1LOGINCTL(1)                        loginctl                        LOGINCTL(1)
2
3
4

NAME

6       loginctl - Control the systemd login manager
7

SYNOPSIS

9       loginctl [OPTIONS...] {COMMAND} [NAME...]
10

DESCRIPTION

12       loginctl may be used to introspect and control the state of the
13       systemd(1) login manager systemd-logind.service(8).
14

COMMANDS

16       The following commands are understood:
17
18   Session Commands
19       list-sessions
20           List current sessions.
21
22       session-status [ID...]
23           Show terse runtime status information about one or more sessions,
24           followed by the most recent log data from the journal. Takes one or
25           more session identifiers as parameters. If no session identifiers
26           are passed, the status of the caller's session is shown. This
27           function is intended to generate human-readable output. If you are
28           looking for computer-parsable output, use show-session instead.
29
30       show-session [ID...]
31           Show properties of one or more sessions or the manager itself. If
32           no argument is specified, properties of the manager will be shown.
33           If a session ID is specified, properties of the session are shown.
34           By default, empty properties are suppressed. Use --all to show
35           those too. To select specific properties to show, use --property=.
36           This command is intended to be used whenever computer-parsable
37           output is required. Use session-status if you are looking for
38           formatted human-readable output.
39
40       activate [ID]
41           Activate a session. This brings a session into the foreground if
42           another session is currently in the foreground on the respective
43           seat. Takes a session identifier as argument. If no argument is
44           specified, the session of the caller is put into foreground.
45
46       lock-session [ID...], unlock-session [ID...]
47           Activates/deactivates the screen lock on one or more sessions, if
48           the session supports it. Takes one or more session identifiers as
49           arguments. If no argument is specified, the session of the caller
50           is locked/unlocked.
51
52       lock-sessions, unlock-sessions
53           Activates/deactivates the screen lock on all current sessions
54           supporting it.
55
56       terminate-session ID...
57           Terminates a session. This kills all processes of the session and
58           deallocates all resources attached to the session. If the argument
59           is specified as empty string the session invoking the command is
60           terminated.
61
62       kill-session ID...
63           Send a signal to one or more processes of the session. Use
64           --kill-who= to select which process to kill. Use --signal= to
65           select the signal to send. If the argument is specified as empty
66           string the signal is sent to the session invoking the command.
67
68   User Commands
69       list-users
70           List currently logged in users.
71
72       user-status [USER...]
73           Show terse runtime status information about one or more logged in
74           users, followed by the most recent log data from the journal. Takes
75           one or more user names or numeric user IDs as parameters. If no
76           parameters are passed, the status is shown for the user of the
77           session of the caller. This function is intended to generate
78           human-readable output. If you are looking for computer-parsable
79           output, use show-user instead.
80
81       show-user [USER...]
82           Show properties of one or more users or the manager itself. If no
83           argument is specified, properties of the manager will be shown. If
84           a user is specified, properties of the user are shown. By default,
85           empty properties are suppressed. Use --all to show those too. To
86           select specific properties to show, use --property=. This command
87           is intended to be used whenever computer-parsable output is
88           required. Use user-status if you are looking for formatted
89           human-readable output.
90
91       enable-linger [USER...], disable-linger [USER...]
92           Enable/disable user lingering for one or more users. If enabled for
93           a specific user, a user manager is spawned for the user at boot and
94           kept around after logouts. This allows users who are not logged in
95           to run long-running services. Takes one or more user names or
96           numeric UIDs as argument. If no argument is specified,
97           enables/disables lingering for the user of the session of the
98           caller.
99
100           See also KillUserProcesses= setting in logind.conf(5).
101
102       terminate-user USER...
103           Terminates all sessions of a user. This kills all processes of all
104           sessions of the user and deallocates all runtime resources attached
105           to the user. If the argument is specified as empty string the
106           sessions of the user invoking the command are terminated.
107
108       kill-user USER...
109           Send a signal to all processes of a user. Use --signal= to select
110           the signal to send. If the argument is specified as empty string
111           the signal is sent to the sessions of the user invoking the
112           command.
113
114   Seat Commands
115       list-seats
116           List currently available seats on the local system.
117
118       seat-status [NAME...]
119           Show terse runtime status information about one or more seats.
120           Takes one or more seat names as parameters. If no seat names are
121           passed the status of the caller's session's seat is shown. This
122           function is intended to generate human-readable output. If you are
123           looking for computer-parsable output, use show-seat instead.
124
125       show-seat [NAME...]
126           Show properties of one or more seats or the manager itself. If no
127           argument is specified, properties of the manager will be shown. If
128           a seat is specified, properties of the seat are shown. By default,
129           empty properties are suppressed. Use --all to show those too. To
130           select specific properties to show, use --property=. This command
131           is intended to be used whenever computer-parsable output is
132           required. Use seat-status if you are looking for formatted
133           human-readable output.
134
135       attach NAME DEVICE...
136           Persistently attach one or more devices to a seat. The devices
137           should be specified via device paths in the /sys/ file system. To
138           create a new seat, attach at least one graphics card to a
139           previously unused seat name. Seat names may consist only of a–z,
140           A–Z, 0–9, "-" and "_" and must be prefixed with "seat". To drop
141           assignment of a device to a specific seat, just reassign it to a
142           different seat, or use flush-devices.
143
144       flush-devices
145           Removes all device assignments previously created with attach.
146           After this call, only automatically generated seats will remain,
147           and all seat hardware is assigned to them.
148
149       terminate-seat NAME...
150           Terminates all sessions on a seat. This kills all processes of all
151           sessions on the seat and deallocates all runtime resources attached
152           to them.
153

OPTIONS

155       The following options are understood:
156
157       --no-ask-password
158           Do not query the user for authentication for privileged operations.
159
160       -p, --property=
161           When showing session/user/seat properties, limit display to certain
162           properties as specified as argument. If not specified, all set
163           properties are shown. The argument should be a property name, such
164           as "Sessions". If specified more than once, all properties with the
165           specified names are shown.
166
167       --value
168           When showing session/user/seat properties, only print the value,
169           and skip the property name and "=".
170
171       -a, --all
172           When showing session/user/seat properties, show all properties
173           regardless of whether they are set or not.
174
175       -l, --full
176           Do not ellipsize process tree entries.
177
178       --kill-who=
179           When used with kill-session, choose which processes to kill. Must
180           be one of leader, or all to select whether to kill only the leader
181           process of the session or all processes of the session. If omitted,
182           defaults to all.
183
184       -s, --signal=
185           When used with kill-session or kill-user, choose which signal to
186           send to selected processes. Must be one of the well known signal
187           specifiers, such as SIGTERM, SIGINT or SIGSTOP. If omitted,
188           defaults to SIGTERM.
189
190           The special value "help" will list the known values and the program
191           will exit immediately, and the special value "list" will list known
192           values along with the numerical signal numbers and the program will
193           exit immediately.
194
195       -n, --lines=
196           When used with user-status and session-status, controls the number
197           of journal lines to show, counting from the most recent ones. Takes
198           a positive integer argument. Defaults to 10.
199
200       -o, --output=
201           When used with user-status and session-status, controls the
202           formatting of the journal entries that are shown. For the available
203           choices, see journalctl(1). Defaults to "short".
204
205       -H, --host=
206           Execute the operation remotely. Specify a hostname, or a username
207           and hostname separated by "@", to connect to. The hostname may
208           optionally be suffixed by a port ssh is listening on, separated by
209           ":", and then a container name, separated by "/", which connects
210           directly to a specific container on the specified host. This will
211           use SSH to talk to the remote machine manager instance. Container
212           names may be enumerated with machinectl -H HOST. Put IPv6 addresses
213           in brackets.
214
215       -M, --machine=
216           Execute operation on a local container. Specify a container name to
217           connect to, optionally prefixed by a user name to connect as and a
218           separating "@" character. If the special string ".host" is used in
219           place of the container name, a connection to the local system is
220           made (which is useful to connect to a specific user's user bus:
221           "--user --machine=lennart@.host"). If the "@" syntax is not used,
222           the connection is made as root user. If the "@" syntax is used
223           either the left hand side or the right hand side may be omitted
224           (but not both) in which case the local user name and ".host" are
225           implied.
226
227       --no-pager
228           Do not pipe output into a pager.
229
230       --no-legend
231           Do not print the legend, i.e. column headers and the footer with
232           hints.
233
234       -h, --help
235           Print a short help text and exit.
236
237       --version
238           Print a short version string and exit.
239

EXIT STATUS

241       On success, 0 is returned, a non-zero failure code otherwise.
242

EXAMPLES

244       Example 1. Querying user status
245
246           $ loginctl user-status
247           fatima (1005)
248                      Since: Sat 2016-04-09 14:23:31 EDT; 54min ago
249                      State: active
250                   Sessions: 5 *3
251                       Unit: user-1005.slice
252                             ├─user@1005.service
253                               ...
254                             ├─session-3.scope
255                               ...
256                             └─session-5.scope
257                               ├─3473 login -- fatima
258                               └─3515 -zsh
259
260           Apr 09 14:40:30 laptop login[2325]: pam_unix(login:session):
261                                  session opened for user fatima by LOGIN(uid=0)
262           Apr 09 14:40:30 laptop login[2325]: LOGIN ON tty3 BY fatima
263
264       There are two sessions, 3 and 5. Session 3 is a graphical session,
265       marked with a star. The tree of processing including the two
266       corresponding scope units and the user manager unit are shown.
267

ENVIRONMENT

269       $SYSTEMD_LOG_LEVEL
270           The maximum log level of emitted messages (messages with a higher
271           log level, i.e. less important ones, will be suppressed). Either
272           one of (in order of decreasing importance) emerg, alert, crit, err,
273           warning, notice, info, debug, or an integer in the range 0...7. See
274           syslog(3) for more information.
275
276       $SYSTEMD_LOG_COLOR
277           A boolean. If true, messages written to the tty will be colored
278           according to priority.
279
280           This setting is only useful when messages are written directly to
281           the terminal, because journalctl(1) and other tools that display
282           logs will color messages based on the log level on their own.
283
284       $SYSTEMD_LOG_TIME
285           A boolean. If true, console log messages will be prefixed with a
286           timestamp.
287
288           This setting is only useful when messages are written directly to
289           the terminal or a file, because journalctl(1) and other tools that
290           display logs will attach timestamps based on the entry metadata on
291           their own.
292
293       $SYSTEMD_LOG_LOCATION
294           A boolean. If true, messages will be prefixed with a filename and
295           line number in the source code where the message originates.
296
297           Note that the log location is often attached as metadata to journal
298           entries anyway. Including it directly in the message text can
299           nevertheless be convenient when debugging programs.
300
301       $SYSTEMD_LOG_TID
302           A boolean. If true, messages will be prefixed with the current
303           numerical thread ID (TID).
304
305           Note that the this information is attached as metadata to journal
306           entries anyway. Including it directly in the message text can
307           nevertheless be convenient when debugging programs.
308
309       $SYSTEMD_LOG_TARGET
310           The destination for log messages. One of console (log to the
311           attached tty), console-prefixed (log to the attached tty but with
312           prefixes encoding the log level and "facility", see syslog(3), kmsg
313           (log to the kernel circular log buffer), journal (log to the
314           journal), journal-or-kmsg (log to the journal if available, and to
315           kmsg otherwise), auto (determine the appropriate log target
316           automatically, the default), null (disable log output).
317
318       $SYSTEMD_PAGER
319           Pager to use when --no-pager is not given; overrides $PAGER. If
320           neither $SYSTEMD_PAGER nor $PAGER are set, a set of well-known
321           pager implementations are tried in turn, including less(1) and
322           more(1), until one is found. If no pager implementation is
323           discovered no pager is invoked. Setting this environment variable
324           to an empty string or the value "cat" is equivalent to passing
325           --no-pager.
326
327       $SYSTEMD_LESS
328           Override the options passed to less (by default "FRSXMK").
329
330           Users might want to change two options in particular:
331
332           K
333               This option instructs the pager to exit immediately when Ctrl+C
334               is pressed. To allow less to handle Ctrl+C itself to switch
335               back to the pager command prompt, unset this option.
336
337               If the value of $SYSTEMD_LESS does not include "K", and the
338               pager that is invoked is less, Ctrl+C will be ignored by the
339               executable, and needs to be handled by the pager.
340
341           X
342               This option instructs the pager to not send termcap
343               initialization and deinitialization strings to the terminal. It
344               is set by default to allow command output to remain visible in
345               the terminal even after the pager exits. Nevertheless, this
346               prevents some pager functionality from working, in particular
347               paged output cannot be scrolled with the mouse.
348
349           See less(1) for more discussion.
350
351       $SYSTEMD_LESSCHARSET
352           Override the charset passed to less (by default "utf-8", if the
353           invoking terminal is determined to be UTF-8 compatible).
354
355       $SYSTEMD_PAGERSECURE
356           Takes a boolean argument. When true, the "secure" mode of the pager
357           is enabled; if false, disabled. If $SYSTEMD_PAGERSECURE is not set
358           at all, secure mode is enabled if the effective UID is not the same
359           as the owner of the login session, see geteuid(2) and
360           sd_pid_get_owner_uid(3). In secure mode, LESSSECURE=1 will be set
361           when invoking the pager, and the pager shall disable commands that
362           open or create new files or start new subprocesses. When
363           $SYSTEMD_PAGERSECURE is not set at all, pagers which are not known
364           to implement secure mode will not be used. (Currently only less(1)
365           implements secure mode.)
366
367           Note: when commands are invoked with elevated privileges, for
368           example under sudo(8) or pkexec(1), care must be taken to ensure
369           that unintended interactive features are not enabled. "Secure" mode
370           for the pager may be enabled automatically as describe above.
371           Setting SYSTEMD_PAGERSECURE=0 or not removing it from the inherited
372           environment allows the user to invoke arbitrary commands. Note that
373           if the $SYSTEMD_PAGER or $PAGER variables are to be honoured,
374           $SYSTEMD_PAGERSECURE must be set too. It might be reasonable to
375           completely disable the pager using --no-pager instead.
376
377       $SYSTEMD_COLORS
378           Takes a boolean argument. When true, systemd and related utilities
379           will use colors in their output, otherwise the output will be
380           monochrome. Additionally, the variable can take one of the
381           following special values: "16", "256" to restrict the use of colors
382           to the base 16 or 256 ANSI colors, respectively. This can be
383           specified to override the automatic decision based on $TERM and
384           what the console is connected to.
385
386       $SYSTEMD_URLIFY
387           The value must be a boolean. Controls whether clickable links
388           should be generated in the output for terminal emulators supporting
389           this. This can be specified to override the decision that systemd
390           makes based on $TERM and other conditions.
391

SEE ALSO

393       systemd(1), systemctl(1), systemd-logind.service(8), logind.conf(5)
394
395
396
397systemd 250                                                        LOGINCTL(1)
Impressum