1LOGIND.CONF(5)                    logind.conf                   LOGIND.CONF(5)
2
3
4

NAME

6       logind.conf, logind.conf.d - Login manager configuration files
7

SYNOPSIS

9       /etc/systemd/logind.conf
10
11       /etc/systemd/logind.conf.d/*.conf
12
13       /run/systemd/logind.conf.d/*.conf
14
15       /usr/lib/systemd/logind.conf.d/*.conf
16

DESCRIPTION

18       These files configure various parameters of the systemd login manager,
19       systemd-logind.service(8). See systemd.syntax(7) for a general
20       description of the syntax.
21

CONFIGURATION DIRECTORIES AND PRECEDENCE

23       The default configuration is set during compilation, so configuration
24       is only needed when it is necessary to deviate from those defaults.
25       Initially, the main configuration file in /etc/systemd/ contains
26       commented out entries showing the defaults as a guide to the
27       administrator. Local overrides can be created by editing this file or
28       by creating drop-ins, as described below. Using drop-ins for local
29       configuration is recommended over modifications to the main
30       configuration file.
31
32       In addition to the "main" configuration file, drop-in configuration
33       snippets are read from /usr/lib/systemd/*.conf.d/,
34       /usr/local/lib/systemd/*.conf.d/, and /etc/systemd/*.conf.d/. Those
35       drop-ins have higher precedence and override the main configuration
36       file. Files in the *.conf.d/ configuration subdirectories are sorted by
37       their filename in lexicographic order, regardless of in which of the
38       subdirectories they reside. When multiple files specify the same
39       option, for options which accept just a single value, the entry in the
40       file sorted last takes precedence, and for options which accept a list
41       of values, entries are collected as they occur in the sorted files.
42
43       When packages need to customize the configuration, they can install
44       drop-ins under /usr/. Files in /etc/ are reserved for the local
45       administrator, who may use this logic to override the configuration
46       files installed by vendor packages. Drop-ins have to be used to
47       override package drop-ins, since the main configuration file has lower
48       precedence. It is recommended to prefix all filenames in those
49       subdirectories with a two-digit number and a dash, to simplify the
50       ordering of the files.
51
52       To disable a configuration file supplied by the vendor, the recommended
53       way is to place a symlink to /dev/null in the configuration directory
54       in /etc/, with the same filename as the vendor configuration file.
55

OPTIONS

57       All options are configured in the [Login] section:
58
59       NAutoVTs=
60           Takes a positive integer. Configures how many virtual terminals
61           (VTs) to allocate by default that, when switched to and are
62           previously unused, "autovt" services are automatically spawned on.
63           These services are instantiated from the template unit
64           autovt@.service for the respective VT TTY name, for example,
65           autovt@tty4.service. By default, autovt@.service is linked to
66           getty@.service. In other words, login prompts are started
67           dynamically as the user switches to unused virtual terminals.
68           Hence, this parameter controls how many login "gettys" are
69           available on the VTs. If a VT is already used by some other
70           subsystem (for example, a graphical login), this kind of activation
71           will not be attempted. Note that the VT configured in ReserveVT= is
72           always subject to this kind of activation, even if it is not one of
73           the VTs configured with the NAutoVTs= directive. Defaults to 6.
74           When set to 0, automatic spawning of "autovt" services is disabled.
75
76       ReserveVT=
77           Takes a positive integer. Identifies one virtual terminal that
78           shall unconditionally be reserved for autovt@.service activation
79           (see above). The VT selected with this option will be marked busy
80           unconditionally, so that no other subsystem will allocate it. This
81           functionality is useful to ensure that, regardless of how many VTs
82           are allocated by other subsystems, one login "getty" is always
83           available. Defaults to 6 (in other words, there will always be a
84           "getty" available on Alt-F6.). When set to 0, VT reservation is
85           disabled.
86
87       KillUserProcesses=
88           Takes a boolean argument. Configures whether the processes of a
89           user should be killed when the user logs out. If true, the scope
90           unit corresponding to the session and all processes inside that
91           scope will be terminated. If false, the scope is "abandoned", see
92           systemd.scope(5), and processes are not killed. Defaults to "no",
93           but see the options KillOnlyUsers= and KillExcludeUsers= below.
94
95           In addition to session processes, user process may run under the
96           user manager unit user@.service. Depending on the linger settings,
97           this may allow users to run processes independent of their login
98           sessions. See the description of enable-linger in loginctl(1).
99
100           Note that setting KillUserProcesses=yes will break tools like
101           screen(1) and tmux(1), unless they are moved out of the session
102           scope. See example in systemd-run(1).
103
104       KillOnlyUsers=, KillExcludeUsers=
105           These settings take space-separated lists of usernames that
106           override the KillUserProcesses= setting. A user name may be added
107           to KillExcludeUsers= to exclude the processes in the session scopes
108           of that user from being killed even if KillUserProcesses=yes is
109           set. If KillExcludeUsers= is not set, the "root" user is excluded
110           by default.  KillExcludeUsers= may be set to an empty value to
111           override this default. If a user is not excluded, KillOnlyUsers= is
112           checked next. If this setting is specified, only the processes in
113           the session scopes of those users will be killed. Otherwise, users
114           are subject to the KillUserProcesses=yes setting.
115
116       IdleAction=
117           Configures the action to take when the system is idle. Takes one of
118           "ignore", "poweroff", "reboot", "halt", "kexec", "suspend",
119           "hibernate", "hybrid-sleep", "suspend-then-hibernate", and "lock".
120           Defaults to "ignore".
121
122           Note that this requires that user sessions correctly report the
123           idle status to the system. The system will execute the action after
124           all sessions report that they are idle, no idle inhibitor lock is
125           active, and subsequently, the time configured with IdleActionSec=
126           (see below) has expired.
127
128       IdleActionSec=
129           Configures the delay after which the action configured in
130           IdleAction= (see above) is taken after the system is idle.
131
132       InhibitDelayMaxSec=
133           Specifies the maximum time a system shutdown or sleep request is
134           delayed due to an inhibitor lock of type "delay" being active
135           before the inhibitor is ignored and the operation executes anyway.
136           Defaults to 5.
137
138       UserStopDelaySec=
139           Specifies how long to keep the user record and per-user service
140           user@.service around for a user after they logged out fully. If set
141           to zero, the per-user service is terminated immediately when the
142           last session of the user has ended. If this option is configured to
143           non-zero rapid logout/login cycles are sped up, as the user's
144           service manager is not constantly restarted. If set to "infinity"
145           the per-user service for a user is never terminated again after
146           first login, and continues to run until system shutdown. Defaults
147           to 10s.
148
149       HandlePowerKey=, HandlePowerKeyLongPress=, HandleRebootKey=,
150       HandleRebootKeyLongPress=, HandleSuspendKey=,
151       HandleSuspendKeyLongPress=, HandleHibernateKey=,
152       HandleHibernateKeyLongPress=, HandleLidSwitch=,
153       HandleLidSwitchExternalPower=, HandleLidSwitchDocked=
154           Controls how logind shall handle the system power, reboot and sleep
155           keys and the lid switch to trigger actions such as system
156           power-off, reboot or suspend. Can be one of "ignore", "poweroff",
157           "reboot", "halt", "kexec", "suspend", "hibernate", "hybrid-sleep",
158           "suspend-then-hibernate", "lock", and "factory-reset". If "ignore",
159           systemd-logind will never handle these keys. If "lock", all running
160           sessions will be screen-locked; otherwise, the specified action
161           will be taken in the respective event. Only input devices with the
162           "power-switch" udev tag will be watched for key/lid switch events.
163
164           HandlePowerKey= defaults to "poweroff", HandleRebootKey= defaults
165           to "reboot", HandleSuspendKey= defaults to "suspend",
166           HandleHibernateKey= defaults to "hibernate",
167           HandlePowerKeyLongPress= defaults to "ignore",
168           HandleRebootKeyLongPress= defaults to "poweroff",
169           HandleSuspendKeyLongPress= defaults to "hibernate",
170           HandleHibernateKeyLongPress= defaults to "ignore".
171           HandleLidSwitch= defaults to "suspend".
172           HandleLidSwitchExternalPower= is completely ignored by default (for
173           backwards compatibility) — an explicit value must be set before it
174           will be used to determine behaviour.  HandleLidSwitchDocked=
175           defaults to "ignore". If the system is inserted in a docking
176           station, or if more than one display is connected, the action
177           specified by HandleLidSwitchDocked= occurs; if the system is on
178           external power the action (if any) specified by
179           HandleLidSwitchExternalPower= occurs; otherwise the
180           HandleLidSwitch= action occurs.
181
182           A different application may disable logind's handling of system
183           power and sleep keys and the lid switch by taking a low-level
184           inhibitor lock ("handle-power-key", "handle-suspend-key",
185           "handle-hibernate-key", "handle-lid-switch", "handle-reboot-key").
186           This is most commonly used by graphical desktop environments to
187           take over suspend and hibernation handling, and to use their own
188           configuration mechanisms. If a low-level inhibitor lock is taken,
189           logind will not take any action when that key or switch is
190           triggered and the Handle*= settings are irrelevant.
191
192       PowerKeyIgnoreInhibited=, SuspendKeyIgnoreInhibited=,
193       HibernateKeyIgnoreInhibited=, LidSwitchIgnoreInhibited=,
194       RebootKeyIgnoreInhibited=
195           Controls whether actions that systemd-logind takes when the power,
196           reboot and sleep keys and the lid switch are triggered are subject
197           to high-level inhibitor locks ("shutdown", "reboot", "sleep",
198           "idle"). Low level inhibitor locks ("handle-power-key",
199           "handle-suspend-key", "handle-hibernate-key", "handle-lid-switch",
200           "handle-reboot-key"), are always honored, irrespective of this
201           setting.
202
203           These settings take boolean arguments. If "no", the inhibitor locks
204           taken by applications are respected. If "yes", "shutdown", "reboot"
205           "sleep", and "idle" inhibitor locks are ignored.
206           PowerKeyIgnoreInhibited=, SuspendKeyIgnoreInhibited=,
207           HibernateKeyIgnoreInhibited= and RebootKeyIgnoreInhibited= default
208           to "no".  LidSwitchIgnoreInhibited= defaults to "yes". This means
209           that when systemd-logind is handling events by itself (no low level
210           inhibitor locks are taken by another application), the lid switch
211           does not respect suspend blockers by default, but the power and
212           sleep keys do.
213
214       HoldoffTimeoutSec=
215           Specifies a period of time after system startup or system resume in
216           which systemd will hold off on reacting to lid events. This is
217           required for the system to properly detect any hotplugged devices
218           so systemd can ignore lid events if external monitors, or docks,
219           are connected. If set to 0, systemd will always react immediately,
220           possibly before the kernel fully probed all hotplugged devices.
221           This is safe, as long as you do not care for systemd to account for
222           devices that have been plugged or unplugged while the system was
223           off. Defaults to 30s.
224
225       RuntimeDirectorySize=
226           Sets the size limit on the $XDG_RUNTIME_DIR runtime directory for
227           each user who logs in. Takes a size in bytes, optionally suffixed
228           with the usual K, G, M, and T suffixes, to the base 1024 (IEC).
229           Alternatively, a numerical percentage suffixed by "%" may be
230           specified, which sets the size limit relative to the amount of
231           physical RAM. Defaults to 10%. Note that this size is a safety
232           limit only. As each runtime directory is a tmpfs file system, it
233           will only consume as much memory as is needed.
234
235       RuntimeDirectoryInodesMax=
236           Sets the limit on number of inodes for the $XDG_RUNTIME_DIR runtime
237           directory for each user who logs in. Takes a number, optionally
238           suffixed with the usual K, G, M, and T suffixes, to the base 1024
239           (IEC). Defaults to RuntimeDirectorySize= divided by 4096. Note that
240           this size is a safety limit only. As each runtime directory is a
241           tmpfs file system, it will only consume as much memory as is
242           needed.
243
244       InhibitorsMax=
245           Controls the maximum number of concurrent inhibitors to permit.
246           Defaults to 8192 (8K).
247
248       SessionsMax=
249           Controls the maximum number of concurrent user sessions to manage.
250           Defaults to 8192 (8K). Depending on how the pam_systemd.so module
251           is included in the PAM stack configuration, further login sessions
252           will either be refused, or permitted but not tracked by
253           systemd-logind.
254
255       RemoveIPC=
256           Controls whether System V and POSIX IPC objects belonging to the
257           user shall be removed when the user fully logs out. Takes a boolean
258           argument. If enabled, the user may not consume IPC resources after
259           the last of the user's sessions terminated. This covers System V
260           semaphores, shared memory and message queues, as well as POSIX
261           shared memory and message queues. Note that IPC objects of the root
262           user and other system users are excluded from the effect of this
263           setting. Defaults to "yes".
264
265       StopIdleSessionSec=
266           Specifies a timeout in seconds, or a time span value after which
267           systemd-logind checks the idle state of all sessions. Every session
268           that is idle for longer then the timeout will be stopped. Defaults
269           to "infinity" (systemd-logind is not checking the idle state of
270           sessions). For details about the syntax of time spans, see
271           systemd.time(7).
272

SEE ALSO

274       systemd(1), systemd-logind.service(8), loginctl(1), systemd-
275       system.conf(5)
276
277
278
279systemd 254                                                     LOGIND.CONF(5)
Impressum