1LOGINCTL(1) loginctl LOGINCTL(1)
2
3
4
6 loginctl - Control the systemd login manager
7
9 loginctl [OPTIONS...] {COMMAND} [NAME...]
10
12 loginctl may be used to introspect and control the state of the
13 systemd(1) login manager systemd-logind.service(8).
14
16 The following commands are understood:
17
18 Session Commands
19 list-sessions
20 List current sessions.
21
22 session-status [ID...]
23 Show terse runtime status information about one or more sessions,
24 followed by the most recent log data from the journal. Takes one or
25 more session identifiers as parameters. If no session identifiers
26 are passed, the status of the caller's session is shown. This
27 function is intended to generate human-readable output. If you are
28 looking for computer-parsable output, use show-session instead.
29
30 show-session [ID...]
31 Show properties of one or more sessions or the manager itself. If
32 no argument is specified, properties of the manager will be shown.
33 If a session ID is specified, properties of the session are shown.
34 By default, empty properties are suppressed. Use --all to show
35 those too. To select specific properties to show, use --property=.
36 This command is intended to be used whenever computer-parsable
37 output is required. Use session-status if you are looking for
38 formatted human-readable output.
39
40 activate [ID]
41 Activate a session. This brings a session into the foreground if
42 another session is currently in the foreground on the respective
43 seat. Takes a session identifier as argument. If no argument is
44 specified, the session of the caller is put into foreground.
45
46 lock-session [ID...], unlock-session [ID...]
47 Activates/deactivates the screen lock on one or more sessions, if
48 the session supports it. Takes one or more session identifiers as
49 arguments. If no argument is specified, the session of the caller
50 is locked/unlocked.
51
52 lock-sessions, unlock-sessions
53 Activates/deactivates the screen lock on all current sessions
54 supporting it.
55
56 terminate-session ID...
57 Terminates a session. This kills all processes of the session and
58 deallocates all resources attached to the session.
59
60 kill-session ID...
61 Send a signal to one or more processes of the session. Use
62 --kill-who= to select which process to kill. Use --signal= to
63 select the signal to send.
64
65 User Commands
66 list-users
67 List currently logged in users.
68
69 user-status [USER...]
70 Show terse runtime status information about one or more logged in
71 users, followed by the most recent log data from the journal. Takes
72 one or more user names or numeric user IDs as parameters. If no
73 parameters are passed, the status is shown for the user of the
74 session of the caller. This function is intended to generate
75 human-readable output. If you are looking for computer-parsable
76 output, use show-user instead.
77
78 show-user [USER...]
79 Show properties of one or more users or the manager itself. If no
80 argument is specified, properties of the manager will be shown. If
81 a user is specified, properties of the user are shown. By default,
82 empty properties are suppressed. Use --all to show those too. To
83 select specific properties to show, use --property=. This command
84 is intended to be used whenever computer-parsable output is
85 required. Use user-status if you are looking for formatted
86 human-readable output.
87
88 enable-linger [USER...], disable-linger [USER...]
89 Enable/disable user lingering for one or more users. If enabled for
90 a specific user, a user manager is spawned for the user at boot and
91 kept around after logouts. This allows users who are not logged in
92 to run long-running services. Takes one or more user names or
93 numeric UIDs as argument. If no argument is specified,
94 enables/disables lingering for the user of the session of the
95 caller.
96
97 See also KillUserProcesses= setting in logind.conf(5).
98
99 terminate-user USER...
100 Terminates all sessions of a user. This kills all processes of all
101 sessions of the user and deallocates all runtime resources attached
102 to the user.
103
104 kill-user USER...
105 Send a signal to all processes of a user. Use --signal= to select
106 the signal to send.
107
108 Seat Commands
109 list-seats
110 List currently available seats on the local system.
111
112 seat-status [NAME...]
113 Show terse runtime status information about one or more seats.
114 Takes one or more seat names as parameters. If no seat names are
115 passed the status of the caller's session's seat is shown. This
116 function is intended to generate human-readable output. If you are
117 looking for computer-parsable output, use show-seat instead.
118
119 show-seat [NAME...]
120 Show properties of one or more seats or the manager itself. If no
121 argument is specified, properties of the manager will be shown. If
122 a seat is specified, properties of the seat are shown. By default,
123 empty properties are suppressed. Use --all to show those too. To
124 select specific properties to show, use --property=. This command
125 is intended to be used whenever computer-parsable output is
126 required. Use seat-status if you are looking for formatted
127 human-readable output.
128
129 attach NAME DEVICE...
130 Persistently attach one or more devices to a seat. The devices
131 should be specified via device paths in the /sys/ file system. To
132 create a new seat, attach at least one graphics card to a
133 previously unused seat name. Seat names may consist only of a–z,
134 A–Z, 0–9, "-" and "_" and must be prefixed with "seat". To drop
135 assignment of a device to a specific seat, just reassign it to a
136 different seat, or use flush-devices.
137
138 flush-devices
139 Removes all device assignments previously created with attach.
140 After this call, only automatically generated seats will remain,
141 and all seat hardware is assigned to them.
142
143 terminate-seat NAME...
144 Terminates all sessions on a seat. This kills all processes of all
145 sessions on the seat and deallocates all runtime resources attached
146 to them.
147
149 The following options are understood:
150
151 --no-ask-password
152 Do not query the user for authentication for privileged operations.
153
154 -p, --property=
155 When showing session/user/seat properties, limit display to certain
156 properties as specified as argument. If not specified, all set
157 properties are shown. The argument should be a property name, such
158 as "Sessions". If specified more than once, all properties with the
159 specified names are shown.
160
161 --value
162 When showing session/user/seat properties, only print the value,
163 and skip the property name and "=".
164
165 -a, --all
166 When showing session/user/seat properties, show all properties
167 regardless of whether they are set or not.
168
169 -l, --full
170 Do not ellipsize process tree entries.
171
172 --kill-who=
173 When used with kill-session, choose which processes to kill. Must
174 be one of leader, or all to select whether to kill only the leader
175 process of the session or all processes of the session. If omitted,
176 defaults to all.
177
178 -s, --signal=
179 When used with kill-session or kill-user, choose which signal to
180 send to selected processes. Must be one of the well known signal
181 specifiers, such as SIGTERM, SIGINT or SIGSTOP. If omitted,
182 defaults to SIGTERM.
183
184 The special value "help" will list the known values and the program
185 will exit immediately, and the special value "list" will list known
186 values along with the numerical signal numbers and the program will
187 exit immediately.
188
189 -n, --lines=
190 When used with user-status and session-status, controls the number
191 of journal lines to show, counting from the most recent ones. Takes
192 a positive integer argument. Defaults to 10.
193
194 -o, --output=
195 When used with user-status and session-status, controls the
196 formatting of the journal entries that are shown. For the available
197 choices, see journalctl(1). Defaults to "short".
198
199 -H, --host=
200 Execute the operation remotely. Specify a hostname, or a username
201 and hostname separated by "@", to connect to. The hostname may
202 optionally be suffixed by a port ssh is listening on, separated by
203 ":", and then a container name, separated by "/", which connects
204 directly to a specific container on the specified host. This will
205 use SSH to talk to the remote machine manager instance. Container
206 names may be enumerated with machinectl -H HOST. Put IPv6 addresses
207 in brackets.
208
209 -M, --machine=
210 Execute operation on a local container. Specify a container name to
211 connect to, optionally prefixed by a user name to connect as and a
212 separating "@" character. If the special string ".host" is used in
213 place of the container name, a connection to the local system is
214 made (which is useful to connect to a specific user's user bus:
215 "--user --machine=lennart@.host"). If the "@" syntax is not used,
216 the connection is made as root user. If the "@" syntax is used
217 either the left hand side or the right hand side may be omitted
218 (but not both) in which case the local user name and ".host" are
219 implied.
220
221 --no-pager
222 Do not pipe output into a pager.
223
224 --no-legend
225 Do not print the legend, i.e. column headers and the footer with
226 hints.
227
228 -h, --help
229 Print a short help text and exit.
230
231 --version
232 Print a short version string and exit.
233
235 On success, 0 is returned, a non-zero failure code otherwise.
236
238 Example 1. Querying user status
239
240 $ loginctl user-status
241 fatima (1005)
242 Since: Sat 2016-04-09 14:23:31 EDT; 54min ago
243 State: active
244 Sessions: 5 *3
245 Unit: user-1005.slice
246 ├─user@1005.service
247 ...
248 ├─session-3.scope
249 ...
250 └─session-5.scope
251 ├─3473 login -- fatima
252 └─3515 -zsh
253
254 Apr 09 14:40:30 laptop login[2325]: pam_unix(login:session):
255 session opened for user fatima by LOGIN(uid=0)
256 Apr 09 14:40:30 laptop login[2325]: LOGIN ON tty3 BY fatima
257
258 There are two sessions, 3 and 5. Session 3 is a graphical session,
259 marked with a star. The tree of processing including the two
260 corresponding scope units and the user manager unit are shown.
261
263 $SYSTEMD_LOG_LEVEL
264 The maximum log level of emitted messages (messages with a higher
265 log level, i.e. less important ones, will be suppressed). Either
266 one of (in order of decreasing importance) emerg, alert, crit, err,
267 warning, notice, info, debug, or an integer in the range 0...7. See
268 syslog(3) for more information.
269
270 $SYSTEMD_LOG_COLOR
271 A boolean. If true, messages written to the tty will be colored
272 according to priority.
273
274 This setting is only useful when messages are written directly to
275 the terminal, because journalctl(1) and other tools that display
276 logs will color messages based on the log level on their own.
277
278 $SYSTEMD_LOG_TIME
279 A boolean. If true, log messages will be prefixed with a timestamp.
280
281 This setting is only useful when messages are written directly to
282 the terminal or a file, because journalctl(1) and other tools that
283 display logs will attach timestamps based on the entry metadata on
284 their own.
285
286 $SYSTEMD_LOG_LOCATION
287 A boolean. If true, messages will be prefixed with a filename and
288 line number in the source code where the message originates.
289
290 Note that the log location is often attached as metadata to journal
291 entries anyway. Including it directly in the message text can
292 nevertheless be convenient when debugging programs.
293
294 $SYSTEMD_LOG_TID
295 A boolean. If true, messages will be prefixed with the current
296 numerical thread ID (TID).
297
298 Note that the this information is attached as metadata to journal
299 entries anyway. Including it directly in the message text can
300 nevertheless be convenient when debugging programs.
301
302 $SYSTEMD_LOG_TARGET
303 The destination for log messages. One of console (log to the
304 attached tty), console-prefixed (log to the attached tty but with
305 prefixes encoding the log level and "facility", see syslog(3), kmsg
306 (log to the kernel circular log buffer), journal (log to the
307 journal), journal-or-kmsg (log to the journal if available, and to
308 kmsg otherwise), auto (determine the appropriate log target
309 automatically, the default), null (disable log output).
310
311 $SYSTEMD_PAGER
312 Pager to use when --no-pager is not given; overrides $PAGER. If
313 neither $SYSTEMD_PAGER nor $PAGER are set, a set of well-known
314 pager implementations are tried in turn, including less(1) and
315 more(1), until one is found. If no pager implementation is
316 discovered no pager is invoked. Setting this environment variable
317 to an empty string or the value "cat" is equivalent to passing
318 --no-pager.
319
320 $SYSTEMD_LESS
321 Override the options passed to less (by default "FRSXMK").
322
323 Users might want to change two options in particular:
324
325 K
326 This option instructs the pager to exit immediately when Ctrl+C
327 is pressed. To allow less to handle Ctrl+C itself to switch
328 back to the pager command prompt, unset this option.
329
330 If the value of $SYSTEMD_LESS does not include "K", and the
331 pager that is invoked is less, Ctrl+C will be ignored by the
332 executable, and needs to be handled by the pager.
333
334 X
335 This option instructs the pager to not send termcap
336 initialization and deinitialization strings to the terminal. It
337 is set by default to allow command output to remain visible in
338 the terminal even after the pager exits. Nevertheless, this
339 prevents some pager functionality from working, in particular
340 paged output cannot be scrolled with the mouse.
341
342 See less(1) for more discussion.
343
344 $SYSTEMD_LESSCHARSET
345 Override the charset passed to less (by default "utf-8", if the
346 invoking terminal is determined to be UTF-8 compatible).
347
348 $SYSTEMD_PAGERSECURE
349 Takes a boolean argument. When true, the "secure" mode of the pager
350 is enabled; if false, disabled. If $SYSTEMD_PAGERSECURE is not set
351 at all, secure mode is enabled if the effective UID is not the same
352 as the owner of the login session, see geteuid(2) and
353 sd_pid_get_owner_uid(3). In secure mode, LESSSECURE=1 will be set
354 when invoking the pager, and the pager shall disable commands that
355 open or create new files or start new subprocesses. When
356 $SYSTEMD_PAGERSECURE is not set at all, pagers which are not known
357 to implement secure mode will not be used. (Currently only less(1)
358 implements secure mode.)
359
360 Note: when commands are invoked with elevated privileges, for
361 example under sudo(8) or pkexec(1), care must be taken to ensure
362 that unintended interactive features are not enabled. "Secure" mode
363 for the pager may be enabled automatically as describe above.
364 Setting SYSTEMD_PAGERSECURE=0 or not removing it from the inherited
365 environment allows the user to invoke arbitrary commands. Note that
366 if the $SYSTEMD_PAGER or $PAGER variables are to be honoured,
367 $SYSTEMD_PAGERSECURE must be set too. It might be reasonable to
368 completely disable the pager using --no-pager instead.
369
370 $SYSTEMD_COLORS
371 Takes a boolean argument. When true, systemd and related utilities
372 will use colors in their output, otherwise the output will be
373 monochrome. Additionally, the variable can take one of the
374 following special values: "16", "256" to restrict the use of colors
375 to the base 16 or 256 ANSI colors, respectively. This can be
376 specified to override the automatic decision based on $TERM and
377 what the console is connected to.
378
379 $SYSTEMD_URLIFY
380 The value must be a boolean. Controls whether clickable links
381 should be generated in the output for terminal emulators supporting
382 this. This can be specified to override the decision that systemd
383 makes based on $TERM and other conditions.
384
386 systemd(1), systemctl(1), systemd-logind.service(8), logind.conf(5)
387
388
389
390systemd 248 LOGINCTL(1)