mirror of
https://github.com/systemd/systemd
synced 2024-11-05 18:25:39 +00:00
41b6ae4da3
Fixes #17177.
365 lines
18 KiB
XML
365 lines
18 KiB
XML
<?xml version='1.0'?>
|
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
|
<!ENTITY % entities SYSTEM "custom-entities.ent" >
|
|
%entities;
|
|
]>
|
|
<!-- SPDX-License-Identifier: LGPL-2.1+ -->
|
|
|
|
<refentry id="logind.conf" conditional='ENABLE_LOGIND'
|
|
xmlns:xi="http://www.w3.org/2001/XInclude">
|
|
<refentryinfo>
|
|
<title>logind.conf</title>
|
|
<productname>systemd</productname>
|
|
</refentryinfo>
|
|
|
|
<refmeta>
|
|
<refentrytitle>logind.conf</refentrytitle>
|
|
<manvolnum>5</manvolnum>
|
|
</refmeta>
|
|
|
|
<refnamediv>
|
|
<refname>logind.conf</refname>
|
|
<refname>logind.conf.d</refname>
|
|
<refpurpose>Login manager configuration files</refpurpose>
|
|
</refnamediv>
|
|
|
|
<refsynopsisdiv>
|
|
<para><filename>/etc/systemd/logind.conf</filename></para>
|
|
<para><filename>/etc/systemd/logind.conf.d/*.conf</filename></para>
|
|
<para><filename>/run/systemd/logind.conf.d/*.conf</filename></para>
|
|
<para><filename>/usr/lib/systemd/logind.conf.d/*.conf</filename></para>
|
|
</refsynopsisdiv>
|
|
|
|
<refsect1>
|
|
<title>Description</title>
|
|
|
|
<para>These files configure various parameters of the systemd login manager,
|
|
<citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>. See
|
|
<citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
|
for a general description of the syntax.</para>
|
|
</refsect1>
|
|
|
|
<xi:include href="standard-conf.xml" xpointer="main-conf" />
|
|
|
|
<refsect1>
|
|
<title>Options</title>
|
|
|
|
<para>All options are configured in the
|
|
[Login] section:</para>
|
|
|
|
<variablelist class='config-directives'>
|
|
|
|
<varlistentry>
|
|
<term><varname>NAutoVTs=</varname></term>
|
|
|
|
<listitem><para>Takes a positive integer. Configures how many
|
|
virtual terminals (VTs) to allocate by default that, when
|
|
switched to and are previously unused,
|
|
<literal>autovt</literal> services are automatically spawned
|
|
on. These services are instantiated from the template unit
|
|
<filename>autovt@.service</filename> for the respective VT TTY
|
|
name, for example, <filename>autovt@tty4.service</filename>.
|
|
By default, <filename>autovt@.service</filename> is linked to
|
|
<filename>getty@.service</filename>. In other words, login
|
|
prompts are started dynamically as the user switches to unused
|
|
virtual terminals. Hence, this parameter controls how many
|
|
login <literal>gettys</literal> are available on the VTs. If a
|
|
VT is already used by some other subsystem (for example, a
|
|
graphical login), this kind of activation will not be
|
|
attempted. Note that the VT configured in
|
|
<varname>ReserveVT=</varname> is always subject to this kind
|
|
of activation, even if it is not one of the VTs configured
|
|
with the <varname>NAutoVTs=</varname> directive. Defaults to
|
|
6. When set to 0, automatic spawning of
|
|
<literal>autovt</literal> services is
|
|
disabled.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>ReserveVT=</varname></term>
|
|
|
|
<listitem><para>Takes a positive integer. Identifies one
|
|
virtual terminal that shall unconditionally be reserved for
|
|
<filename>autovt@.service</filename> activation (see above).
|
|
The VT selected with this option will be marked busy
|
|
unconditionally, so that no other subsystem will allocate it.
|
|
This functionality is useful to ensure that, regardless of how
|
|
many VTs are allocated by other subsystems, one login
|
|
<literal>getty</literal> is always available. Defaults to 6
|
|
(in other words, there will always be a
|
|
<literal>getty</literal> available on Alt-F6.). When set to 0,
|
|
VT reservation is disabled.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>KillUserProcesses=</varname></term>
|
|
|
|
<listitem><para>Takes a boolean argument. Configures whether the processes of a
|
|
user should be killed when the user logs out. If true, the scope unit
|
|
corresponding to the session and all processes inside that scope will be
|
|
terminated. If false, the scope is "abandoned", see
|
|
<citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
|
and processes are not killed. Defaults to <literal>&KILL_USER_PROCESSES;</literal>,
|
|
but see the options <varname>KillOnlyUsers=</varname> and
|
|
<varname>KillExcludeUsers=</varname> below.</para>
|
|
|
|
<para>In addition to session processes, user process may run under the user
|
|
manager unit <filename>user@.service</filename>. Depending on the linger
|
|
settings, this may allow users to run processes independent of their login
|
|
sessions. See the description of <command>enable-linger</command> in
|
|
<citerefentry><refentrytitle>loginctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
|
|
</para>
|
|
|
|
<para>Note that setting <varname>KillUserProcesses=yes</varname>
|
|
will break tools like
|
|
<citerefentry project='die-net'><refentrytitle>screen</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
|
and
|
|
<citerefentry project='die-net'><refentrytitle>tmux</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
|
unless they are moved out of the session scope. See example in
|
|
<citerefentry><refentrytitle>systemd-run</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>KillOnlyUsers=</varname></term>
|
|
<term><varname>KillExcludeUsers=</varname></term>
|
|
|
|
<listitem><para>These settings take space-separated lists of usernames that override the
|
|
<varname>KillUserProcesses=</varname> setting. A user name may be added to
|
|
<varname>KillExcludeUsers=</varname> to exclude the processes in the session scopes of that user from
|
|
being killed even if <varname>KillUserProcesses=yes</varname> is set. If
|
|
<varname>KillExcludeUsers=</varname> is not set, the <literal>root</literal> user is excluded by
|
|
default. <varname>KillExcludeUsers=</varname> may be set to an empty value to override this
|
|
default. If a user is not excluded, <varname>KillOnlyUsers=</varname> is checked next. If this
|
|
setting is specified, only the processes in the session scopes of those users will be
|
|
killed. Otherwise, users are subject to the <varname>KillUserProcesses=yes</varname> setting.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>IdleAction=</varname></term>
|
|
|
|
<listitem><para>Configures the action to take when the system
|
|
is idle. Takes one of
|
|
<literal>ignore</literal>,
|
|
<literal>poweroff</literal>,
|
|
<literal>reboot</literal>,
|
|
<literal>halt</literal>,
|
|
<literal>kexec</literal>,
|
|
<literal>suspend</literal>,
|
|
<literal>hibernate</literal>,
|
|
<literal>hybrid-sleep</literal>,
|
|
<literal>suspend-then-hibernate</literal>, and
|
|
<literal>lock</literal>.
|
|
Defaults to <literal>ignore</literal>.</para>
|
|
|
|
<para>Note that this requires that user sessions correctly
|
|
report the idle status to the system. The system will execute
|
|
the action after all sessions report that they are idle, no
|
|
idle inhibitor lock is active, and subsequently, the time
|
|
configured with <varname>IdleActionSec=</varname> (see below)
|
|
has expired.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>IdleActionSec=</varname></term>
|
|
|
|
<listitem><para>Configures the delay after which the action
|
|
configured in <varname>IdleAction=</varname> (see above) is
|
|
taken after the system is idle.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>InhibitDelayMaxSec=</varname></term>
|
|
|
|
<listitem><para>Specifies the maximum time a system shutdown
|
|
or sleep request is delayed due to an inhibitor lock of type
|
|
<literal>delay</literal> being active before the inhibitor is
|
|
ignored and the operation executes anyway. Defaults to
|
|
5.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>UserStopDelaySec=</varname></term>
|
|
|
|
<listitem><para>Specifies how long to keep the user record and per-user service
|
|
<filename>user@.service</filename> around for a user after they logged out fully. If set to zero, the per-user
|
|
service is terminated immediately when the last session of the user has ended. If this option is configured to
|
|
non-zero rapid logout/login cycles are sped up, as the user's service manager is not constantly restarted. If
|
|
set to <literal>infinity</literal> the per-user service for a user is never terminated again after first login,
|
|
and continues to run until system shutdown. Defaults to 10s.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>HandlePowerKey=</varname></term>
|
|
<term><varname>HandleSuspendKey=</varname></term>
|
|
<term><varname>HandleHibernateKey=</varname></term>
|
|
<term><varname>HandleLidSwitch=</varname></term>
|
|
<term><varname>HandleLidSwitchExternalPower=</varname></term>
|
|
<term><varname>HandleLidSwitchDocked=</varname></term>
|
|
<term><varname>HandleRebootKey=</varname></term>
|
|
|
|
<listitem><para>Controls how logind shall handle the
|
|
system power, reboot and sleep keys and the lid switch to trigger
|
|
actions such as system power-off, reboot or suspend. Can be one of
|
|
<literal>ignore</literal>,
|
|
<literal>poweroff</literal>,
|
|
<literal>reboot</literal>,
|
|
<literal>halt</literal>,
|
|
<literal>kexec</literal>,
|
|
<literal>suspend</literal>,
|
|
<literal>hibernate</literal>,
|
|
<literal>hybrid-sleep</literal>,
|
|
<literal>suspend-then-hibernate</literal>, and
|
|
<literal>lock</literal>.
|
|
If <literal>ignore</literal>, logind will never handle these
|
|
keys. If <literal>lock</literal>, all running sessions will be
|
|
screen-locked; otherwise, the specified action will be taken
|
|
in the respective event. Only input devices with the
|
|
<literal>power-switch</literal> udev tag will be watched for
|
|
key/lid switch events. <varname>HandlePowerKey=</varname>
|
|
defaults to <literal>poweroff</literal>, <varname>HandleRebootKey=</varname>
|
|
defaults to <literal>reboot</literal>.
|
|
<varname>HandleSuspendKey=</varname> and
|
|
<varname>HandleLidSwitch=</varname> default to
|
|
<literal>suspend</literal>.
|
|
<varname>HandleLidSwitchExternalPower=</varname> is completely
|
|
ignored by default (for backwards compatibility) — an explicit
|
|
value must be set before it will be used to determine
|
|
behaviour. <varname>HandleLidSwitchDocked=</varname> defaults
|
|
to <literal>ignore</literal>.
|
|
<varname>HandleHibernateKey=</varname> defaults to
|
|
<literal>hibernate</literal>. If the system is inserted in a
|
|
docking station, or if more than one display is connected, the
|
|
action specified by <varname>HandleLidSwitchDocked=</varname>
|
|
occurs; if the system is on external power the action (if any)
|
|
specified by <varname>HandleLidSwitchExternalPower=</varname>
|
|
occurs; otherwise the <varname>HandleLidSwitch=</varname>
|
|
action occurs.</para>
|
|
|
|
<para>A different application may disable logind's handling of system power and
|
|
sleep keys and the lid switch by taking a low-level inhibitor lock
|
|
(<literal>handle-power-key</literal>, <literal>handle-suspend-key</literal>,
|
|
<literal>handle-hibernate-key</literal>, <literal>handle-lid-switch</literal>,
|
|
<literal>handle-reboot-switch</literal>).
|
|
This is most commonly used by graphical desktop environments
|
|
to take over suspend and hibernation handling, and to use their own configuration
|
|
mechanisms. If a low-level inhibitor lock is taken, logind will not take any
|
|
action when that key or switch is triggered and the <varname>Handle*=</varname>
|
|
settings are irrelevant.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>PowerKeyIgnoreInhibited=</varname></term>
|
|
<term><varname>SuspendKeyIgnoreInhibited=</varname></term>
|
|
<term><varname>HibernateKeyIgnoreInhibited=</varname></term>
|
|
<term><varname>LidSwitchIgnoreInhibited=</varname></term>
|
|
<term><varname>RebootKeyIgnoreInhibited=</varname></term>
|
|
|
|
<listitem><para>Controls whether actions that <command>systemd-logind</command>
|
|
takes when the power, reboot and sleep keys and the lid switch are triggered are subject
|
|
to high-level inhibitor locks ("shutdown", "reboot", "sleep", "idle"). Low level inhibitor
|
|
locks (<literal>handle-power-key</literal>, <literal>handle-suspend-key</literal>,
|
|
<literal>handle-hibernate-key</literal>, <literal>handle-lid-switch</literal>,
|
|
<literal>handle-reboot-key</literal>),
|
|
are always honored, irrespective of this setting.</para>
|
|
|
|
<para>These settings take boolean arguments. If <literal>no</literal>, the
|
|
inhibitor locks taken by applications are respected. If <literal>yes</literal>,
|
|
"shutdown", "reboot" "sleep", and "idle" inhibitor locks are ignored.
|
|
<varname>PowerKeyIgnoreInhibited=</varname>,
|
|
<varname>SuspendKeyIgnoreInhibited=</varname>,
|
|
<varname>HibernateKeyIgnoreInhibited=</varname> and
|
|
<varname>RebootKeyIgnoreInhibited=</varname> default to <literal>no</literal>.
|
|
<varname>LidSwitchIgnoreInhibited=</varname> defaults to <literal>yes</literal>.
|
|
This means that when <command>systemd-logind</command> is handling events by
|
|
itself (no low level inhibitor locks are taken by another application), the lid
|
|
switch does not respect suspend blockers by default, but the power and sleep keys
|
|
do.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>HoldoffTimeoutSec=</varname></term>
|
|
|
|
<listitem><para>Specifies a period of time after system startup or
|
|
system resume in which systemd will hold off on reacting to
|
|
lid events. This is required for the system to properly
|
|
detect any hotplugged devices so systemd can ignore lid events
|
|
if external monitors, or docks, are connected. If set to 0,
|
|
systemd will always react immediately, possibly before the
|
|
kernel fully probed all hotplugged devices. This is safe, as
|
|
long as you do not care for systemd to account for devices
|
|
that have been plugged or unplugged while the system was off.
|
|
Defaults to 30s.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>RuntimeDirectorySize=</varname></term>
|
|
|
|
<listitem><para>Sets the size limit on the
|
|
<varname>$XDG_RUNTIME_DIR</varname> runtime directory for each
|
|
user who logs in. Takes a size in bytes, optionally suffixed
|
|
with the usual K, G, M, and T suffixes, to the base 1024
|
|
(IEC). Alternatively, a numerical percentage suffixed by
|
|
<literal>%</literal> may be specified, which sets the size
|
|
limit relative to the amount of physical RAM. Defaults to 10%.
|
|
Note that this size is a safety limit only. As each runtime
|
|
directory is a tmpfs file system, it will only consume as much
|
|
memory as is needed.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>RuntimeDirectoryInodesMax=</varname></term>
|
|
|
|
<listitem><para>Sets the limit on number of inodes for the
|
|
<varname>$XDG_RUNTIME_DIR</varname> runtime directory for each
|
|
user who logs in. Takes a number, optionally suffixed with the
|
|
usual K, G, M, and T suffixes, to the base 1024 (IEC).
|
|
Defaults to <varname>RuntimeDirectorySize=</varname> divided
|
|
by 4096. Note that this size is a safety limit only.
|
|
As each runtime directory is a tmpfs file system, it will
|
|
only consume as much memory as is needed.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>InhibitorsMax=</varname></term>
|
|
|
|
<listitem><para>Controls the maximum number of concurrent inhibitors to permit. Defaults to 8192
|
|
(8K).</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>SessionsMax=</varname></term>
|
|
|
|
<listitem><para>Controls the maximum number of concurrent user sessions to manage. Defaults to 8192
|
|
(8K). Depending on how the <filename>pam_systemd.so</filename> module is included in the PAM stack
|
|
configuration, further login sessions will either be refused, or permitted but not tracked by
|
|
<filename>systemd-logind</filename>.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>RemoveIPC=</varname></term>
|
|
|
|
<listitem><para>Controls whether System V and POSIX IPC objects belonging to the user shall be removed when the
|
|
user fully logs out. Takes a boolean argument. If enabled, the user may not consume IPC resources after the
|
|
last of the user's sessions terminated. This covers System V semaphores, shared memory and message queues, as
|
|
well as POSIX shared memory and message queues. Note that IPC objects of the root user and other system users
|
|
are excluded from the effect of this setting. Defaults to <literal>yes</literal>.</para></listitem>
|
|
</varlistentry>
|
|
|
|
</variablelist>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>See Also</title>
|
|
<para>
|
|
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>loginctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
|
</para>
|
|
</refsect1>
|
|
|
|
</refentry>
|