logind.conf(5) — Linux manual page


LOGIND.CONF(5)                   logind.conf                  LOGIND.CONF(5)

NAME         top

       logind.conf, logind.conf.d - Login manager configuration files

SYNOPSIS         top





DESCRIPTION         top

       These files configure various parameters of the systemd login
       manager, systemd-logind.service(8). See systemd.syntax(7) for a
       general description of the syntax.


       The default configuration is defined during compilation, so a
       configuration file is only needed when it is necessary to deviate
       from those defaults. By default, the configuration file in
       /etc/systemd/ contains commented out entries showing the defaults as
       a guide to the administrator. This file can be edited to create local

       When packages need to customize the configuration, they can install
       configuration snippets in /usr/lib/systemd/*.conf.d/ or
       /usr/local/lib/systemd/*.conf.d/. The main configuration file is read
       before any of the configuration directories, and has the lowest
       precedence; entries in a file in any configuration directory override
       entries in the single configuration file. Files in the *.conf.d/
       configuration subdirectories are sorted by their filename in
       lexicographic order, regardless of in which of the subdirectories
       they reside. When multiple files specify the same option, for options
       which accept just a single value, the entry in the file with the
       lexicographically latest name takes precedence. For options which
       accept a list of values, entries are collected as they occur in files
       sorted lexicographically.

       Files in /etc/ are reserved for the local administrator, who may use
       this logic to override the configuration files installed by vendor
       packages. It is recommended to prefix all filenames in those
       subdirectories with a two-digit number and a dash, to simplify the
       ordering of the files.

       To disable a configuration file supplied by the vendor, the
       recommended way is to place a symlink to /dev/null in the
       configuration directory in /etc/, with the same filename as the
       vendor configuration file.

OPTIONS         top

       All options are configured in the [Login] section:

           Takes a positive integer. Configures how many virtual terminals
           (VTs) to allocate by default that, when switched to and are
           previously unused, "autovt" services are automatically spawned
           on. These services are instantiated from the template unit
           autovt@.service for the respective VT TTY name, for example,
           autovt@tty4.service. By default, autovt@.service is linked to
           getty@.service. In other words, login prompts are started
           dynamically as the user switches to unused virtual terminals.
           Hence, this parameter controls how many login "gettys" are
           available on the VTs. If a VT is already used by some other
           subsystem (for example, a graphical login), this kind of
           activation will not be attempted. Note that the VT configured in
           ReserveVT= is always subject to this kind of activation, even if
           it is not one of the VTs configured with the NAutoVTs= directive.
           Defaults to 6. When set to 0, automatic spawning of "autovt"
           services is disabled.

           Takes a positive integer. Identifies one virtual terminal that
           shall unconditionally be reserved for autovt@.service activation
           (see above). The VT selected with this option will be marked busy
           unconditionally, so that no other subsystem will allocate it.
           This functionality is useful to ensure that, regardless of how
           many VTs are allocated by other subsystems, one login "getty" is
           always available. Defaults to 6 (in other words, there will
           always be a "getty" available on Alt-F6.). When set to 0, VT
           reservation is disabled.

           Takes a boolean argument. Configures whether the processes of a
           user should be killed when the user logs out. If true, the scope
           unit corresponding to the session and all processes inside that
           scope will be terminated. If false, the scope is "abandoned", see
           systemd.scope(5), and processes are not killed. Defaults to
           "yes", but see the options KillOnlyUsers= and KillExcludeUsers=

           In addition to session processes, user process may run under the
           user manager unit user@.service. Depending on the linger
           settings, this may allow users to run processes independent of
           their login sessions. See the description of enable-linger in

           Note that setting KillUserProcesses=yes will break tools like
           screen(1) and tmux(1), unless they are moved out of the session
           scope. See example in systemd-run(1).

       KillOnlyUsers=, KillExcludeUsers=
           These settings take space-separated lists of usernames that
           override the KillUserProcesses= setting. A user name may be added
           to KillExcludeUsers= to exclude the processes in the session
           scopes of that user from being killed even if
           KillUserProcesses=yes is set. If KillExcludeUsers= is not set,
           the "root" user is excluded by default.  KillExcludeUsers= may be
           set to an empty value to override this default. If a user is not
           excluded, KillOnlyUsers= is checked next. If this setting is
           specified, only the processes in the session scopes of those
           users will be killed. Otherwise, users are subject to the
           KillUserProcesses=yes setting.

           Configures the action to take when the system is idle. Takes one
           of "ignore", "poweroff", "reboot", "halt", "kexec", "suspend",
           "hibernate", "hybrid-sleep", "suspend-then-hibernate", and
           "lock". Defaults to "ignore".

           Note that this requires that user sessions correctly report the
           idle status to the system. The system will execute the action
           after all sessions report that they are idle, no idle inhibitor
           lock is active, and subsequently, the time configured with
           IdleActionSec= (see below) has expired.

           Configures the delay after which the action configured in
           IdleAction= (see above) is taken after the system is idle.

           Specifies the maximum time a system shutdown or sleep request is
           delayed due to an inhibitor lock of type "delay" being active
           before the inhibitor is ignored and the operation executes
           anyway. Defaults to 5.

           Specifies how long to keep the user record and per-user service
           user@.service around for a user after they logged out fully. If
           set to zero, the per-user service is terminated immediately when
           the last session of the user has ended. If this option is
           configured to non-zero rapid logout/login cycles are sped up, as
           the user's service manager is not constantly restarted. If set to
           "infinity" the per-user service for a user is never terminated
           again after first login, and continues to run until system
           shutdown. Defaults to 10s.

       HandlePowerKey=, HandleSuspendKey=, HandleHibernateKey=,
       HandleLidSwitch=, HandleLidSwitchExternalPower=,
       HandleLidSwitchDocked=, HandleRebootKey=
           Controls how logind shall handle the system power, reboot and
           sleep keys and the lid switch to trigger actions such as system
           power-off, reboot or suspend. Can be one of "ignore", "poweroff",
           "reboot", "halt", "kexec", "suspend", "hibernate",
           "hybrid-sleep", "suspend-then-hibernate", and "lock". If
           "ignore", logind will never handle these keys. If "lock", all
           running sessions will be screen-locked; otherwise, the specified
           action will be taken in the respective event. Only input devices
           with the "power-switch" udev tag will be watched for key/lid
           switch events.  HandlePowerKey= defaults to "poweroff",
           HandleRebootKey= defaults to "reboot".  HandleSuspendKey= and
           HandleLidSwitch= default to "suspend".
           HandleLidSwitchExternalPower= is completely ignored by default
           (for backwards compatibility) — an explicit value must be set
           before it will be used to determine behaviour.
           HandleLidSwitchDocked= defaults to "ignore".  HandleHibernateKey=
           defaults to "hibernate". If the system is inserted in a docking
           station, or if more than one display is connected, the action
           specified by HandleLidSwitchDocked= occurs; if the system is on
           external power the action (if any) specified by
           HandleLidSwitchExternalPower= occurs; otherwise the
           HandleLidSwitch= action occurs.

           A different application may disable logind's handling of system
           power and sleep keys and the lid switch by taking a low-level
           inhibitor lock ("handle-power-key", "handle-suspend-key",
           "handle-hibernate-key", "handle-lid-switch",
           "handle-reboot-switch"). This is most commonly used by graphical
           desktop environments to take over suspend and hibernation
           handling, and to use their own configuration mechanisms. If a
           low-level inhibitor lock is taken, logind will not take any
           action when that key or switch is triggered and the Handle*=
           settings are irrelevant.

       PowerKeyIgnoreInhibited=, SuspendKeyIgnoreInhibited=,
       HibernateKeyIgnoreInhibited=, LidSwitchIgnoreInhibited=,
           Controls whether actions that systemd-logind takes when the
           power, reboot and sleep keys and the lid switch are triggered are
           subject to high-level inhibitor locks ("shutdown", "reboot",
           "sleep", "idle"). Low level inhibitor locks ("handle-power-key",
           "handle-suspend-key", "handle-hibernate-key",
           "handle-lid-switch", "handle-reboot-key"), are always honored,
           irrespective of this setting.

           These settings take boolean arguments. If "no", the inhibitor
           locks taken by applications are respected. If "yes", "shutdown",
           "reboot" "sleep", and "idle" inhibitor locks are ignored.
           PowerKeyIgnoreInhibited=, SuspendKeyIgnoreInhibited=,
           HibernateKeyIgnoreInhibited= and RebootKeyIgnoreInhibited=
           default to "no".  LidSwitchIgnoreInhibited= defaults to "yes".
           This means that when systemd-logind is handling events by itself
           (no low level inhibitor locks are taken by another application),
           the lid switch does not respect suspend blockers by default, but
           the power and sleep keys do.

           Specifies a period of time after system startup or system resume
           in which systemd will hold off on reacting to lid events. This is
           required for the system to properly detect any hotplugged devices
           so systemd can ignore lid events if external monitors, or docks,
           are connected. If set to 0, systemd will always react
           immediately, possibly before the kernel fully probed all
           hotplugged devices. This is safe, as long as you do not care for
           systemd to account for devices that have been plugged or
           unplugged while the system was off. Defaults to 30s.

           Sets the size limit on the $XDG_RUNTIME_DIR runtime directory for
           each user who logs in. Takes a size in bytes, optionally suffixed
           with the usual K, G, M, and T suffixes, to the base 1024 (IEC).
           Alternatively, a numerical percentage suffixed by "%" may be
           specified, which sets the size limit relative to the amount of
           physical RAM. Defaults to 10%. Note that this size is a safety
           limit only. As each runtime directory is a tmpfs file system, it
           will only consume as much memory as is needed.

           Sets the limit on number of inodes for the $XDG_RUNTIME_DIR
           runtime directory for each user who logs in. Takes a number,
           optionally suffixed with the usual K, G, M, and T suffixes, to
           the base 1024 (IEC). Defaults to RuntimeDirectorySize= divided by
           4096. Note that this size is a safety limit only. As each runtime
           directory is a tmpfs file system, it will only consume as much
           memory as is needed.

           Controls the maximum number of concurrent inhibitors to permit.
           Defaults to 8192 (8K).

           Controls the maximum number of concurrent user sessions to
           manage. Defaults to 8192 (8K). Depending on how the
           pam_systemd.so module is included in the PAM stack configuration,
           further login sessions will either be refused, or permitted but
           not tracked by systemd-logind.

           Controls whether System V and POSIX IPC objects belonging to the
           user shall be removed when the user fully logs out. Takes a
           boolean argument. If enabled, the user may not consume IPC
           resources after the last of the user's sessions terminated. This
           covers System V semaphores, shared memory and message queues, as
           well as POSIX shared memory and message queues. Note that IPC
           objects of the root user and other system users are excluded from
           the effect of this setting. Defaults to "yes".

SEE ALSO         top

       systemd(1), systemd-logind.service(8), loginctl(1),

COLOPHON         top

       This page is part of the systemd (systemd system and service manager)
       project.  Information about the project can be found at 
       ⟨http://www.freedesktop.org/wiki/Software/systemd⟩.  If you have a bug
       report for this manual page, see
       ⟨http://www.freedesktop.org/wiki/Software/systemd/#bugreports⟩.  This
       page was obtained from the project's upstream Git repository
       ⟨https://github.com/systemd/systemd.git⟩ on 2020-11-01.  (At that
       time, the date of the most recent commit that was found in the repos‐
       itory was 2020-11-01.)  If you discover any rendering problems in
       this HTML version of the page, or you believe there is a better or
       more up-to-date source for the page, or you have corrections or im‐
       provements to the information in this COLOPHON (which is not part of
       the original manual page), send a mail to man-pages@man7.org

systemd 247                                                   LOGIND.CONF(5)

Pages that refer to this page: homectl(1)loginctl(1)systemd-inhibit(1)systemd-run(1)org.freedesktop.login1(5)30-systemd-environment-d-generator(7)systemd.directives(7)systemd.index(7)systemd.syntax(7)pam_systemd(8)systemd-logind(8)systemd-logind.service(8)