| <?xml version='1.0'?> |
| <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" |
| "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ |
| <!ENTITY % entities SYSTEM "custom-entities.ent" > |
| %entities; |
| ]> |
| <!-- SPDX-License-Identifier: LGPL-2.1-or-later --> |
| |
| <refentry id="logind.conf" conditional='ENABLE_LOGIND' |
| xmlns:xi="http://www.w3.org/2001/XInclude"> |
| <refentryinfo> |
| <title>logind.conf</title> |
| <productname>systemd</productname> |
| </refentryinfo> |
| |
| <refmeta> |
| <refentrytitle>logind.conf</refentrytitle> |
| <manvolnum>5</manvolnum> |
| </refmeta> |
| |
| <refnamediv> |
| <refname>logind.conf</refname> |
| <refname>logind.conf.d</refname> |
| <refpurpose>Login manager configuration files</refpurpose> |
| </refnamediv> |
| |
| <refsynopsisdiv> |
| <para><filename>/etc/systemd/logind.conf</filename></para> |
| <para><filename>/etc/systemd/logind.conf.d/*.conf</filename></para> |
| <para><filename>/run/systemd/logind.conf.d/*.conf</filename></para> |
| <para><filename>/usr/lib/systemd/logind.conf.d/*.conf</filename></para> |
| </refsynopsisdiv> |
| |
| <refsect1> |
| <title>Description</title> |
| |
| <para>These files configure various parameters of the systemd login manager, |
| <citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>. See |
| <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>7</manvolnum></citerefentry> |
| for a general description of the syntax.</para> |
| </refsect1> |
| |
| <xi:include href="standard-conf.xml" xpointer="main-conf" /> |
| |
| <refsect1> |
| <title>Options</title> |
| |
| <para>All options are configured in the |
| [Login] section:</para> |
| |
| <variablelist class='config-directives'> |
| |
| <varlistentry> |
| <term><varname>NAutoVTs=</varname></term> |
| |
| <listitem><para>Takes a positive integer. Configures how many |
| virtual terminals (VTs) to allocate by default that, when |
| switched to and are previously unused, |
| <literal>autovt</literal> services are automatically spawned |
| on. These services are instantiated from the template unit |
| <filename>autovt@.service</filename> for the respective VT TTY |
| name, for example, <filename>autovt@tty4.service</filename>. |
| By default, <filename>autovt@.service</filename> is linked to |
| <filename>getty@.service</filename>. In other words, login |
| prompts are started dynamically as the user switches to unused |
| virtual terminals. Hence, this parameter controls how many |
| login <literal>gettys</literal> are available on the VTs. If a |
| VT is already used by some other subsystem (for example, a |
| graphical login), this kind of activation will not be |
| attempted. Note that the VT configured in |
| <varname>ReserveVT=</varname> is always subject to this kind |
| of activation, even if it is not one of the VTs configured |
| with the <varname>NAutoVTs=</varname> directive. Defaults to |
| 6. When set to 0, automatic spawning of |
| <literal>autovt</literal> services is |
| disabled.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>ReserveVT=</varname></term> |
| |
| <listitem><para>Takes a positive integer. Identifies one |
| virtual terminal that shall unconditionally be reserved for |
| <filename>autovt@.service</filename> activation (see above). |
| The VT selected with this option will be marked busy |
| unconditionally, so that no other subsystem will allocate it. |
| This functionality is useful to ensure that, regardless of how |
| many VTs are allocated by other subsystems, one login |
| <literal>getty</literal> is always available. Defaults to 6 |
| (in other words, there will always be a |
| <literal>getty</literal> available on Alt-F6.). When set to 0, |
| VT reservation is disabled.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>KillUserProcesses=</varname></term> |
| |
| <listitem><para>Takes a boolean argument. Configures whether the processes of a |
| user should be killed when the user logs out. If true, the scope unit |
| corresponding to the session and all processes inside that scope will be |
| terminated. If false, the scope is "abandoned", see |
| <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
| and processes are not killed. Defaults to <literal>&KILL_USER_PROCESSES;</literal>, |
| but see the options <varname>KillOnlyUsers=</varname> and |
| <varname>KillExcludeUsers=</varname> below.</para> |
| |
| <para>In addition to session processes, user process may run under the user |
| manager unit <filename>user@.service</filename>. Depending on the linger |
| settings, this may allow users to run processes independent of their login |
| sessions. See the description of <command>enable-linger</command> in |
| <citerefentry><refentrytitle>loginctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>. |
| </para> |
| |
| <para>Note that setting <varname>KillUserProcesses=yes</varname> |
| will break tools like |
| <citerefentry project='die-net'><refentrytitle>screen</refentrytitle><manvolnum>1</manvolnum></citerefentry> |
| and |
| <citerefentry project='die-net'><refentrytitle>tmux</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
| unless they are moved out of the session scope. See example in |
| <citerefentry><refentrytitle>systemd-run</refentrytitle><manvolnum>1</manvolnum></citerefentry>. |
| </para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>KillOnlyUsers=</varname></term> |
| <term><varname>KillExcludeUsers=</varname></term> |
| |
| <listitem><para>These settings take space-separated lists of usernames that override the |
| <varname>KillUserProcesses=</varname> setting. A user name may be added to |
| <varname>KillExcludeUsers=</varname> to exclude the processes in the session scopes of that user from |
| being killed even if <varname>KillUserProcesses=yes</varname> is set. If |
| <varname>KillExcludeUsers=</varname> is not set, the <literal>root</literal> user is excluded by |
| default. <varname>KillExcludeUsers=</varname> may be set to an empty value to override this |
| default. If a user is not excluded, <varname>KillOnlyUsers=</varname> is checked next. If this |
| setting is specified, only the processes in the session scopes of those users will be |
| killed. Otherwise, users are subject to the <varname>KillUserProcesses=yes</varname> setting. |
| </para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>IdleAction=</varname></term> |
| |
| <listitem><para>Configures the action to take when the system |
| is idle. Takes one of |
| <literal>ignore</literal>, |
| <literal>poweroff</literal>, |
| <literal>reboot</literal>, |
| <literal>halt</literal>, |
| <literal>kexec</literal>, |
| <literal>suspend</literal>, |
| <literal>hibernate</literal>, |
| <literal>hybrid-sleep</literal>, |
| <literal>suspend-then-hibernate</literal>, and |
| <literal>lock</literal>. |
| Defaults to <literal>ignore</literal>.</para> |
| |
| <para>Note that this requires that user sessions correctly |
| report the idle status to the system. The system will execute |
| the action after all sessions report that they are idle, no |
| idle inhibitor lock is active, and subsequently, the time |
| configured with <varname>IdleActionSec=</varname> (see below) |
| has expired.</para> |
| </listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>IdleActionSec=</varname></term> |
| |
| <listitem><para>Configures the delay after which the action |
| configured in <varname>IdleAction=</varname> (see above) is |
| taken after the system is idle.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>InhibitDelayMaxSec=</varname></term> |
| |
| <listitem><para>Specifies the maximum time a system shutdown |
| or sleep request is delayed due to an inhibitor lock of type |
| <literal>delay</literal> being active before the inhibitor is |
| ignored and the operation executes anyway. Defaults to |
| 5.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>UserStopDelaySec=</varname></term> |
| |
| <listitem><para>Specifies how long to keep the user record and per-user service |
| <filename>user@.service</filename> around for a user after they logged out fully. If set to zero, the per-user |
| service is terminated immediately when the last session of the user has ended. If this option is configured to |
| non-zero rapid logout/login cycles are sped up, as the user's service manager is not constantly restarted. If |
| set to <literal>infinity</literal> the per-user service for a user is never terminated again after first login, |
| and continues to run until system shutdown. Defaults to 10s.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>HandlePowerKey=</varname></term> |
| <term><varname>HandleSuspendKey=</varname></term> |
| <term><varname>HandleHibernateKey=</varname></term> |
| <term><varname>HandleLidSwitch=</varname></term> |
| <term><varname>HandleLidSwitchExternalPower=</varname></term> |
| <term><varname>HandleLidSwitchDocked=</varname></term> |
| <term><varname>HandleRebootKey=</varname></term> |
| |
| <listitem><para>Controls how logind shall handle the |
| system power, reboot and sleep keys and the lid switch to trigger |
| actions such as system power-off, reboot or suspend. Can be one of |
| <literal>ignore</literal>, |
| <literal>poweroff</literal>, |
| <literal>reboot</literal>, |
| <literal>halt</literal>, |
| <literal>kexec</literal>, |
| <literal>suspend</literal>, |
| <literal>hibernate</literal>, |
| <literal>hybrid-sleep</literal>, |
| <literal>suspend-then-hibernate</literal>, and |
| <literal>lock</literal>. |
| If <literal>ignore</literal>, logind will never handle these |
| keys. If <literal>lock</literal>, all running sessions will be |
| screen-locked; otherwise, the specified action will be taken |
| in the respective event. Only input devices with the |
| <literal>power-switch</literal> udev tag will be watched for |
| key/lid switch events. <varname>HandlePowerKey=</varname> |
| defaults to <literal>poweroff</literal>, <varname>HandleRebootKey=</varname> |
| defaults to <literal>reboot</literal>. |
| <varname>HandleSuspendKey=</varname> and |
| <varname>HandleLidSwitch=</varname> default to |
| <literal>suspend</literal>. |
| <varname>HandleLidSwitchExternalPower=</varname> is completely |
| ignored by default (for backwards compatibility) — an explicit |
| value must be set before it will be used to determine |
| behaviour. <varname>HandleLidSwitchDocked=</varname> defaults |
| to <literal>ignore</literal>. |
| <varname>HandleHibernateKey=</varname> defaults to |
| <literal>hibernate</literal>. If the system is inserted in a |
| docking station, or if more than one display is connected, the |
| action specified by <varname>HandleLidSwitchDocked=</varname> |
| occurs; if the system is on external power the action (if any) |
| specified by <varname>HandleLidSwitchExternalPower=</varname> |
| occurs; otherwise the <varname>HandleLidSwitch=</varname> |
| action occurs.</para> |
| |
| <para>A different application may disable logind's handling of system power and |
| sleep keys and the lid switch by taking a low-level inhibitor lock |
| (<literal>handle-power-key</literal>, <literal>handle-suspend-key</literal>, |
| <literal>handle-hibernate-key</literal>, <literal>handle-lid-switch</literal>, |
| <literal>handle-reboot-switch</literal>). |
| This is most commonly used by graphical desktop environments |
| to take over suspend and hibernation handling, and to use their own configuration |
| mechanisms. If a low-level inhibitor lock is taken, logind will not take any |
| action when that key or switch is triggered and the <varname>Handle*=</varname> |
| settings are irrelevant.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>PowerKeyIgnoreInhibited=</varname></term> |
| <term><varname>SuspendKeyIgnoreInhibited=</varname></term> |
| <term><varname>HibernateKeyIgnoreInhibited=</varname></term> |
| <term><varname>LidSwitchIgnoreInhibited=</varname></term> |
| <term><varname>RebootKeyIgnoreInhibited=</varname></term> |
| |
| <listitem><para>Controls whether actions that <command>systemd-logind</command> |
| takes when the power, reboot and sleep keys and the lid switch are triggered are subject |
| to high-level inhibitor locks ("shutdown", "reboot", "sleep", "idle"). Low level inhibitor |
| locks (<literal>handle-power-key</literal>, <literal>handle-suspend-key</literal>, |
| <literal>handle-hibernate-key</literal>, <literal>handle-lid-switch</literal>, |
| <literal>handle-reboot-key</literal>), |
| are always honored, irrespective of this setting.</para> |
| |
| <para>These settings take boolean arguments. If <literal>no</literal>, the |
| inhibitor locks taken by applications are respected. If <literal>yes</literal>, |
| "shutdown", "reboot" "sleep", and "idle" inhibitor locks are ignored. |
| <varname>PowerKeyIgnoreInhibited=</varname>, |
| <varname>SuspendKeyIgnoreInhibited=</varname>, |
| <varname>HibernateKeyIgnoreInhibited=</varname> and |
| <varname>RebootKeyIgnoreInhibited=</varname> default to <literal>no</literal>. |
| <varname>LidSwitchIgnoreInhibited=</varname> defaults to <literal>yes</literal>. |
| This means that when <command>systemd-logind</command> is handling events by |
| itself (no low level inhibitor locks are taken by another application), the lid |
| switch does not respect suspend blockers by default, but the power and sleep keys |
| do.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>HoldoffTimeoutSec=</varname></term> |
| |
| <listitem><para>Specifies a period of time after system startup or |
| system resume in which systemd will hold off on reacting to |
| lid events. This is required for the system to properly |
| detect any hotplugged devices so systemd can ignore lid events |
| if external monitors, or docks, are connected. If set to 0, |
| systemd will always react immediately, possibly before the |
| kernel fully probed all hotplugged devices. This is safe, as |
| long as you do not care for systemd to account for devices |
| that have been plugged or unplugged while the system was off. |
| Defaults to 30s.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>RuntimeDirectorySize=</varname></term> |
| |
| <listitem><para>Sets the size limit on the |
| <varname>$XDG_RUNTIME_DIR</varname> runtime directory for each |
| user who logs in. Takes a size in bytes, optionally suffixed |
| with the usual K, G, M, and T suffixes, to the base 1024 |
| (IEC). Alternatively, a numerical percentage suffixed by |
| <literal>%</literal> may be specified, which sets the size |
| limit relative to the amount of physical RAM. Defaults to 10%. |
| Note that this size is a safety limit only. As each runtime |
| directory is a tmpfs file system, it will only consume as much |
| memory as is needed.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>RuntimeDirectoryInodesMax=</varname></term> |
| |
| <listitem><para>Sets the limit on number of inodes for the |
| <varname>$XDG_RUNTIME_DIR</varname> runtime directory for each |
| user who logs in. Takes a number, optionally suffixed with the |
| usual K, G, M, and T suffixes, to the base 1024 (IEC). |
| Defaults to <varname>RuntimeDirectorySize=</varname> divided |
| by 4096. Note that this size is a safety limit only. |
| As each runtime directory is a tmpfs file system, it will |
| only consume as much memory as is needed.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>InhibitorsMax=</varname></term> |
| |
| <listitem><para>Controls the maximum number of concurrent inhibitors to permit. Defaults to 8192 |
| (8K).</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>SessionsMax=</varname></term> |
| |
| <listitem><para>Controls the maximum number of concurrent user sessions to manage. Defaults to 8192 |
| (8K). Depending on how the <filename>pam_systemd.so</filename> module is included in the PAM stack |
| configuration, further login sessions will either be refused, or permitted but not tracked by |
| <filename>systemd-logind</filename>.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>RemoveIPC=</varname></term> |
| |
| <listitem><para>Controls whether System V and POSIX IPC objects belonging to the user shall be removed when the |
| user fully logs out. Takes a boolean argument. If enabled, the user may not consume IPC resources after the |
| last of the user's sessions terminated. This covers System V semaphores, shared memory and message queues, as |
| well as POSIX shared memory and message queues. Note that IPC objects of the root user and other system users |
| are excluded from the effect of this setting. Defaults to <literal>yes</literal>.</para></listitem> |
| </varlistentry> |
| |
| </variablelist> |
| </refsect1> |
| |
| <refsect1> |
| <title>See Also</title> |
| <para> |
| <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>loginctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
| </para> |
| </refsect1> |
| |
| </refentry> |