logind.conf(5) — Linux manual page

NAME | SYNOPSIS | DESCRIPTION | CONFIGURATION DIRECTORIES AND PRECEDENCE | OPTIONS | SEE ALSO | COLOPHON

LOGIND.CONF(5)                 logind.conf                LOGIND.CONF(5)

NAME         top

       logind.conf, logind.conf.d - Login manager configuration files

SYNOPSIS         top

           /etc/systemd/logind.conf
           /etc/systemd/logind.conf.d/*.conf
           /run/systemd/logind.conf.d/*.conf
           /usr/lib/systemd/logind.conf.d/*.conf

DESCRIPTION         top

       These files configure various parameters of the systemd login
       manager, systemd-logind.service(8). See systemd.syntax(7) for a
       general description of the syntax.

CONFIGURATION DIRECTORIES AND PRECEDENCE         top

       The default configuration is set during compilation, so
       configuration is only needed when it is necessary to deviate from
       those defaults. The main configuration file is either in
       /usr/lib/systemd/ or /etc/systemd/ and contains commented out
       entries showing the defaults as a guide to the administrator.
       Local overrides can be created by creating drop-ins, as described
       below. The main configuration file can also be edited for this
       purpose (or a copy in /etc/ if it's shipped in /usr/) however
       using drop-ins for local configuration is recommended over
       modifications to the main configuration file.

       In addition to the "main" configuration file, drop-in
       configuration snippets are read from /usr/lib/systemd/*.conf.d/,
       /usr/local/lib/systemd/*.conf.d/, and /etc/systemd/*.conf.d/.
       Those drop-ins have higher precedence and override the main
       configuration file. Files in the *.conf.d/ configuration
       subdirectories are sorted by their filename in lexicographic
       order, regardless of in which of the subdirectories they reside.
       When multiple files specify the same option, for options which
       accept just a single value, the entry in the file sorted last
       takes precedence, and for options which accept a list of values,
       entries are collected as they occur in the sorted files.

       When packages need to customize the configuration, they can
       install drop-ins under /usr/. Files in /etc/ are reserved for the
       local administrator, who may use this logic to override the
       configuration files installed by vendor packages. Drop-ins have
       to be used to override package drop-ins, since the main
       configuration file has lower precedence. It is recommended to
       prefix all filenames in those subdirectories with a two-digit
       number and a dash, to simplify the ordering of the files. This
       also defined a concept of drop-in priority to allow distributions
       to ship drop-ins within a specific range lower than the range
       used by users. This should lower the risk of package drop-ins
       overriding accidentally drop-ins defined by users.

       To disable a configuration file supplied by the vendor, the
       recommended way is to place a symlink to /dev/null in the
       configuration directory in /etc/, with the same filename as the
       vendor configuration file.

OPTIONS         top

       All options are configured in the [Login] section:

       NAutoVTs=
           Takes a positive integer. Configures how many virtual
           terminals (VTs) to allocate by default that, when switched to
           and are previously unused, "autovt" services are
           automatically spawned on. These services are instantiated
           from the template unit autovt@.service for the respective VT
           TTY name, for example, autovt@tty4.service. By default,
           autovt@.service is linked to getty@.service. In other words,
           login prompts are started dynamically as the user switches to
           unused virtual terminals. Hence, this parameter controls how
           many login "gettys" are available on the VTs. If a VT is
           already used by some other subsystem (for example, a
           graphical login), this kind of activation will not be
           attempted. Note that the VT configured in ReserveVT= is
           always subject to this kind of activation, even if it is not
           one of the VTs configured with the NAutoVTs= directive.
           Defaults to 6. When set to 0, automatic spawning of "autovt"
           services is disabled.

       ReserveVT=
           Takes a positive integer. Identifies one virtual terminal
           that shall unconditionally be reserved for autovt@.service
           activation (see above). The VT selected with this option will
           be marked busy unconditionally, so that no other subsystem
           will allocate it. This functionality is useful to ensure
           that, regardless of how many VTs are allocated by other
           subsystems, one login "getty" is always available. Defaults
           to 6 (in other words, there will always be a "getty"
           available on Alt-F6.). When set to 0, VT reservation is
           disabled.

           Added in version 190.

       KillUserProcesses=
           Takes a boolean argument. Configures whether the processes of
           a user should be killed when the user logs out. If true, the
           scope unit corresponding to the session and all processes
           inside that scope will be terminated. If false, the scope is
           "abandoned", see systemd.scope(5), and processes are not
           killed. Defaults to "yes", but see the options KillOnlyUsers=
           and KillExcludeUsers= below.

           In addition to session processes, user process may run under
           the user manager unit user@.service. Depending on the linger
           settings, this may allow users to run processes independent
           of their login sessions. See the description of enable-linger
           in loginctl(1).

           Note that setting KillUserProcesses=yes will break tools like
           screen(1) and tmux(1), unless they are moved out of the
           session scope. See example in systemd-run(1).

       KillOnlyUsers=, KillExcludeUsers=
           These settings take space-separated lists of usernames that
           override the KillUserProcesses= setting. A user name may be
           added to KillExcludeUsers= to exclude the processes in the
           session scopes of that user from being killed even if
           KillUserProcesses=yes is set. If KillExcludeUsers= is not
           set, the "root" user is excluded by default.
           KillExcludeUsers= may be set to an empty value to override
           this default. If a user is not excluded, KillOnlyUsers= is
           checked next. If this setting is specified, only the
           processes in the session scopes of those users will be
           killed. Otherwise, users are subject to the
           KillUserProcesses=yes setting.

       IdleAction=
           Configures the action to take when the system is idle. Takes
           one of "ignore", "poweroff", "reboot", "halt", "kexec",
           "suspend", "hibernate", "hybrid-sleep",
           "suspend-then-hibernate", "sleep", and "lock". Defaults to
           "ignore".

           Note that this requires that user sessions correctly report
           the idle status to the system. The system will execute the
           action after all sessions report that they are idle, no idle
           inhibitor lock is active, and subsequently, the time
           configured with IdleActionSec= (see below) has expired.

           Added in version 198.

       IdleActionSec=
           Configures the delay after which the action configured in
           IdleAction= (see above) is taken after the system is idle.

           Added in version 198.

       InhibitDelayMaxSec=
           Specifies the maximum time a system shutdown or sleep request
           is delayed due to an inhibitor lock of type "delay" being
           active before the inhibitor is ignored and the operation
           executes anyway. Defaults to 5.

       UserStopDelaySec=
           Specifies how long to keep the user record and per-user
           service user@.service around for a user after they logged out
           fully. If set to zero, the per-user service is terminated
           immediately when the last session of the user has ended. If
           this option is configured to non-zero rapid logout/login
           cycles are sped up, as the user's service manager is not
           constantly restarted. If set to "infinity" the per-user
           service for a user is never terminated again after first
           login, and continues to run until system shutdown. Defaults
           to 10s.

           Added in version 240.

       SleepOperation=
           Takes a list of sleep operations. Possible values are
           "suspend", "hibernate", "hybrid-sleep", and
           "suspend-then-hibernate". Controls the candidate sleep
           operations for the "sleep" action. When "sleep" action is
           performed, the specified sleep operations are checked in a
           fixed order ("suspend-then-hibernate" → "hybrid-sleep" →
           "suspend" → "hibernate"), and the first one supported by the
           machine is used to put the system into sleep. Defaults to
           "suspend-then-hibernate suspend hibernate".

           Added in version 256.

       HandlePowerKey=, HandlePowerKeyLongPress=, HandleRebootKey=,
       HandleRebootKeyLongPress=, HandleSuspendKey=,
       HandleSuspendKeyLongPress=, HandleHibernateKey=,
       HandleHibernateKeyLongPress=, HandleLidSwitch=,
       HandleLidSwitchExternalPower=, HandleLidSwitchDocked=
           Controls how logind shall handle the system power, reboot and
           sleep keys and the lid switch to trigger actions such as
           system power-off, reboot or suspend. Can be one of "ignore",
           "poweroff", "reboot", "halt", "kexec", "suspend",
           "hibernate", "hybrid-sleep", "suspend-then-hibernate",
           "sleep", "lock", and "factory-reset". If "ignore",
           systemd-logind will never handle these keys. If "lock", all
           running sessions will be screen-locked; otherwise, the
           specified action will be taken in the respective event. Only
           input devices with the "power-switch" udev tag will be
           watched for key/lid switch events.

           HandlePowerKey= defaults to "poweroff", HandleRebootKey=
           defaults to "reboot", HandleSuspendKey= defaults to
           "suspend", HandleHibernateKey= defaults to "hibernate",
           HandlePowerKeyLongPress= defaults to "ignore",
           HandleRebootKeyLongPress= defaults to "poweroff",
           HandleSuspendKeyLongPress= defaults to "hibernate",
           HandleHibernateKeyLongPress= defaults to "ignore".
           HandleLidSwitch= defaults to "suspend".
           HandleLidSwitchExternalPower= is completely ignored by
           default (for backwards compatibility) — an explicit value
           must be set before it will be used to determine behaviour.
           HandleLidSwitchDocked= defaults to "ignore". If the system is
           inserted in a docking station, or if more than one display is
           connected, the action specified by HandleLidSwitchDocked=
           occurs; if the system is on external power the action (if
           any) specified by HandleLidSwitchExternalPower= occurs;
           otherwise the HandleLidSwitch= action occurs.

           A different application may disable logind's handling of
           system power and sleep keys and the lid switch by taking a
           low-level inhibitor lock ("handle-power-key",
           "handle-suspend-key", "handle-hibernate-key",
           "handle-lid-switch", "handle-reboot-key"). This is most
           commonly used by graphical desktop environments to take over
           suspend and hibernation handling, and to use their own
           configuration mechanisms. If a low-level inhibitor lock is
           taken, logind will not take any action when that key or
           switch is triggered and the Handle*= settings are irrelevant.

           Added in version 184.

       PowerKeyIgnoreInhibited=, SuspendKeyIgnoreInhibited=,
       HibernateKeyIgnoreInhibited=, LidSwitchIgnoreInhibited=,
       RebootKeyIgnoreInhibited=
           Controls whether actions that systemd-logind takes when the
           power, reboot and sleep keys and the lid switch are triggered
           are subject to high-level inhibitor locks ("shutdown",
           "reboot", "sleep", "idle"). Low level inhibitor locks
           ("handle-power-key", "handle-suspend-key",
           "handle-hibernate-key", "handle-lid-switch",
           "handle-reboot-key"), are always honored, irrespective of
           this setting.

           These settings take boolean arguments. If "no", the inhibitor
           locks taken by applications are respected. If "yes",
           "shutdown", "reboot" "sleep", and "idle" inhibitor locks are
           ignored.  PowerKeyIgnoreInhibited=,
           SuspendKeyIgnoreInhibited=, HibernateKeyIgnoreInhibited= and
           RebootKeyIgnoreInhibited= default to "no".
           LidSwitchIgnoreInhibited= defaults to "yes". This means that
           when systemd-logind is handling events by itself (no low
           level inhibitor locks are taken by another application), the
           lid switch does not respect suspend blockers by default, but
           the power and sleep keys do.

           Added in version 190.

       HoldoffTimeoutSec=
           Specifies a period of time after system startup or system
           resume in which systemd will hold off on reacting to lid
           events. This is required for the system to properly detect
           any hotplugged devices so systemd can ignore lid events if
           external monitors, or docks, are connected. If set to 0,
           systemd will always react immediately, possibly before the
           kernel fully probed all hotplugged devices. This is safe, as
           long as you do not care for systemd to account for devices
           that have been plugged or unplugged while the system was off.
           Defaults to 30s.

           Added in version 220.

       RuntimeDirectorySize=
           Sets the size limit on the $XDG_RUNTIME_DIR runtime directory
           for each user who logs in. Takes a size in bytes, optionally
           suffixed with the usual K, G, M, and T suffixes, to the base
           1024 (IEC). Alternatively, a numerical percentage suffixed by
           "%" may be specified, which sets the size limit relative to
           the amount of physical RAM. Defaults to 10%. Note that this
           size is a safety limit only. As each runtime directory is a
           tmpfs file system, it will only consume as much memory as is
           needed.

           Added in version 211.

       RuntimeDirectoryInodesMax=
           Sets the limit on number of inodes for the $XDG_RUNTIME_DIR
           runtime directory for each user who logs in. Takes a number,
           optionally suffixed with the usual K, G, M, and T suffixes,
           to the base 1024 (IEC). Defaults to RuntimeDirectorySize=
           divided by 4096. Note that this size is a safety limit only.
           As each runtime directory is a tmpfs file system, it will
           only consume as much memory as is needed.

           Added in version 246.

       InhibitorsMax=
           Controls the maximum number of concurrent inhibitors to
           permit. Defaults to 8192 (8K).

           Added in version 230.

       SessionsMax=
           Controls the maximum number of concurrent user sessions to
           manage. Defaults to 8192 (8K). Depending on how the
           pam_systemd.so module is included in the PAM stack
           configuration, further login sessions will either be refused,
           or permitted but not tracked by systemd-logind.

           Added in version 230.

       RemoveIPC=
           Controls whether System V and POSIX IPC objects belonging to
           the user shall be removed when the user fully logs out. Takes
           a boolean argument. If enabled, the user may not consume IPC
           resources after the last of the user's sessions terminated.
           This covers System V semaphores, shared memory and message
           queues, as well as POSIX shared memory and message queues.
           Note that IPC objects of the root user and other system users
           are excluded from the effect of this setting. Defaults to
           "yes".

           Added in version 212.

       StopIdleSessionSec=
           Specifies a timeout in seconds, or a time span value after
           which systemd-logind checks the idle state of all sessions.
           Every session that is idle for longer then the timeout will
           be stopped. Defaults to "infinity" (systemd-logind is not
           checking the idle state of sessions). For details about the
           syntax of time spans, see systemd.time(7).

           Added in version 252.

SEE ALSO         top

       systemd(1), systemd-logind.service(8), loginctl(1),
       systemd-system.conf(5)

COLOPHON         top

       This page is part of the systemd (systemd system and service
       manager) project.  Information about the project can be found at
       ⟨http://www.freedesktop.org/wiki/Software/systemd⟩.  If you have
       a bug report for this manual page, see
       ⟨http://www.freedesktop.org/wiki/Software/systemd/#bugreports⟩.
       This page was obtained from the project's upstream Git repository
       ⟨https://github.com/systemd/systemd.git⟩ on 2023-12-22.  (At that
       time, the date of the most recent commit that was found in the
       repository was 2023-12-22.)  If you discover any rendering
       problems in this HTML version of the page, or you believe there
       is a better or more up-to-date source for the page, or you have
       corrections or improvements to the information in this COLOPHON
       (which is not part of the original manual page), send a mail to
       man-pages@man7.org

systemd 255                                               LOGIND.CONF(5)

Pages that refer to this page: homectl(1)loginctl(1)systemctl(1)systemd-inhibit(1)systemd-run(1)org.freedesktop.login1(5)systemd.directives(7)systemd.index(7)systemd.syntax(7)pam_systemd(8)systemd-logind.service(8)