1LOGIND.CONF(5) logind.conf LOGIND.CONF(5)
2
6 logind.conf, logind.conf.d - Login manager configuration files
7
9 /etc/systemd/logind.conf
10 /etc/systemd/logind.conf.d/*.conf
12 /run/systemd/logind.conf.d/*.conf
14 /usr/lib/systemd/logind.conf.d/*.conf
16
18 These files configure various parameters of the systemd login manager,
19 systemd-logind.service(8). See systemd.syntax(5) for a general
20 description of the syntax.
21
23 The default configuration is defined during compilation, so a
24 configuration file is only needed when it is necessary to deviate from
25 those defaults. By default, the configuration file in /etc/systemd/
26 contains commented out entries showing the defaults as a guide to the
27 administrator. This file can be edited to create local overrides.
28 When packages need to customize the configuration, they can install
30 configuration snippets in /usr/lib/systemd/*.conf.d/. Files in /etc/
31 are reserved for the local administrator, who may use this logic to
32 override the configuration files installed by vendor packages. The main
33 configuration file is read before any of the configuration directories,
34 and has the lowest precedence; entries in a file in any configuration
35 directory override entries in the single configuration file. Files in
36 the *.conf.d/ configuration subdirectories are sorted by their filename
37 in lexicographic order, regardless of which of the subdirectories they
38 reside in. When multiple files specify the same option, for options
39 which accept just a single value, the entry in the file with the
40 lexicographically latest name takes precedence. For options which
41 accept a list of values, entries are collected as they occur in files
42 sorted lexicographically. It is recommended to prefix all filenames in
43 those subdirectories with a two-digit number and a dash, to simplify
44 the ordering of the files.
45 To disable a configuration file supplied by the vendor, the recommended
47 way is to place a symlink to /dev/null in the configuration directory
48 in /etc/, with the same filename as the vendor configuration file.
49
51 All options are configured in the "[Login]" section:
52 NAutoVTs=
54 Takes a positive integer. Configures how many virtual terminals
55 (VTs) to allocate by default that, when switched to and are
56 previously unused, "autovt" services are automatically spawned on.
57 These services are instantiated from the template unit
58 autovt@.service for the respective VT TTY name, for example,
59 autovt@tty4.service. By default, autovt@.service is linked to
60 getty@.service. In other words, login prompts are started
61 dynamically as the user switches to unused virtual terminals.
62 Hence, this parameter controls how many login "gettys" are
63 available on the VTs. If a VT is already used by some other
64 subsystem (for example, a graphical login), this kind of activation
65 will not be attempted. Note that the VT configured in ReserveVT= is
66 always subject to this kind of activation, even if it is not one of
67 the VTs configured with the NAutoVTs= directive. Defaults to 6.
68 When set to 0, automatic spawning of "autovt" services is disabled.
69 ReserveVT=
71 Takes a positive integer. Identifies one virtual terminal that
72 shall unconditionally be reserved for autovt@.service activation
73 (see above). The VT selected with this option will be marked busy
74 unconditionally, so that no other subsystem will allocate it. This
75 functionality is useful to ensure that, regardless of how many VTs
76 are allocated by other subsystems, one login "getty" is always
77 available. Defaults to 6 (in other words, there will always be a
78 "getty" available on Alt-F6.). When set to 0, VT reservation is
79 disabled.
80 KillUserProcesses=
82 Takes a boolean argument. Configures whether the processes of a
83 user should be killed when the user logs out. If true, the scope
84 unit corresponding to the session and all processes inside that
85 scope will be terminated. If false, the scope is "abandoned", see
86 systemd.scope(5), and processes are not killed. Defaults to "no",
87 but see the options KillOnlyUsers= and KillExcludeUsers= below.
88 In addition to session processes, user process may run under the
90 user manager unit user@.service. Depending on the linger settings,
91 this may allow users to run processes independent of their login
92 sessions. See the description of enable-linger in loginctl(1).
93 Note that setting KillUserProcesses=yes will break tools like
95 screen(1) and tmux(1), unless they are moved out of the session
96 scope. See example in systemd-run(1).
97 KillOnlyUsers=, KillExcludeUsers=
99 These settings take space-separated lists of usernames that
100 override the KillUserProcesses= setting. A user name may be added
101 to KillExcludeUsers= to exclude the processes in the session scopes
102 of that user from being killed even if KillUserProcesses=yes is
103 set. If KillExcludeUsers= is not set, the "root" user is excluded
104 by default. KillExcludeUsers= may be set to an empty value to
105 override this default. If a user is not excluded, KillOnlyUsers= is
106 checked next. If this setting is specified, only the session scopes
107 of those users will be killed. Otherwise, users are subject to the
108 KillUserProcesses=yes setting.
109 IdleAction=
111 Configures the action to take when the system is idle. Takes one of
112 "ignore", "poweroff", "reboot", "halt", "kexec", "suspend",
113 "hibernate", "hybrid-sleep", "suspend-then-hibernate", and "lock".
114 Defaults to "ignore".
115 Note that this requires that user sessions correctly report the
117 idle status to the system. The system will execute the action after
118 all sessions report that they are idle, no idle inhibitor lock is
119 active, and subsequently, the time configured with IdleActionSec=
120 (see below) has expired.
121 IdleActionSec=
123 Configures the delay after which the action configured in
124 IdleAction= (see above) is taken after the system is idle.
125 InhibitDelayMaxSec=
127 Specifies the maximum time a system shutdown or sleep request is
128 delayed due to an inhibitor lock of type "delay" being active
129 before the inhibitor is ignored and the operation executes anyway.
130 Defaults to 5.
131 HandlePowerKey=, HandleSuspendKey=, HandleHibernateKey=,
133 HandleLidSwitch=, HandleLidSwitchExternalPower=, HandleLidSwitchDocked=
134 Controls how logind shall handle the system power and sleep keys
135 and the lid switch to trigger actions such as system power-off or
136 suspend. Can be one of "ignore", "poweroff", "reboot", "halt",
137 "kexec", "suspend", "hibernate", "hybrid-sleep",
138 "suspend-then-hibernate", and "lock". If "ignore", logind will
139 never handle these keys. If "lock", all running sessions will be
140 screen-locked; otherwise, the specified action will be taken in the
141 respective event. Only input devices with the "power-switch" udev
142 tag will be watched for key/lid switch events. HandlePowerKey=
143 defaults to "poweroff". HandleSuspendKey= and HandleLidSwitch=
144 default to "suspend". HandleLidSwitchExternalPower= is completely
145 ignored by default (for backwards compatibility) — an explicit
146 value must be set before it will be used to determine behaviour.
147 HandleLidSwitchDocked= defaults to "ignore". HandleHibernateKey=
148 defaults to "hibernate". If the system is inserted in a docking
149 station, or if more than one display is connected, the action
150 specified by HandleLidSwitchDocked= occurs; if the system is on
151 external power the action (if any) specified by
152 HandleLidSwitchExternalPower= occurs; otherwise the
153 HandleLidSwitch= action occurs.
154 A different application may disable logind's handling of system
156 power and sleep keys and the lid switch by taking a low-level
157 inhibitor lock ("handle-power-key", "handle-suspend-key",
158 "handle-hibernate-key", "handle-lid-switch"). This is most commonly
159 used by graphical desktop environments to take over suspend and
160 hibernation handling, and to use their own configuration
161 mechanisms. If a low-level inhibitor lock is taken, logind will not
162 take any action when that key or switch is triggered and the
163 Handle*= settings are irrelevant.
164 PowerKeyIgnoreInhibited=, SuspendKeyIgnoreInhibited=,
166 HibernateKeyIgnoreInhibited=, LidSwitchIgnoreInhibited=
167 Controls whether actions that systemd-logind takes when the power
168 and sleep keys and the lid switch are triggered are subject to
169 high-level inhibitor locks ("shutdown", "sleep", "idle"). Low level
170 inhibitor locks ("handle-power-key", "handle-suspend-key",
171 "handle-hibernate-key", "handle-lid-switch"), are always honored,
172 irrespective of this setting.
173 These settings take boolean arguments. If "no", the inhibitor locks
175 taken by applications are respected. If "yes", "shutdown", "sleep",
176 and "idle" inhibitor locks are ignored. PowerKeyIgnoreInhibited=,
177 SuspendKeyIgnoreInhibited=, and HibernateKeyIgnoreInhibited=
178 default to "no". LidSwitchIgnoreInhibited= defaults to "yes". This
179 means that when systemd-logind is handling events by itself (no low
180 level inhibitor locks are taken by another application), the lid
181 switch does not respect suspend blockers by default, but the power
182 and sleep keys do.
183 HoldoffTimeoutSec=
185 Specifies the timeout after system startup or system resume in
186 which systemd will hold off on reacting to lid events. This is
187 required for the system to properly detect any hotplugged devices
188 so systemd can ignore lid events if external monitors, or docks,
189 are connected. If set to 0, systemd will always react immediately,
190 possibly before the kernel fully probed all hotplugged devices.
191 This is safe, as long as you do not care for systemd to account for
192 devices that have been plugged or unplugged while the system was
193 off. Defaults to 30s.
194 RuntimeDirectorySize=
196 Sets the size limit on the $XDG_RUNTIME_DIR runtime directory for
197 each user who logs in. Takes a size in bytes, optionally suffixed
198 with the usual K, G, M, and T suffixes, to the base 1024 (IEC).
199 Alternatively, a numerical percentage suffixed by "%" may be
200 specified, which sets the size limit relative to the amount of
201 physical RAM. Defaults to 10%. Note that this size is a safety
202 limit only. As each runtime directory is a tmpfs file system, it
203 will only consume as much memory as is needed.
204 InhibitorsMax=
206 Controls the maximum number of concurrent inhibitors to permit.
207 Defaults to 8192 (8K).
208 SessionsMax=
210 Controls the maximum number of concurrent user sessions to manage.
211 Defaults to 8192 (8K). Depending on how the pam_systemd.so module
212 is included in the PAM stack configuration, further login sessions
213 will either be refused, or permitted but not tracked by
214 systemd-logind.
215 RemoveIPC=
217 Controls whether System V and POSIX IPC objects belonging to the
218 user shall be removed when the user fully logs out. Takes a boolean
219 argument. If enabled, the user may not consume IPC resources after
220 the last of the user's sessions terminated. This covers System V
221 semaphores, shared memory and message queues, as well as POSIX
222 shared memory and message queues. Note that IPC objects of the root
223 user and other system users are excluded from the effect of this
224 setting. Defaults to "no".
225
227 systemd(1), systemd-logind.service(8), loginctl(1), systemd-
228 system.conf(5)
229systemd 239 LOGIND.CONF(5)