1LOGINCTL(1) loginctl LOGINCTL(1)
2
3
4
6 loginctl - Control the systemd login manager
7
9 loginctl [OPTIONS...] {COMMAND} [NAME...]
10
12 loginctl may be used to introspect and control the state of the
13 systemd(1) login manager systemd-logind.service(8).
14
16 The following commands are understood:
17
18 Session Commands
19 list-sessions
20 List current sessions.
21
22 session-status [ID...]
23 Show terse runtime status information about one or more sessions,
24 followed by the most recent log data from the journal. Takes one or
25 more session identifiers as parameters. If no session identifiers
26 are passed, the status of the caller's session is shown. This
27 function is intended to generate human-readable output. If you are
28 looking for computer-parsable output, use show-session instead.
29
30 show-session [ID...]
31 Show properties of one or more sessions or the manager itself. If
32 no argument is specified, properties of the manager will be shown.
33 If a session ID is specified, properties of the session are shown.
34 By default, empty properties are suppressed. Use --all to show
35 those too. To select specific properties to show, use --property=.
36 This command is intended to be used whenever computer-parsable
37 output is required. Use session-status if you are looking for
38 formatted human-readable output.
39
40 activate [ID]
41 Activate a session. This brings a session into the foreground if
42 another session is currently in the foreground on the respective
43 seat. Takes a session identifier as argument. If no argument is
44 specified, the session of the caller is put into foreground.
45
46 lock-session [ID...], unlock-session [ID...]
47 Activates/deactivates the screen lock on one or more sessions, if
48 the session supports it. Takes one or more session identifiers as
49 arguments. If no argument is specified, the session of the caller
50 is locked/unlocked.
51
52 lock-sessions, unlock-sessions
53 Activates/deactivates the screen lock on all current sessions
54 supporting it.
55
56 terminate-session ID...
57 Terminates a session. This kills all processes of the session and
58 deallocates all resources attached to the session. If the argument
59 is specified as empty string the session invoking the command is
60 terminated.
61
62 kill-session ID...
63 Send a signal to one or more processes of the session. Use
64 --kill-who= to select which process to kill. Use --signal= to
65 select the signal to send. If the argument is specified as empty
66 string the signal is sent to the session invoking the command.
67
68 User Commands
69 list-users
70 List currently logged in users.
71
72 user-status [USER...]
73 Show terse runtime status information about one or more logged in
74 users, followed by the most recent log data from the journal. Takes
75 one or more user names or numeric user IDs as parameters. If no
76 parameters are passed, the status is shown for the user of the
77 session of the caller. This function is intended to generate
78 human-readable output. If you are looking for computer-parsable
79 output, use show-user instead.
80
81 show-user [USER...]
82 Show properties of one or more users or the manager itself. If no
83 argument is specified, properties of the manager will be shown. If
84 a user is specified, properties of the user are shown. By default,
85 empty properties are suppressed. Use --all to show those too. To
86 select specific properties to show, use --property=. This command
87 is intended to be used whenever computer-parsable output is
88 required. Use user-status if you are looking for formatted
89 human-readable output.
90
91 enable-linger [USER...], disable-linger [USER...]
92 Enable/disable user lingering for one or more users. If enabled for
93 a specific user, a user manager is spawned for the user at boot and
94 kept around after logouts. This allows users who are not logged in
95 to run long-running services. Takes one or more user names or
96 numeric UIDs as argument. If no argument is specified,
97 enables/disables lingering for the user of the session of the
98 caller.
99
100 See also KillUserProcesses= setting in logind.conf(5).
101
102 terminate-user USER...
103 Terminates all sessions of a user. This kills all processes of all
104 sessions of the user and deallocates all runtime resources attached
105 to the user. If the argument is specified as empty string the
106 sessions of the user invoking the command are terminated.
107
108 kill-user USER...
109 Send a signal to all processes of a user. Use --signal= to select
110 the signal to send. If the argument is specified as empty string
111 the signal is sent to the sessions of the user invoking the
112 command.
113
114 Seat Commands
115 list-seats
116 List currently available seats on the local system.
117
118 seat-status [NAME...]
119 Show terse runtime status information about one or more seats.
120 Takes one or more seat names as parameters. If no seat names are
121 passed the status of the caller's session's seat is shown. This
122 function is intended to generate human-readable output. If you are
123 looking for computer-parsable output, use show-seat instead.
124
125 show-seat [NAME...]
126 Show properties of one or more seats or the manager itself. If no
127 argument is specified, properties of the manager will be shown. If
128 a seat is specified, properties of the seat are shown. By default,
129 empty properties are suppressed. Use --all to show those too. To
130 select specific properties to show, use --property=. This command
131 is intended to be used whenever computer-parsable output is
132 required. Use seat-status if you are looking for formatted
133 human-readable output.
134
135 attach NAME DEVICE...
136 Persistently attach one or more devices to a seat. The devices
137 should be specified via device paths in the /sys/ file system. To
138 create a new seat, attach at least one graphics card to a
139 previously unused seat name. Seat names may consist only of a–z,
140 A–Z, 0–9, "-" and "_" and must be prefixed with "seat". To drop
141 assignment of a device to a specific seat, just reassign it to a
142 different seat, or use flush-devices.
143
144 flush-devices
145 Removes all device assignments previously created with attach.
146 After this call, only automatically generated seats will remain,
147 and all seat hardware is assigned to them.
148
149 terminate-seat NAME...
150 Terminates all sessions on a seat. This kills all processes of all
151 sessions on the seat and deallocates all runtime resources attached
152 to them.
153
155 The following options are understood:
156
157 --no-ask-password
158 Do not query the user for authentication for privileged operations.
159
160 -p, --property=
161 When showing session/user/seat properties, limit display to certain
162 properties as specified as argument. If not specified, all set
163 properties are shown. The argument should be a property name, such
164 as "Sessions". If specified more than once, all properties with the
165 specified names are shown.
166
167 --value
168 When showing session/user/seat properties, only print the value,
169 and skip the property name and "=".
170
171 -a, --all
172 When showing session/user/seat properties, show all properties
173 regardless of whether they are set or not.
174
175 -l, --full
176 Do not ellipsize process tree entries.
177
178 --kill-who=
179 When used with kill-session, choose which processes to kill. Must
180 be one of leader, or all to select whether to kill only the leader
181 process of the session or all processes of the session. If omitted,
182 defaults to all.
183
184 -s, --signal=
185 When used with kill-session or kill-user, choose which signal to
186 send to selected processes. Must be one of the well known signal
187 specifiers, such as SIGTERM, SIGINT or SIGSTOP. If omitted,
188 defaults to SIGTERM.
189
190 The special value "help" will list the known values and the program
191 will exit immediately, and the special value "list" will list known
192 values along with the numerical signal numbers and the program will
193 exit immediately.
194
195 -n, --lines=
196 When used with user-status and session-status, controls the number
197 of journal lines to show, counting from the most recent ones. Takes
198 a positive integer argument. Defaults to 10.
199
200 -o, --output=
201 When used with user-status and session-status, controls the
202 formatting of the journal entries that are shown. For the available
203 choices, see journalctl(1). Defaults to "short".
204
205 -H, --host=
206 Execute the operation remotely. Specify a hostname, or a username
207 and hostname separated by "@", to connect to. The hostname may
208 optionally be suffixed by a port ssh is listening on, separated by
209 ":", and then a container name, separated by "/", which connects
210 directly to a specific container on the specified host. This will
211 use SSH to talk to the remote machine manager instance. Container
212 names may be enumerated with machinectl -H HOST. Put IPv6 addresses
213 in brackets.
214
215 -M, --machine=
216 Execute operation on a local container. Specify a container name to
217 connect to, optionally prefixed by a user name to connect as and a
218 separating "@" character. If the special string ".host" is used in
219 place of the container name, a connection to the local system is
220 made (which is useful to connect to a specific user's user bus:
221 "--user --machine=lennart@.host"). If the "@" syntax is not used,
222 the connection is made as root user. If the "@" syntax is used
223 either the left hand side or the right hand side may be omitted
224 (but not both) in which case the local user name and ".host" are
225 implied.
226
227 --no-pager
228 Do not pipe output into a pager.
229
230 --no-legend
231 Do not print the legend, i.e. column headers and the footer with
232 hints.
233
234 -h, --help
235 Print a short help text and exit.
236
237 --version
238 Print a short version string and exit.
239
241 On success, 0 is returned, a non-zero failure code otherwise.
242
244 Example 1. Querying user status
245
246 $ loginctl user-status
247 fatima (1005)
248 Since: Sat 2016-04-09 14:23:31 EDT; 54min ago
249 State: active
250 Sessions: 5 *3
251 Unit: user-1005.slice
252 ├─user@1005.service
253 ...
254 ├─session-3.scope
255 ...
256 └─session-5.scope
257 ├─3473 login -- fatima
258 └─3515 -zsh
259
260 Apr 09 14:40:30 laptop login[2325]: pam_unix(login:session):
261 session opened for user fatima by LOGIN(uid=0)
262 Apr 09 14:40:30 laptop login[2325]: LOGIN ON tty3 BY fatima
263
264 There are two sessions, 3 and 5. Session 3 is a graphical session,
265 marked with a star. The tree of processing including the two
266 corresponding scope units and the user manager unit are shown.
267
269 $SYSTEMD_LOG_LEVEL
270 The maximum log level of emitted messages (messages with a higher
271 log level, i.e. less important ones, will be suppressed). Either
272 one of (in order of decreasing importance) emerg, alert, crit, err,
273 warning, notice, info, debug, or an integer in the range 0...7. See
274 syslog(3) for more information.
275
276 $SYSTEMD_LOG_COLOR
277 A boolean. If true, messages written to the tty will be colored
278 according to priority.
279
280 This setting is only useful when messages are written directly to
281 the terminal, because journalctl(1) and other tools that display
282 logs will color messages based on the log level on their own.
283
284 $SYSTEMD_LOG_TIME
285 A boolean. If true, console log messages will be prefixed with a
286 timestamp.
287
288 This setting is only useful when messages are written directly to
289 the terminal or a file, because journalctl(1) and other tools that
290 display logs will attach timestamps based on the entry metadata on
291 their own.
292
293 $SYSTEMD_LOG_LOCATION
294 A boolean. If true, messages will be prefixed with a filename and
295 line number in the source code where the message originates.
296
297 Note that the log location is often attached as metadata to journal
298 entries anyway. Including it directly in the message text can
299 nevertheless be convenient when debugging programs.
300
301 $SYSTEMD_LOG_TID
302 A boolean. If true, messages will be prefixed with the current
303 numerical thread ID (TID).
304
305 Note that the this information is attached as metadata to journal
306 entries anyway. Including it directly in the message text can
307 nevertheless be convenient when debugging programs.
308
309 $SYSTEMD_LOG_TARGET
310 The destination for log messages. One of console (log to the
311 attached tty), console-prefixed (log to the attached tty but with
312 prefixes encoding the log level and "facility", see syslog(3), kmsg
313 (log to the kernel circular log buffer), journal (log to the
314 journal), journal-or-kmsg (log to the journal if available, and to
315 kmsg otherwise), auto (determine the appropriate log target
316 automatically, the default), null (disable log output).
317
318 $SYSTEMD_PAGER
319 Pager to use when --no-pager is not given; overrides $PAGER. If
320 neither $SYSTEMD_PAGER nor $PAGER are set, a set of well-known
321 pager implementations are tried in turn, including less(1) and
322 more(1), until one is found. If no pager implementation is
323 discovered no pager is invoked. Setting this environment variable
324 to an empty string or the value "cat" is equivalent to passing
325 --no-pager.
326
327 $SYSTEMD_LESS
328 Override the options passed to less (by default "FRSXMK").
329
330 Users might want to change two options in particular:
331
332 K
333 This option instructs the pager to exit immediately when Ctrl+C
334 is pressed. To allow less to handle Ctrl+C itself to switch
335 back to the pager command prompt, unset this option.
336
337 If the value of $SYSTEMD_LESS does not include "K", and the
338 pager that is invoked is less, Ctrl+C will be ignored by the
339 executable, and needs to be handled by the pager.
340
341 X
342 This option instructs the pager to not send termcap
343 initialization and deinitialization strings to the terminal. It
344 is set by default to allow command output to remain visible in
345 the terminal even after the pager exits. Nevertheless, this
346 prevents some pager functionality from working, in particular
347 paged output cannot be scrolled with the mouse.
348
349 See less(1) for more discussion.
350
351 $SYSTEMD_LESSCHARSET
352 Override the charset passed to less (by default "utf-8", if the
353 invoking terminal is determined to be UTF-8 compatible).
354
355 $SYSTEMD_PAGERSECURE
356 Takes a boolean argument. When true, the "secure" mode of the pager
357 is enabled; if false, disabled. If $SYSTEMD_PAGERSECURE is not set
358 at all, secure mode is enabled if the effective UID is not the same
359 as the owner of the login session, see geteuid(2) and
360 sd_pid_get_owner_uid(3). In secure mode, LESSSECURE=1 will be set
361 when invoking the pager, and the pager shall disable commands that
362 open or create new files or start new subprocesses. When
363 $SYSTEMD_PAGERSECURE is not set at all, pagers which are not known
364 to implement secure mode will not be used. (Currently only less(1)
365 implements secure mode.)
366
367 Note: when commands are invoked with elevated privileges, for
368 example under sudo(8) or pkexec(1), care must be taken to ensure
369 that unintended interactive features are not enabled. "Secure" mode
370 for the pager may be enabled automatically as describe above.
371 Setting SYSTEMD_PAGERSECURE=0 or not removing it from the inherited
372 environment allows the user to invoke arbitrary commands. Note that
373 if the $SYSTEMD_PAGER or $PAGER variables are to be honoured,
374 $SYSTEMD_PAGERSECURE must be set too. It might be reasonable to
375 completely disable the pager using --no-pager instead.
376
377 $SYSTEMD_COLORS
378 Takes a boolean argument. When true, systemd and related utilities
379 will use colors in their output, otherwise the output will be
380 monochrome. Additionally, the variable can take one of the
381 following special values: "16", "256" to restrict the use of colors
382 to the base 16 or 256 ANSI colors, respectively. This can be
383 specified to override the automatic decision based on $TERM and
384 what the console is connected to.
385
386 $SYSTEMD_URLIFY
387 The value must be a boolean. Controls whether clickable links
388 should be generated in the output for terminal emulators supporting
389 this. This can be specified to override the decision that systemd
390 makes based on $TERM and other conditions.
391
393 systemd(1), systemctl(1), systemd-logind.service(8), logind.conf(5)
394
395
396
397systemd 250 LOGINCTL(1)