1LOGINCTL(1) loginctl LOGINCTL(1)
2
3
4
6 loginctl - Control the systemd login manager
7
9 loginctl [OPTIONS...] {COMMAND} [NAME...]
10
12 loginctl may be used to introspect and control the state of the
13 systemd(1) login manager systemd-logind.service(8).
14
16 The following commands are understood:
17
18 Session Commands
19 list-sessions
20 List current sessions.
21
22 session-status [ID...]
23 Show terse runtime status information about one or more sessions,
24 followed by the most recent log data from the journal. Takes one or
25 more session identifiers as parameters. If no session identifiers
26 are passed, the status of the caller's session is shown. This
27 function is intended to generate human-readable output. If you are
28 looking for computer-parsable output, use show-session instead.
29
30 show-session [ID...]
31 Show properties of one or more sessions or the manager itself. If
32 no argument is specified, properties of the manager will be shown.
33 If a session ID is specified, properties of the session are shown.
34 By default, empty properties are suppressed. Use --all to show
35 those too. To select specific properties to show, use --property=.
36 This command is intended to be used whenever computer-parsable
37 output is required. Use session-status if you are looking for
38 formatted human-readable output.
39
40 activate [ID]
41 Activate a session. This brings a session into the foreground if
42 another session is currently in the foreground on the respective
43 seat. Takes a session identifier as argument. If no argument is
44 specified, the session of the caller is put into foreground.
45
46 lock-session [ID...], unlock-session [ID...]
47 Activates/deactivates the screen lock on one or more sessions, if
48 the session supports it. Takes one or more session identifiers as
49 arguments. If no argument is specified, the session of the caller
50 is locked/unlocked.
51
52 lock-sessions, unlock-sessions
53 Activates/deactivates the screen lock on all current sessions
54 supporting it.
55
56 terminate-session ID...
57 Terminates a session. This kills all processes of the session and
58 deallocates all resources attached to the session.
59
60 kill-session ID...
61 Send a signal to one or more processes of the session. Use
62 --kill-who= to select which process to kill. Use --signal= to
63 select the signal to send.
64
65 User Commands
66 list-users
67 List currently logged in users.
68
69 user-status [USER...]
70 Show terse runtime status information about one or more logged in
71 users, followed by the most recent log data from the journal. Takes
72 one or more user names or numeric user IDs as parameters. If no
73 parameters are passed, the status is shown for the user of the
74 session of the caller. This function is intended to generate
75 human-readable output. If you are looking for computer-parsable
76 output, use show-user instead.
77
78 show-user [USER...]
79 Show properties of one or more users or the manager itself. If no
80 argument is specified, properties of the manager will be shown. If
81 a user is specified, properties of the user are shown. By default,
82 empty properties are suppressed. Use --all to show those too. To
83 select specific properties to show, use --property=. This command
84 is intended to be used whenever computer-parsable output is
85 required. Use user-status if you are looking for formatted
86 human-readable output.
87
88 enable-linger [USER...], disable-linger [USER...]
89 Enable/disable user lingering for one or more users. If enabled for
90 a specific user, a user manager is spawned for the user at boot and
91 kept around after logouts. This allows users who are not logged in
92 to run long-running services. Takes one or more user names or
93 numeric UIDs as argument. If no argument is specified,
94 enables/disables lingering for the user of the session of the
95 caller.
96
97 See also KillUserProcesses= setting in logind.conf(5).
98
99 terminate-user USER...
100 Terminates all sessions of a user. This kills all processes of all
101 sessions of the user and deallocates all runtime resources attached
102 to the user.
103
104 kill-user USER...
105 Send a signal to all processes of a user. Use --signal= to select
106 the signal to send.
107
108 Seat Commands
109 list-seats
110 List currently available seats on the local system.
111
112 seat-status [NAME...]
113 Show terse runtime status information about one or more seats.
114 Takes one or more seat names as parameters. If no seat names are
115 passed the status of the caller's session's seat is shown. This
116 function is intended to generate human-readable output. If you are
117 looking for computer-parsable output, use show-seat instead.
118
119 show-seat [NAME...]
120 Show properties of one or more seats or the manager itself. If no
121 argument is specified, properties of the manager will be shown. If
122 a seat is specified, properties of the seat are shown. By default,
123 empty properties are suppressed. Use --all to show those too. To
124 select specific properties to show, use --property=. This command
125 is intended to be used whenever computer-parsable output is
126 required. Use seat-status if you are looking for formatted
127 human-readable output.
128
129 attach NAME DEVICE...
130 Persistently attach one or more devices to a seat. The devices
131 should be specified via device paths in the /sys file system. To
132 create a new seat, attach at least one graphics card to a
133 previously unused seat name. Seat names may consist only of a–z,
134 A–Z, 0–9, "-" and "_" and must be prefixed with "seat". To drop
135 assignment of a device to a specific seat, just reassign it to a
136 different seat, or use flush-devices.
137
138 flush-devices
139 Removes all device assignments previously created with attach.
140 After this call, only automatically generated seats will remain,
141 and all seat hardware is assigned to them.
142
143 terminate-seat NAME...
144 Terminates all sessions on a seat. This kills all processes of all
145 sessions on the seat and deallocates all runtime resources attached
146 to them.
147
149 The following options are understood:
150
151 --no-ask-password
152 Do not query the user for authentication for privileged operations.
153
154 -p, --property=
155 When showing session/user/seat properties, limit display to certain
156 properties as specified as argument. If not specified, all set
157 properties are shown. The argument should be a property name, such
158 as "Sessions". If specified more than once, all properties with the
159 specified names are shown.
160
161 --value
162 When showing session/user/seat properties, only print the value,
163 and skip the property name and "=".
164
165 -a, --all
166 When showing session/user/seat properties, show all properties
167 regardless of whether they are set or not.
168
169 -l, --full
170 Do not ellipsize process tree entries.
171
172 --kill-who=
173 When used with kill-session, choose which processes to kill. Must
174 be one of leader, or all to select whether to kill only the leader
175 process of the session or all processes of the session. If omitted,
176 defaults to all.
177
178 -s, --signal=
179 When used with kill-session or kill-user, choose which signal to
180 send to selected processes. Must be one of the well known signal
181 specifiers, such as SIGTERM, SIGINT or SIGSTOP. If omitted,
182 defaults to SIGTERM.
183
184 -n, --lines=
185 When used with user-status and session-status, controls the number
186 of journal lines to show, counting from the most recent ones. Takes
187 a positive integer argument. Defaults to 10.
188
189 -o, --output=
190 When used with user-status and session-status, controls the
191 formatting of the journal entries that are shown. For the available
192 choices, see journalctl(1). Defaults to "short".
193
194 -H, --host=
195 Execute the operation remotely. Specify a hostname, or a username
196 and hostname separated by "@", to connect to. The hostname may
197 optionally be suffixed by a port ssh is listening on, separated by
198 ":", and then a container name, separated by "/", which connects
199 directly to a specific container on the specified host. This will
200 use SSH to talk to the remote machine manager instance. Container
201 names may be enumerated with machinectl -H HOST. Put IPv6 addresses
202 in brackets.
203
204 -M, --machine=
205 Execute operation on a local container. Specify a container name to
206 connect to.
207
208 --no-pager
209 Do not pipe output into a pager.
210
211 --no-legend
212 Do not print the legend, i.e. column headers and the footer with
213 hints.
214
215 -h, --help
216 Print a short help text and exit.
217
218 --version
219 Print a short version string and exit.
220
222 On success, 0 is returned, a non-zero failure code otherwise.
223
225 Example 1. Querying user status
226
227 $ loginctl user-status
228 fatima (1005)
229 Since: Sat 2016-04-09 14:23:31 EDT; 54min ago
230 State: active
231 Sessions: 5 *3
232 Unit: user-1005.slice
233 ├─user@1005.service
234 ...
235 ├─session-3.scope
236 ...
237 └─session-5.scope
238 ├─3473 login -- fatima
239 └─3515 -zsh
240
241 Apr 09 14:40:30 laptop login[2325]: pam_unix(login:session):
242 session opened for user fatima by LOGIN(uid=0)
243 Apr 09 14:40:30 laptop login[2325]: LOGIN ON tty3 BY fatima
244
245 There are two sessions, 3 and 5. Session 3 is a graphical session,
246 marked with a star. The tree of processing including the two
247 corresponding scope units and the user manager unit are shown.
248
250 $SYSTEMD_PAGER
251 Pager to use when --no-pager is not given; overrides $PAGER. If
252 neither $SYSTEMD_PAGER nor $PAGER are set, a set of well-known
253 pager implementations are tried in turn, including less(1) and
254 more(1), until one is found. If no pager implementation is
255 discovered no pager is invoked. Setting this environment variable
256 to an empty string or the value "cat" is equivalent to passing
257 --no-pager.
258
259 $SYSTEMD_LESS
260 Override the options passed to less (by default "FRSXMK").
261
262 Users might want to change two options in particular:
263
264 K
265 This option instructs the pager to exit immediately when Ctrl+C
266 is pressed. To allow less to handle Ctrl+C itself to switch
267 back to the pager command prompt, unset this option.
268
269 If the value of $SYSTEMD_LESS does not include "K", and the
270 pager that is invoked is less, Ctrl+C will be ignored by the
271 executable, and needs to be handled by the pager.
272
273 X
274 This option instructs the pager to not send termcap
275 initialization and deinitialization strings to the terminal. It
276 is set by default to allow command output to remain visible in
277 the terminal even after the pager exits. Nevertheless, this
278 prevents some pager functionality from working, in particular
279 paged output cannot be scrolled with the mouse.
280
281 See less(1) for more discussion.
282
283 $SYSTEMD_LESSCHARSET
284 Override the charset passed to less (by default "utf-8", if the
285 invoking terminal is determined to be UTF-8 compatible).
286
287 $SYSTEMD_PAGERSECURE
288 Takes a boolean argument. When true, the "secure" mode of the pager
289 is enabled; if false, disabled. If $SYSTEMD_PAGERSECURE is not set
290 at all, secure mode is enabled if the effective UID is not the same
291 as the owner of the login session, see geteuid(2) and
292 sd_pid_get_owner_uid(3). In secure mode, LESSSECURE=1 will be set
293 when invoking the pager, and the pager shall disable commands that
294 open or create new files or start new subprocesses. When
295 $SYSTEMD_PAGERSECURE is not set at all, pagers which are not known
296 to implement secure mode will not be used. (Currently only less(1)
297 implements secure mode.)
298
299 Note: when commands are invoked with elevated privileges, for
300 example under sudo(8) or pkexec(1), care must be taken to ensure
301 that unintended interactive features are not enabled. "Secure" mode
302 for the pager may be enabled automatically as describe above.
303 Setting SYSTEMD_PAGERSECURE=0 or not removing it from the inherited
304 environment allows the user to invoke arbitrary commands. Note that
305 if the $SYSTEMD_PAGER or $PAGER variables are to be honoured,
306 $SYSTEMD_PAGERSECURE must be set too. It might be reasonable to
307 completly disable the pager using --no-pager instead.
308
309 $SYSTEMD_COLORS
310 The value must be a boolean. Controls whether colorized output
311 should be generated. This can be specified to override the decision
312 that systemd makes based on $TERM and what the console is connected
313 to.
314
315 $SYSTEMD_URLIFY
316 The value must be a boolean. Controls whether clickable links
317 should be generated in the output for terminal emulators supporting
318 this. This can be specified to override the decision that systemd
319 makes based on $TERM and other conditions.
320
322 systemd(1), systemctl(1), systemd-logind.service(8), logind.conf(5)
323
324
325
326systemd 246 LOGINCTL(1)