1LOGIND.CONF(5) logind.conf LOGIND.CONF(5)
2
6 logind.conf, logind.conf.d - Login manager configuration files
7
9 /etc/systemd/logind.conf
10 /etc/systemd/logind.conf.d/*.conf
12 /run/systemd/logind.conf.d/*.conf
14 /usr/lib/systemd/logind.conf.d/*.conf
16
18 These files configure various parameters of the systemd login manager,
19 systemd-logind.service(8). See systemd.syntax(7) for a general
20 description of the syntax.
21
23 The default configuration is set during compilation, so configuration
24 is only needed when it is necessary to deviate from those defaults.
25 Initially, the main configuration file in /etc/systemd/ contains
26 commented out entries showing the defaults as a guide to the
27 administrator. Local overrides can be created by editing this file or
28 by creating drop-ins, as described below. Using drop-ins for local
29 configuration is recommended over modifications to the main
30 configuration file.
31 In addition to the "main" configuration file, drop-in configuration
33 snippets are read from /usr/lib/systemd/*.conf.d/,
34 /usr/local/lib/systemd/*.conf.d/, and /etc/systemd/*.conf.d/. Those
35 drop-ins have higher precedence and override the main configuration
36 file. Files in the *.conf.d/ configuration subdirectories are sorted by
37 their filename in lexicographic order, regardless of in which of the
38 subdirectories they reside. When multiple files specify the same
39 option, for options which accept just a single value, the entry in the
40 file sorted last takes precedence, and for options which accept a list
41 of values, entries are collected as they occur in the sorted files.
42 When packages need to customize the configuration, they can install
44 drop-ins under /usr/. Files in /etc/ are reserved for the local
45 administrator, who may use this logic to override the configuration
46 files installed by vendor packages. Drop-ins have to be used to
47 override package drop-ins, since the main configuration file has lower
48 precedence. It is recommended to prefix all filenames in those
49 subdirectories with a two-digit number and a dash, to simplify the
50 ordering of the files.
51 To disable a configuration file supplied by the vendor, the recommended
53 way is to place a symlink to /dev/null in the configuration directory
54 in /etc/, with the same filename as the vendor configuration file.
55
57 All options are configured in the [Login] section:
58 NAutoVTs=
60 Takes a positive integer. Configures how many virtual terminals
61 (VTs) to allocate by default that, when switched to and are
62 previously unused, "autovt" services are automatically spawned on.
63 These services are instantiated from the template unit
64 autovt@.service for the respective VT TTY name, for example,
65 autovt@tty4.service. By default, autovt@.service is linked to
66 getty@.service. In other words, login prompts are started
67 dynamically as the user switches to unused virtual terminals.
68 Hence, this parameter controls how many login "gettys" are
69 available on the VTs. If a VT is already used by some other
70 subsystem (for example, a graphical login), this kind of activation
71 will not be attempted. Note that the VT configured in ReserveVT= is
72 always subject to this kind of activation, even if it is not one of
73 the VTs configured with the NAutoVTs= directive. Defaults to 6.
74 When set to 0, automatic spawning of "autovt" services is disabled.
75 ReserveVT=
77 Takes a positive integer. Identifies one virtual terminal that
78 shall unconditionally be reserved for autovt@.service activation
79 (see above). The VT selected with this option will be marked busy
80 unconditionally, so that no other subsystem will allocate it. This
81 functionality is useful to ensure that, regardless of how many VTs
82 are allocated by other subsystems, one login "getty" is always
83 available. Defaults to 6 (in other words, there will always be a
84 "getty" available on Alt-F6.). When set to 0, VT reservation is
85 disabled.
86 KillUserProcesses=
88 Takes a boolean argument. Configures whether the processes of a
89 user should be killed when the user logs out. If true, the scope
90 unit corresponding to the session and all processes inside that
91 scope will be terminated. If false, the scope is "abandoned", see
92 systemd.scope(5), and processes are not killed. Defaults to "no",
93 but see the options KillOnlyUsers= and KillExcludeUsers= below.
94 In addition to session processes, user process may run under the
96 user manager unit user@.service. Depending on the linger settings,
97 this may allow users to run processes independent of their login
98 sessions. See the description of enable-linger in loginctl(1).
99 Note that setting KillUserProcesses=yes will break tools like
101 screen(1) and tmux(1), unless they are moved out of the session
102 scope. See example in systemd-run(1).
103 KillOnlyUsers=, KillExcludeUsers=
105 These settings take space-separated lists of usernames that
106 override the KillUserProcesses= setting. A user name may be added
107 to KillExcludeUsers= to exclude the processes in the session scopes
108 of that user from being killed even if KillUserProcesses=yes is
109 set. If KillExcludeUsers= is not set, the "root" user is excluded
110 by default. KillExcludeUsers= may be set to an empty value to
111 override this default. If a user is not excluded, KillOnlyUsers= is
112 checked next. If this setting is specified, only the processes in
113 the session scopes of those users will be killed. Otherwise, users
114 are subject to the KillUserProcesses=yes setting.
115 IdleAction=
117 Configures the action to take when the system is idle. Takes one of
118 "ignore", "poweroff", "reboot", "halt", "kexec", "suspend",
119 "hibernate", "hybrid-sleep", "suspend-then-hibernate", and "lock".
120 Defaults to "ignore".
121 Note that this requires that user sessions correctly report the
123 idle status to the system. The system will execute the action after
124 all sessions report that they are idle, no idle inhibitor lock is
125 active, and subsequently, the time configured with IdleActionSec=
126 (see below) has expired.
127 IdleActionSec=
129 Configures the delay after which the action configured in
130 IdleAction= (see above) is taken after the system is idle.
131 InhibitDelayMaxSec=
133 Specifies the maximum time a system shutdown or sleep request is
134 delayed due to an inhibitor lock of type "delay" being active
135 before the inhibitor is ignored and the operation executes anyway.
136 Defaults to 5.
137 UserStopDelaySec=
139 Specifies how long to keep the user record and per-user service
140 user@.service around for a user after they logged out fully. If set
141 to zero, the per-user service is terminated immediately when the
142 last session of the user has ended. If this option is configured to
143 non-zero rapid logout/login cycles are sped up, as the user's
144 service manager is not constantly restarted. If set to "infinity"
145 the per-user service for a user is never terminated again after
146 first login, and continues to run until system shutdown. Defaults
147 to 10s.
148 HandlePowerKey=, HandleSuspendKey=, HandleHibernateKey=,
150 HandleLidSwitch=, HandleLidSwitchExternalPower=,
151 HandleLidSwitchDocked=, HandleRebootKey=
152 Controls how logind shall handle the system power, reboot and sleep
153 keys and the lid switch to trigger actions such as system
154 power-off, reboot or suspend. Can be one of "ignore", "poweroff",
155 "reboot", "halt", "kexec", "suspend", "hibernate", "hybrid-sleep",
156 "suspend-then-hibernate", and "lock". If "ignore", logind will
157 never handle these keys. If "lock", all running sessions will be
158 screen-locked; otherwise, the specified action will be taken in the
159 respective event. Only input devices with the "power-switch" udev
160 tag will be watched for key/lid switch events. HandlePowerKey=
161 defaults to "poweroff", HandleRebootKey= defaults to "reboot".
162 HandleSuspendKey= and HandleLidSwitch= default to "suspend".
163 HandleLidSwitchExternalPower= is completely ignored by default (for
164 backwards compatibility) — an explicit value must be set before it
165 will be used to determine behaviour. HandleLidSwitchDocked=
166 defaults to "ignore". HandleHibernateKey= defaults to "hibernate".
167 If the system is inserted in a docking station, or if more than one
168 display is connected, the action specified by
169 HandleLidSwitchDocked= occurs; if the system is on external power
170 the action (if any) specified by HandleLidSwitchExternalPower=
171 occurs; otherwise the HandleLidSwitch= action occurs.
172 A different application may disable logind's handling of system
174 power and sleep keys and the lid switch by taking a low-level
175 inhibitor lock ("handle-power-key", "handle-suspend-key",
176 "handle-hibernate-key", "handle-lid-switch",
177 "handle-reboot-switch"). This is most commonly used by graphical
178 desktop environments to take over suspend and hibernation handling,
179 and to use their own configuration mechanisms. If a low-level
180 inhibitor lock is taken, logind will not take any action when that
181 key or switch is triggered and the Handle*= settings are
182 irrelevant.
183 PowerKeyIgnoreInhibited=, SuspendKeyIgnoreInhibited=,
185 HibernateKeyIgnoreInhibited=, LidSwitchIgnoreInhibited=,
186 RebootKeyIgnoreInhibited=
187 Controls whether actions that systemd-logind takes when the power,
188 reboot and sleep keys and the lid switch are triggered are subject
189 to high-level inhibitor locks ("shutdown", "reboot", "sleep",
190 "idle"). Low level inhibitor locks ("handle-power-key",
191 "handle-suspend-key", "handle-hibernate-key", "handle-lid-switch",
192 "handle-reboot-key"), are always honored, irrespective of this
193 setting.
194 These settings take boolean arguments. If "no", the inhibitor locks
196 taken by applications are respected. If "yes", "shutdown", "reboot"
197 "sleep", and "idle" inhibitor locks are ignored.
198 PowerKeyIgnoreInhibited=, SuspendKeyIgnoreInhibited=,
199 HibernateKeyIgnoreInhibited= and RebootKeyIgnoreInhibited= default
200 to "no". LidSwitchIgnoreInhibited= defaults to "yes". This means
201 that when systemd-logind is handling events by itself (no low level
202 inhibitor locks are taken by another application), the lid switch
203 does not respect suspend blockers by default, but the power and
204 sleep keys do.
205 HoldoffTimeoutSec=
207 Specifies a period of time after system startup or system resume in
208 which systemd will hold off on reacting to lid events. This is
209 required for the system to properly detect any hotplugged devices
210 so systemd can ignore lid events if external monitors, or docks,
211 are connected. If set to 0, systemd will always react immediately,
212 possibly before the kernel fully probed all hotplugged devices.
213 This is safe, as long as you do not care for systemd to account for
214 devices that have been plugged or unplugged while the system was
215 off. Defaults to 30s.
216 RuntimeDirectorySize=
218 Sets the size limit on the $XDG_RUNTIME_DIR runtime directory for
219 each user who logs in. Takes a size in bytes, optionally suffixed
220 with the usual K, G, M, and T suffixes, to the base 1024 (IEC).
221 Alternatively, a numerical percentage suffixed by "%" may be
222 specified, which sets the size limit relative to the amount of
223 physical RAM. Defaults to 10%. Note that this size is a safety
224 limit only. As each runtime directory is a tmpfs file system, it
225 will only consume as much memory as is needed.
226 RuntimeDirectoryInodesMax=
228 Sets the limit on number of inodes for the $XDG_RUNTIME_DIR runtime
229 directory for each user who logs in. Takes a number, optionally
230 suffixed with the usual K, G, M, and T suffixes, to the base 1024
231 (IEC). Defaults to RuntimeDirectorySize= divided by 4096. Note that
232 this size is a safety limit only. As each runtime directory is a
233 tmpfs file system, it will only consume as much memory as is
234 needed.
235 InhibitorsMax=
237 Controls the maximum number of concurrent inhibitors to permit.
238 Defaults to 8192 (8K).
239 SessionsMax=
241 Controls the maximum number of concurrent user sessions to manage.
242 Defaults to 8192 (8K). Depending on how the pam_systemd.so module
243 is included in the PAM stack configuration, further login sessions
244 will either be refused, or permitted but not tracked by
245 systemd-logind.
246 RemoveIPC=
248 Controls whether System V and POSIX IPC objects belonging to the
249 user shall be removed when the user fully logs out. Takes a boolean
250 argument. If enabled, the user may not consume IPC resources after
251 the last of the user's sessions terminated. This covers System V
252 semaphores, shared memory and message queues, as well as POSIX
253 shared memory and message queues. Note that IPC objects of the root
254 user and other system users are excluded from the effect of this
255 setting. Defaults to "yes".
256
258 systemd(1), systemd-logind.service(8), loginctl(1), systemd-
259 system.conf(5)
260systemd 248 LOGIND.CONF(5)