2 <!DOCTYPE refentry PUBLIC
"-//OASIS//DTD DocBook XML V4.2//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
4 <!ENTITY % entities SYSTEM
"custom-entities.ent" >
9 SPDX-License-Identifier: LGPL-2.1+
12 <refentry id=
"logind.conf" conditional='ENABLE_LOGIND'
13 xmlns:
xi=
"http://www.w3.org/2001/XInclude">
15 <title>logind.conf
</title>
16 <productname>systemd
</productname>
20 <refentrytitle>logind.conf
</refentrytitle>
21 <manvolnum>5</manvolnum>
25 <refname>logind.conf
</refname>
26 <refname>logind.conf.d
</refname>
27 <refpurpose>Login manager configuration files
</refpurpose>
31 <para><filename>/etc/systemd/logind.conf
</filename></para>
32 <para><filename>/etc/systemd/logind.conf.d/*.conf
</filename></para>
33 <para><filename>/run/systemd/logind.conf.d/*.conf
</filename></para>
34 <para><filename>/usr/lib/systemd/logind.conf.d/*.conf
</filename></para>
38 <title>Description
</title>
40 <para>These files configure various parameters of the systemd login manager,
41 <citerefentry><refentrytitle>systemd-logind.service
</refentrytitle><manvolnum>8</manvolnum></citerefentry>. See
42 <citerefentry><refentrytitle>systemd.syntax
</refentrytitle><manvolnum>5</manvolnum></citerefentry>
43 for a general description of the syntax.
</para>
46 <xi:include href=
"standard-conf.xml" xpointer=
"main-conf" />
49 <title>Options
</title>
51 <para>All options are configured in the
52 <literal>[Login]
</literal> section:
</para>
54 <variablelist class='config-directives'
>
57 <term><varname>NAutoVTs=
</varname></term>
59 <listitem><para>Takes a positive integer. Configures how many
60 virtual terminals (VTs) to allocate by default that, when
61 switched to and are previously unused,
62 <literal>autovt
</literal> services are automatically spawned
63 on. These services are instantiated from the template unit
64 <filename>autovt@.service
</filename> for the respective VT TTY
65 name, for example,
<filename>autovt@tty4.service
</filename>.
66 By default,
<filename>autovt@.service
</filename> is linked to
67 <filename>getty@.service
</filename>. In other words, login
68 prompts are started dynamically as the user switches to unused
69 virtual terminals. Hence, this parameter controls how many
70 login
<literal>gettys
</literal> are available on the VTs. If a
71 VT is already used by some other subsystem (for example, a
72 graphical login), this kind of activation will not be
73 attempted. Note that the VT configured in
74 <varname>ReserveVT=
</varname> is always subject to this kind
75 of activation, even if it is not one of the VTs configured
76 with the
<varname>NAutoVTs=
</varname> directive. Defaults to
77 6. When set to
0, automatic spawning of
78 <literal>autovt
</literal> services is
79 disabled.
</para></listitem>
83 <term><varname>ReserveVT=
</varname></term>
85 <listitem><para>Takes a positive integer. Identifies one
86 virtual terminal that shall unconditionally be reserved for
87 <filename>autovt@.service
</filename> activation (see above).
88 The VT selected with this option will be marked busy
89 unconditionally, so that no other subsystem will allocate it.
90 This functionality is useful to ensure that, regardless of how
91 many VTs are allocated by other subsystems, one login
92 <literal>getty
</literal> is always available. Defaults to
6
93 (in other words, there will always be a
94 <literal>getty
</literal> available on Alt-F6.). When set to
0,
95 VT reservation is disabled.
</para></listitem>
99 <term><varname>KillUserProcesses=
</varname></term>
101 <listitem><para>Takes a boolean argument. Configures whether the processes of a
102 user should be killed when the user logs out. If true, the scope unit
103 corresponding to the session and all processes inside that scope will be
104 terminated. If false, the scope is
"abandoned", see
105 <citerefentry><refentrytitle>systemd.scope
</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
106 and processes are not killed. Defaults to
<literal>&KILL_USER_PROCESSES;</literal>,
107 but see the options
<varname>KillOnlyUsers=
</varname> and
108 <varname>KillExcludeUsers=
</varname> below.
</para>
110 <para>In addition to session processes, user process may run under the user
111 manager unit
<filename>user@.service
</filename>. Depending on the linger
112 settings, this may allow users to run processes independent of their login
113 sessions. See the description of
<command>enable-linger
</command> in
114 <citerefentry><refentrytitle>loginctl
</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
117 <para>Note that setting
<varname>KillUserProcesses=yes
</varname>
118 will break tools like
119 <citerefentry project='die-net'
><refentrytitle>screen
</refentrytitle><manvolnum>1</manvolnum></citerefentry>
121 <citerefentry project='die-net'
><refentrytitle>tmux
</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
122 unless they are moved out of the session scope. See example in
123 <citerefentry><refentrytitle>systemd-run
</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
128 <term><varname>KillOnlyUsers=
</varname></term>
129 <term><varname>KillExcludeUsers=
</varname></term>
131 <listitem><para>These settings take space-separated lists of usernames that override
132 the
<varname>KillUserProcesses=
</varname> setting. A user name may be added to
133 <varname>KillExcludeUsers=
</varname> to exclude the processes in the session scopes of
134 that user from being killed even if
<varname>KillUserProcesses=yes
</varname> is set. If
135 <varname>KillExcludeUsers=
</varname> is not set, the
<literal>root
</literal> user is
136 excluded by default.
<varname>KillExcludeUsers=
</varname> may be set to an empty value
137 to override this default. If a user is not excluded,
<varname>KillOnlyUsers=
</varname>
138 is checked next. If this setting is specified, only the session scopes of those users
139 will be killed. Otherwise, users are subject to the
140 <varname>KillUserProcesses=yes
</varname> setting.
</para></listitem>
144 <term><varname>IdleAction=
</varname></term>
146 <listitem><para>Configures the action to take when the system
147 is idle. Takes one of
148 <literal>ignore
</literal>,
149 <literal>poweroff
</literal>,
150 <literal>reboot
</literal>,
151 <literal>halt
</literal>,
152 <literal>kexec
</literal>,
153 <literal>suspend
</literal>,
154 <literal>hibernate
</literal>,
155 <literal>hybrid-sleep
</literal>,
156 <literal>suspend-then-hibernate
</literal>, and
157 <literal>lock
</literal>.
158 Defaults to
<literal>ignore
</literal>.
</para>
160 <para>Note that this requires that user sessions correctly
161 report the idle status to the system. The system will execute
162 the action after all sessions report that they are idle, no
163 idle inhibitor lock is active, and subsequently, the time
164 configured with
<varname>IdleActionSec=
</varname> (see below)
170 <term><varname>IdleActionSec=
</varname></term>
172 <listitem><para>Configures the delay after which the action
173 configured in
<varname>IdleAction=
</varname> (see above) is
174 taken after the system is idle.
</para></listitem>
178 <term><varname>InhibitDelayMaxSec=
</varname></term>
180 <listitem><para>Specifies the maximum time a system shutdown
181 or sleep request is delayed due to an inhibitor lock of type
182 <literal>delay
</literal> being active before the inhibitor is
183 ignored and the operation executes anyway. Defaults to
188 <term><varname>UserStopDelaySec=
</varname></term>
190 <listitem><para>Specifies how long to keep the user record and per-user service
191 <filename>user@.service
</filename> around for a user after they logged out fully. If set to zero, the per-user
192 service is terminated immediately when the last session of the user has ended. If this option is configured to
193 non-zero rapid logout/login cycles are sped up, as the user's service manager is not constantly restarted. If
194 set to
<literal>infinity
</literal> the per-user service for a user is never terminated again after first login,
195 and continues to run until system shutdown. Defaults to
10s.
</para></listitem>
199 <term><varname>HandlePowerKey=
</varname></term>
200 <term><varname>HandleSuspendKey=
</varname></term>
201 <term><varname>HandleHibernateKey=
</varname></term>
202 <term><varname>HandleLidSwitch=
</varname></term>
203 <term><varname>HandleLidSwitchExternalPower=
</varname></term>
204 <term><varname>HandleLidSwitchDocked=
</varname></term>
206 <listitem><para>Controls how logind shall handle the
207 system power and sleep keys and the lid switch to trigger
208 actions such as system power-off or suspend. Can be one of
209 <literal>ignore
</literal>,
210 <literal>poweroff
</literal>,
211 <literal>reboot
</literal>,
212 <literal>halt
</literal>,
213 <literal>kexec
</literal>,
214 <literal>suspend
</literal>,
215 <literal>hibernate
</literal>,
216 <literal>hybrid-sleep
</literal>,
217 <literal>suspend-then-hibernate
</literal>, and
218 <literal>lock
</literal>.
219 If
<literal>ignore
</literal>, logind will never handle these
220 keys. If
<literal>lock
</literal>, all running sessions will be
221 screen-locked; otherwise, the specified action will be taken
222 in the respective event. Only input devices with the
223 <literal>power-switch
</literal> udev tag will be watched for
224 key/lid switch events.
<varname>HandlePowerKey=
</varname>
225 defaults to
<literal>poweroff
</literal>.
226 <varname>HandleSuspendKey=
</varname> and
227 <varname>HandleLidSwitch=
</varname> default to
228 <literal>suspend
</literal>.
229 <varname>HandleLidSwitchExternalPower=
</varname> is completely
230 ignored by default (for backwards compatibility) — an explicit
231 value must be set before it will be used to determine
232 behaviour.
<varname>HandleLidSwitchDocked=
</varname> defaults
233 to
<literal>ignore
</literal>.
234 <varname>HandleHibernateKey=
</varname> defaults to
235 <literal>hibernate
</literal>. If the system is inserted in a
236 docking station, or if more than one display is connected, the
237 action specified by
<varname>HandleLidSwitchDocked=
</varname>
238 occurs; if the system is on external power the action (if any)
239 specified by
<varname>HandleLidSwitchExternalPower=
</varname>
240 occurs; otherwise the
<varname>HandleLidSwitch=
</varname>
241 action occurs.
</para>
243 <para>A different application may disable logind's handling of system power and
244 sleep keys and the lid switch by taking a low-level inhibitor lock
245 (
<literal>handle-power-key
</literal>,
<literal>handle-suspend-key
</literal>,
246 <literal>handle-hibernate-key
</literal>,
<literal>handle-lid-switch
</literal>).
247 This is most commonly used by graphical desktop environments
248 to take over suspend and hibernation handling, and to use their own configuration
249 mechanisms. If a low-level inhibitor lock is taken, logind will not take any
250 action when that key or switch is triggered and the
<varname>Handle*=
</varname>
251 settings are irrelevant.
</para></listitem>
255 <term><varname>PowerKeyIgnoreInhibited=
</varname></term>
256 <term><varname>SuspendKeyIgnoreInhibited=
</varname></term>
257 <term><varname>HibernateKeyIgnoreInhibited=
</varname></term>
258 <term><varname>LidSwitchIgnoreInhibited=
</varname></term>
260 <listitem><para>Controls whether actions that
<command>systemd-logind
</command>
261 takes when the power and sleep keys and the lid switch are triggered are subject
262 to high-level inhibitor locks (
"shutdown",
"sleep",
"idle"). Low level inhibitor
263 locks (
<literal>handle-power-key
</literal>,
<literal>handle-suspend-key
</literal>,
264 <literal>handle-hibernate-key
</literal>,
<literal>handle-lid-switch
</literal>),
265 are always honored, irrespective of this setting.
</para>
267 <para>These settings take boolean arguments. If
<literal>no
</literal>, the
268 inhibitor locks taken by applications are respected. If
<literal>yes
</literal>,
269 "shutdown",
"sleep", and
"idle" inhibitor locks are ignored.
270 <varname>PowerKeyIgnoreInhibited=
</varname>,
271 <varname>SuspendKeyIgnoreInhibited=
</varname>, and
272 <varname>HibernateKeyIgnoreInhibited=
</varname> default to
<literal>no
</literal>.
273 <varname>LidSwitchIgnoreInhibited=
</varname> defaults to
<literal>yes
</literal>.
274 This means that when
<command>systemd-logind
</command> is handling events by
275 itself (no low level inhibitor locks are taken by another application), the lid
276 switch does not respect suspend blockers by default, but the power and sleep keys
277 do.
</para></listitem>
281 <term><varname>HoldoffTimeoutSec=
</varname></term>
283 <listitem><para>Specifies the timeout after system startup or
284 system resume in which systemd will hold off on reacting to
285 lid events. This is required for the system to properly
286 detect any hotplugged devices so systemd can ignore lid events
287 if external monitors, or docks, are connected. If set to
0,
288 systemd will always react immediately, possibly before the
289 kernel fully probed all hotplugged devices. This is safe, as
290 long as you do not care for systemd to account for devices
291 that have been plugged or unplugged while the system was off.
292 Defaults to
30s.
</para></listitem>
296 <term><varname>RuntimeDirectorySize=
</varname></term>
298 <listitem><para>Sets the size limit on the
299 <varname>$XDG_RUNTIME_DIR
</varname> runtime directory for each
300 user who logs in. Takes a size in bytes, optionally suffixed
301 with the usual K, G, M, and T suffixes, to the base
1024
302 (IEC). Alternatively, a numerical percentage suffixed by
303 <literal>%
</literal> may be specified, which sets the size
304 limit relative to the amount of physical RAM. Defaults to
10%.
305 Note that this size is a safety limit only. As each runtime
306 directory is a tmpfs file system, it will only consume as much
307 memory as is needed.
</para></listitem>
311 <term><varname>InhibitorsMax=
</varname></term>
313 <listitem><para>Controls the maximum number of concurrent inhibitors to permit. Defaults to
8192
314 (
8K).
</para></listitem>
318 <term><varname>SessionsMax=
</varname></term>
320 <listitem><para>Controls the maximum number of concurrent user sessions to manage. Defaults to
8192
321 (
8K). Depending on how the
<filename>pam_systemd.so
</filename> module is included in the PAM stack
322 configuration, further login sessions will either be refused, or permitted but not tracked by
323 <filename>systemd-logind
</filename>.
</para></listitem>
327 <term><varname>RemoveIPC=
</varname></term>
329 <listitem><para>Controls whether System V and POSIX IPC objects belonging to the user shall be removed when the
330 user fully logs out. Takes a boolean argument. If enabled, the user may not consume IPC resources after the
331 last of the user's sessions terminated. This covers System V semaphores, shared memory and message queues, as
332 well as POSIX shared memory and message queues. Note that IPC objects of the root user and other system users
333 are excluded from the effect of this setting. Defaults to
<literal>yes
</literal>.
</para></listitem>
340 <title>See Also
</title>
342 <citerefentry><refentrytitle>systemd
</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
343 <citerefentry><refentrytitle>systemd-logind.service
</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
344 <citerefentry><refentrytitle>loginctl
</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
345 <citerefentry><refentrytitle>systemd-system.conf
</refentrytitle><manvolnum>5</manvolnum></citerefentry>
projects / thirdparty / systemd.git / blob