that <command>systemd-logind</command>
258 takes when the power and sleep keys and the lid switch are triggered are subject
259 to high-level inhibitor locks ("shutdown", "sleep", "idle"). Low level inhibitor
260 locks (<literal>handle-power-key</literal>, <literal>handle-suspend-key</literal>,
261 <literal>handle-hibernate-key</literal>, <literal>handle-lid-switch</literal>),
262 are always honored, irrespective of this setting.</para>
263
264 <para>These settings take boolean arguments. If <literal>no</literal>, the
265 inhibitor locks taken by applications are respected. If <literal>yes</literal>,
266 "shutdown", "sleep", and "idle" inhibitor locks are ignored.
267 <varname>PowerKeyIgnoreInhibited=</varname>,
268 <varname>SuspendKeyIgnoreInhibited=</varname>, and
269 <varname>HibernateKeyIgnoreInhibited=</varname> default to <literal>no</literal>.
270 <varname>LidSwitchIgnoreInhibited=</varname> defaults to <literal>yes</literal>.
271 This means that when <command>systemd-logind</command> is handling events by
272 itself (no low level inhibitor locks are taken by another application), the lid
273 switch does not respect suspend blockers by default, but the power and sleep keys
274 do.</para></listitem>
275 </varlistentry>
276
277 <varlistentry>
278 <term><varname>HoldoffTimeoutSec=</varname></term>
279
280 <listitem><para>Specifies the timeout after system startup or
281 system resume in which systemd will hold off on reacting to
282 lid events. This is required for the system to properly
283 detect any hotplugged devices so systemd can ignore lid events
284 if external monitors, or docks, are connected. If set to 0,
285 systemd will always react immediately, possibly before the
286 kernel fully probed all hotplugged devices. This is safe, as
287 long as you do not care for systemd to account for devices
288 that have been plugged or unplugged while the system was off.
289 Defaults to 30s.</para></listitem>
290 </varlistentry>
291
292 <varlistentry>
293 <term><varname>RuntimeDirectorySize=</varname></term>
294
295 <listitem><para>Sets the size limit on the
296 <varname>$XDG_RUNTIME_DIR</varname> runtime directory for each
297 user who logs in. Takes a size in bytes, optionally suffixed
298 with the usual K, G, M, and T suffixes, to the base 1024
299 (IEC). Alternatively, a numerical percentage suffixed by
300 <literal>%</literal> may be specified, which sets the size
301 limit relative to the amount of physical RAM. Defaults to 10%.
302 Note that this size is a safety limit only. As each runtime
303 directory is a tmpfs file system, it will only consume as much
304 memory as is needed.</para></listitem>
305 </varlistentry>
306
307 <varlistentry>
308 <term><varname>InhibitorsMax=</varname></term>
309
310 <listitem><para>Controls the maximum number of concurrent inhibitors to permit. Defaults to 8192
311 (8K).</para></listitem>
312 </varlistentry>
313
314 <varlistentry>
315 <term><varname>SessionsMax=</varname></term>
316
317 <listitem><para>Controls the maximum number of concurrent user sessions to manage. Defaults to 8192
318 (8K). Depending on how the <filename>pam_systemd.so</filename> module is included in the PAM stack
319 configuration, further login sessions will either be refused, or permitted but not tracked by
320 <filename>systemd-logind</filename>.</para></listitem>
321 </varlistentry>
322
323 <varlistentry>
324 <term><varname>RemoveIPC=</varname></term>
325
326 <listitem><para>Controls whether System V and POSIX IPC objects belonging to the user shall be removed when the
327 user fully logs out. Takes a boolean argument. If enabled, the user may not consume IPC resources after the
328 last of the user's sessions terminated. This covers System V semaphores, shared memory and message queues, as
329 well as POSIX shared memory and message queues. Note that IPC objects of the root user and other system users
330 are excluded from the effect of this setting. Defaults to <literal>yes</literal>.</para></listitem>
331 </varlistentry>
332
333 </variablelist>
334 </refsect1>
335
336 <refsect1>
337 <title>See Also</title>
338 <para>
339 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
340 <citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
341 <citerefentry><refentrytitle>loginctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
342 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
343 </para>
344 </refsect1>
345
346 </refentry>