summaryrefslogtreecommitdiffstats
path: root/man/logind.conf.xml
blob: be62b6b572307cf1ec9f96f3ce0e2a227896e067 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
<?xml version='1.0'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY % entities SYSTEM "custom-entities.ent" >
%entities;
]>
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->

<refentry id="logind.conf" conditional='ENABLE_LOGIND'
    xmlns:xi="http://www.w3.org/2001/XInclude">
  <refentryinfo>
    <title>logind.conf</title>
    <productname>systemd</productname>
  </refentryinfo>

  <refmeta>
    <refentrytitle>logind.conf</refentrytitle>
    <manvolnum>5</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>logind.conf</refname>
    <refname>logind.conf.d</refname>
    <refpurpose>Login manager configuration files</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <para><filename>/etc/systemd/logind.conf</filename></para>
    <para><filename>/etc/systemd/logind.conf.d/*.conf</filename></para>
    <para><filename>/run/systemd/logind.conf.d/*.conf</filename></para>
    <para><filename>/usr/lib/systemd/logind.conf.d/*.conf</filename></para>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para>These files configure various parameters of the systemd login manager,
    <citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>. See
    <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>7</manvolnum></citerefentry>
    for a general description of the syntax.</para>
  </refsect1>

  <xi:include href="standard-conf.xml" xpointer="main-conf" />

  <refsect1>
    <title>Options</title>

    <para>All options are configured in the
    [Login] section:</para>

    <variablelist class='config-directives'>

      <varlistentry>
        <term><varname>NAutoVTs=</varname></term>

        <listitem><para>Takes a positive integer. Configures how many
        virtual terminals (VTs) to allocate by default that, when
        switched to and are previously unused,
        <literal>autovt</literal> services are automatically spawned
        on. These services are instantiated from the template unit
        <filename>autovt@.service</filename> for the respective VT TTY
        name, for example, <filename>autovt@tty4.service</filename>.
        By default, <filename>autovt@.service</filename> is linked to
        <filename>getty@.service</filename>. In other words, login
        prompts are started dynamically as the user switches to unused
        virtual terminals. Hence, this parameter controls how many
        login <literal>gettys</literal> are available on the VTs. If a
        VT is already used by some other subsystem (for example, a
        graphical login), this kind of activation will not be
        attempted. Note that the VT configured in
        <varname>ReserveVT=</varname> is always subject to this kind
        of activation, even if it is not one of the VTs configured
        with the <varname>NAutoVTs=</varname> directive. Defaults to
        6. When set to 0, automatic spawning of
        <literal>autovt</literal> services is
        disabled.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>ReserveVT=</varname></term>

        <listitem><para>Takes a positive integer. Identifies one
        virtual terminal that shall unconditionally be reserved for
        <filename>autovt@.service</filename> activation (see above).
        The VT selected with this option will be marked busy
        unconditionally, so that no other subsystem will allocate it.
        This functionality is useful to ensure that, regardless of how
        many VTs are allocated by other subsystems, one login
        <literal>getty</literal> is always available. Defaults to 6
        (in other words, there will always be a
        <literal>getty</literal> available on Alt-F6.). When set to 0,
        VT reservation is disabled.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>KillUserProcesses=</varname></term>

        <listitem><para>Takes a boolean argument. Configures whether the processes of a
        user should be killed when the user logs out. If true, the scope unit
        corresponding to the session and all processes inside that scope will be
        terminated. If false, the scope is "abandoned", see
        <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
        and processes are not killed. Defaults to <literal>&KILL_USER_PROCESSES;</literal>,
        but see the options <varname>KillOnlyUsers=</varname> and
        <varname>KillExcludeUsers=</varname> below.</para>

        <para>In addition to session processes, user process may run under the user
        manager unit <filename>user@.service</filename>. Depending on the linger
        settings, this may allow users to run processes independent of their login
        sessions. See the description of <command>enable-linger</command> in
        <citerefentry><refentrytitle>loginctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
        </para>

        <para>Note that setting <varname>KillUserProcesses=yes</varname>
        will break tools like
        <citerefentry project='die-net'><refentrytitle>screen</refentrytitle><manvolnum>1</manvolnum></citerefentry>
        and
        <citerefentry project='die-net'><refentrytitle>tmux</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
        unless they are moved out of the session scope. See example in
        <citerefentry><refentrytitle>systemd-run</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>KillOnlyUsers=</varname></term>
        <term><varname>KillExcludeUsers=</varname></term>

        <listitem><para>These settings take space-separated lists of usernames that override the
        <varname>KillUserProcesses=</varname> setting. A user name may be added to
        <varname>KillExcludeUsers=</varname> to exclude the processes in the session scopes of that user from
        being killed even if <varname>KillUserProcesses=yes</varname> is set. If
        <varname>KillExcludeUsers=</varname> is not set, the <literal>root</literal> user is excluded by
        default. <varname>KillExcludeUsers=</varname> may be set to an empty value to override this
        default. If a user is not excluded, <varname>KillOnlyUsers=</varname> is checked next. If this
        setting is specified, only the processes in the session scopes of those users will be
        killed. Otherwise, users are subject to the <varname>KillUserProcesses=yes</varname> setting.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>IdleAction=</varname></term>

        <listitem><para>Configures the action to take when the system
        is idle. Takes one of
        <literal>ignore</literal>,
        <literal>poweroff</literal>,
        <literal>reboot</literal>,
        <literal>halt</literal>,
        <literal>kexec</literal>,
        <literal>suspend</literal>,
        <literal>hibernate</literal>,
        <literal>hybrid-sleep</literal>,
        <literal>suspend-then-hibernate</literal>, and
        <literal>lock</literal>.
        Defaults to <literal>ignore</literal>.</para>

        <para>Note that this requires that user sessions correctly
        report the idle status to the system. The system will execute
        the action after all sessions report that they are idle, no
        idle inhibitor lock is active, and subsequently, the time
        configured with <varname>IdleActionSec=</varname> (see below)
        has expired.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>IdleActionSec=</varname></term>

        <listitem><para>Configures the delay after which the action
        configured in <varname>IdleAction=</varname> (see above) is
        taken after the system is idle.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>InhibitDelayMaxSec=</varname></term>

        <listitem><para>Specifies the maximum time a system shutdown
        or sleep request is delayed due to an inhibitor lock of type
        <literal>delay</literal> being active before the inhibitor is
        ignored and the operation executes anyway. Defaults to
        5.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>UserStopDelaySec=</varname></term>

        <listitem><para>Specifies how long to keep the user record and per-user service
        <filename>user@.service</filename> around for a user after they logged out fully. If set to zero, the per-user
        service is terminated immediately when the last session of the user has ended. If this option is configured to
        non-zero rapid logout/login cycles are sped up, as the user's service manager is not constantly restarted. If
        set to <literal>infinity</literal> the per-user service for a user is never terminated again after first login,
        and continues to run until system shutdown. Defaults to 10s.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>HandlePowerKey=</varname></term>
        <term><varname>HandleSuspendKey=</varname></term>
        <term><varname>HandleHibernateKey=</varname></term>
        <term><varname>HandleLidSwitch=</varname></term>
        <term><varname>HandleLidSwitchExternalPower=</varname></term>
        <term><varname>HandleLidSwitchDocked=</varname></term>
        <term><varname>HandleRebootKey=</varname></term>

        <listitem><para>Controls how logind shall handle the
        system power, reboot and sleep keys and the lid switch to trigger
        actions such as system power-off, reboot or suspend. Can be one of
        <literal>ignore</literal>,
        <literal>poweroff</literal>,
        <literal>reboot</literal>,
        <literal>halt</literal>,
        <literal>kexec</literal>,
        <literal>suspend</literal>,
        <literal>hibernate</literal>,
        <literal>hybrid-sleep</literal>,
        <literal>suspend-then-hibernate</literal>, and
        <literal>lock</literal>.
        If <literal>ignore</literal>, logind will never handle these
        keys. If <literal>lock</literal>, all running sessions will be
        screen-locked; otherwise, the specified action will be taken
        in the respective event. Only input devices with the
        <literal>power-switch</literal> udev tag will be watched for
        key/lid switch events. <varname>HandlePowerKey=</varname>
        defaults to <literal>poweroff</literal>, <varname>HandleRebootKey=</varname>
        defaults to <literal>reboot</literal>.
        <varname>HandleSuspendKey=</varname> and
        <varname>HandleLidSwitch=</varname> default to
        <literal>suspend</literal>.
        <varname>HandleLidSwitchExternalPower=</varname> is completely
        ignored by default (for backwards compatibility)  an explicit
        value must be set before it will be used to determine
        behaviour. <varname>HandleLidSwitchDocked=</varname> defaults
        to <literal>ignore</literal>.
        <varname>HandleHibernateKey=</varname> defaults to
        <literal>hibernate</literal>. If the system is inserted in a
        docking station, or if more than one display is connected, the
        action specified by <varname>HandleLidSwitchDocked=</varname>
        occurs; if the system is on external power the action (if any)
        specified by <varname>HandleLidSwitchExternalPower=</varname>
        occurs; otherwise the <varname>HandleLidSwitch=</varname>
        action occurs.</para>

        <para>A different application may disable logind's handling of system power and
        sleep keys and the lid switch by taking a low-level inhibitor lock
        (<literal>handle-power-key</literal>, <literal>handle-suspend-key</literal>,
        <literal>handle-hibernate-key</literal>, <literal>handle-lid-switch</literal>,
        <literal>handle-reboot-switch</literal>).
        This is most commonly used by graphical desktop environments
        to take over suspend and hibernation handling, and to use their own configuration
        mechanisms. If a low-level inhibitor lock is taken, logind will not take any
        action when that key or switch is triggered and the <varname>Handle*=</varname>
        settings are irrelevant.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>PowerKeyIgnoreInhibited=</varname></term>
        <term><varname>SuspendKeyIgnoreInhibited=</varname></term>
        <term><varname>HibernateKeyIgnoreInhibited=</varname></term>
        <term><varname>LidSwitchIgnoreInhibited=</varname></term>
        <term><varname>RebootKeyIgnoreInhibited=</varname></term>

        <listitem><para>Controls whether actions that <command>systemd-logind</command>
        takes when the power, reboot and sleep keys and the lid switch are triggered are subject
        to high-level inhibitor locks ("shutdown", "reboot", "sleep", "idle"). Low level inhibitor
        locks (<literal>handle-power-key</literal>, <literal>handle-suspend-key</literal>,
        <literal>handle-hibernate-key</literal>, <literal>handle-lid-switch</literal>,
        <literal>handle-reboot-key</literal>),
        are always honored, irrespective of this setting.</para>

        <para>These settings take boolean arguments. If <literal>no</literal>, the
        inhibitor locks taken by applications are respected. If <literal>yes</literal>,
        "shutdown", "reboot" "sleep", and "idle" inhibitor locks are ignored.
        <varname>PowerKeyIgnoreInhibited=</varname>,
        <varname>SuspendKeyIgnoreInhibited=</varname>,
        <varname>HibernateKeyIgnoreInhibited=</varname> and
        <varname>RebootKeyIgnoreInhibited=</varname> default to <literal>no</literal>.
        <varname>LidSwitchIgnoreInhibited=</varname> defaults to <literal>yes</literal>.
        This means that when <command>systemd-logind</command> is handling events by
        itself (no low level inhibitor locks are taken by another application), the lid
        switch does not respect suspend blockers by default, but the power and sleep keys
        do.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>HoldoffTimeoutSec=</varname></term>

        <listitem><para>Specifies a period of time after system startup or
        system resume in which systemd will hold off on reacting to
        lid events. This is required for the system to properly
        detect any hotplugged devices so systemd can ignore lid events
        if external monitors, or docks, are connected. If set to 0,
        systemd will always react immediately, possibly before the
        kernel fully probed all hotplugged devices. This is safe, as
        long as you do not care for systemd to account for devices
        that have been plugged or unplugged while the system was off.
        Defaults to 30s.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>RuntimeDirectorySize=</varname></term>

        <listitem><para>Sets the size limit on the
        <varname>$XDG_RUNTIME_DIR</varname> runtime directory for each
        user who logs in. Takes a size in bytes, optionally suffixed
        with the usual K, G, M, and T suffixes, to the base 1024
        (IEC). Alternatively, a numerical percentage suffixed by
        <literal>%</literal> may be specified, which sets the size
        limit relative to the amount of physical RAM. Defaults to 10%.
        Note that this size is a safety limit only. As each runtime
        directory is a tmpfs file system, it will only consume as much
        memory as is needed.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>RuntimeDirectoryInodesMax=</varname></term>

        <listitem><para>Sets the limit on number of inodes for the
        <varname>$XDG_RUNTIME_DIR</varname> runtime directory for each
        user who logs in. Takes a number, optionally suffixed with the
        usual K, G, M, and T suffixes, to the base 1024 (IEC).
        Defaults to <varname>RuntimeDirectorySize=</varname> divided
        by 4096. Note that this size is a safety limit only.
        As each runtime directory is a tmpfs file system, it will
        only consume as much memory as is needed.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>InhibitorsMax=</varname></term>

        <listitem><para>Controls the maximum number of concurrent inhibitors to permit. Defaults to 8192
        (8K).</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>SessionsMax=</varname></term>

        <listitem><para>Controls the maximum number of concurrent user sessions to manage. Defaults to 8192
        (8K). Depending on how the <filename>pam_systemd.so</filename> module is included in the PAM stack
        configuration, further login sessions will either be refused, or permitted but not tracked by
        <filename>systemd-logind</filename>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>RemoveIPC=</varname></term>

        <listitem><para>Controls whether System V and POSIX IPC objects belonging to the user shall be removed when the
        user fully logs out. Takes a boolean argument. If enabled, the user may not consume IPC resources after the
        last of the user's sessions terminated. This covers System V semaphores, shared memory and message queues, as
        well as POSIX shared memory and message queues. Note that IPC objects of the root user and other system users
        are excluded from the effect of this setting. Defaults to <literal>yes</literal>.</para></listitem>
      </varlistentry>

    </variablelist>
  </refsect1>

  <refsect1>
      <title>See Also</title>
      <para>
        <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
        <citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
        <citerefentry><refentrytitle>loginctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
        <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
      </para>
  </refsect1>

</refentry>