1 <?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*-->
2 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
6 SPDX-License-Identifier: LGPL-2.1+
8 This file is part of elogind.
10 Copyright 2010 Lennart Poettering
12 elogind is free software; you can redistribute it and/or modify it
13 under the terms of the GNU Lesser General Public License as published by
14 the Free Software Foundation; either version 2.1 of the License, or
15 (at your option) any later version.
17 elogind is distributed in the hope that it will be useful, but
18 WITHOUT ANY WARRANTY; without even the implied warranty of
19 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20 Lesser General Public License for more details.
22 You should have received a copy of the GNU Lesser General Public License
23 along with elogind; If not, see <http://www.gnu.org/licenses/>.
26 <!-- 0 /// elogind does not have to enable itself in configure
27 <refentry id="logind.conf" conditional='ENABLE_LOGIND'
28 xmlns:xi="http://www.w3.org/2001/XInclude">
30 <title>logind.conf</title>
31 <productname>systemd</productname>
33 <refentry id="logind.conf" xmlns:xi="http://www.w3.org/2001/XInclude">
35 <title>logind.conf</title>
36 <productname>elogind</productname>
41 <contrib>Developer</contrib>
42 <firstname>Lennart</firstname>
43 <surname>Poettering</surname>
44 <email>lennart@poettering.net</email>
50 <refentrytitle>logind.conf</refentrytitle>
51 <manvolnum>5</manvolnum>
55 <refname>logind.conf</refname>
56 <!-- 0 /// not supported by elogind
57 <refname>logind.conf.d</refname>
59 <refpurpose>Login manager configuration files</refpurpose>
63 <para><filename>/etc/elogind/logind.conf</filename></para>
64 <!-- 0 /// not supported by elogind
65 <para><filename>/etc/systemd/logind.conf.d/*.conf</filename></para>
66 <para><filename>/run/systemd/logind.conf.d/*.conf</filename></para>
67 <para><filename>/usr/lib/systemd/logind.conf.d/*.conf</filename></para>
72 <title>Description</title>
74 <para>These files configure various parameters of the elogind
75 <!-- 0 /// elogind does not need a service file.
77 <citerefentry><refentrytitle>elogind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
84 <!-- 0 /// elogind has only this configuration
85 <xi:include href="standard-conf.xml" xpointer="main-conf" />
89 <title>Options</title>
91 <!-- 0 /// elogind also supports a few system commands
92 <para>All options are configured in the
93 <literal>[Login]</literal> section:</para>
95 <para>All login options are configured in the
96 <literal>[Login]</literal> section, system sleep options are
97 configured in the <literal>[Sleep]</literal> section.</para>
100 <!-- 1 /// elogind needs a second level, as we use two sections. -->
101 <refsect2><title>[Login] section:</title>
105 <!-- 0 /// elogind has no support for AutoVT
108 <term><varname>NAutoVTs=</varname></term>
110 <listitem><para>Takes a positive integer. Configures how many
111 virtual terminals (VTs) to allocate by default that, when
112 switched to and are previously unused,
113 <literal>autovt</literal> services are automatically spawned
114 on. These services are instantiated from the template unit
115 <filename>autovt@.service</filename> for the respective VT TTY
116 name, for example, <filename>autovt@tty4.service</filename>.
117 By default, <filename>autovt@.service</filename> is linked to
118 <filename>getty@.service</filename>. In other words, login
119 prompts are started dynamically as the user switches to unused
120 virtual terminals. Hence, this parameter controls how many
121 login <literal>gettys</literal> are available on the VTs. If a
122 VT is already used by some other subsystem (for example, a
123 graphical login), this kind of activation will not be
124 attempted. Note that the VT configured in
125 <varname>ReserveVT=</varname> is always subject to this kind
126 of activation, even if it is not one of the VTs configured
127 with the <varname>NAutoVTs=</varname> directive. Defaults to
128 6. When set to 0, automatic spawning of
129 <literal>autovt</literal> services is
130 disabled.</para></listitem>
134 <term><varname>ReserveVT=</varname></term>
136 <listitem><para>Takes a positive integer. Identifies one
137 virtual terminal that shall unconditionally be reserved for
138 <filename>autovt@.service</filename> activation (see above).
139 The VT selected with this option will be marked busy
140 unconditionally, so that no other subsystem will allocate it.
141 This functionality is useful to ensure that, regardless of how
142 many VTs are allocated by other subsystems, one login
143 <literal>getty</literal> is always available. Defaults to 6
144 (in other words, there will always be a
145 <literal>getty</literal> available on Alt-F6.). When set to 0,
146 VT reservation is disabled.</para></listitem>
151 <term><varname>KillUserProcesses=</varname></term>
153 <listitem><para>Takes a boolean argument. Configures whether the processes of a
154 <!-- 0 /// elogind has no scope unit, and goes for cgroups only
155 user should be killed when the user logs out. If true, the scope unit
156 corresponding to the session and all processes inside that scope will be
157 terminated. If false, the scope is "abandoned", see
158 <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
160 user should be killed when the user logs out. If true, the processes
161 listed in their session cgroup will be terminated. If false, the session cgroup
164 and processes are not killed. Defaults to <literal>yes</literal>,
165 but see the options <varname>KillOnlyUsers=</varname> and
166 <varname>KillExcludeUsers=</varname> below.</para>
168 <!-- 0 /// elogind has no user manager unit, and lingering isn't clarified, yet.
169 <para>In addition to session processes, user process may run under the user
170 manager unit <filename>user@.service</filename>. Depending on the linger
171 settings, this may allow users to run processes independent of their login
172 sessions. See the description of <command>enable-linger</command> in
173 <citerefentry><refentrytitle>loginctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
177 <para>Note that setting <varname>KillUserProcesses=yes</varname>
178 will break tools like
179 <citerefentry project='die-net'><refentrytitle>screen</refentrytitle><manvolnum>1</manvolnum></citerefentry>
181 <citerefentry project='die-net'><refentrytitle>tmux</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
182 <!-- 0 /// elogind does not provide systemd-run or any equivalent, yet.
183 unless they are moved out of the session scope. See example in
184 <citerefentry><refentrytitle>systemd-run</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
186 unless they are moved out of the session scope.
192 <term><varname>KillOnlyUsers=</varname></term>
193 <term><varname>KillExcludeUsers=</varname></term>
195 <listitem><para>These settings take space-separated lists of usernames that override
196 the <varname>KillUserProcesses=</varname> setting. A user name may be added to
197 <varname>KillExcludeUsers=</varname> to exclude the processes in the session scopes of
198 that user from being killed even if <varname>KillUserProcesses=yes</varname> is set. If
199 <varname>KillExcludeUsers=</varname> is not set, the <literal>root</literal> user is
200 excluded by default. <varname>KillExcludeUsers=</varname> may be set to an empty value
201 to override this default. If a user is not excluded, <varname>KillOnlyUsers=</varname>
202 is checked next. If this setting is specified, only the session scopes of those users
203 will be killed. Otherwise, users are subject to the
204 <varname>KillUserProcesses=yes</varname> setting.</para></listitem>
208 <term><varname>IdleAction=</varname></term>
210 <listitem><para>Configures the action to take when the system
211 is idle. Takes one of
212 <literal>ignore</literal>,
213 <literal>poweroff</literal>,
214 <literal>reboot</literal>,
215 <literal>halt</literal>,
216 <literal>kexec</literal>,
217 <literal>suspend</literal>,
218 <literal>hibernate</literal>,
219 <literal>hybrid-sleep</literal>, and
220 <literal>lock</literal>.
221 Defaults to <literal>ignore</literal>.</para>
223 <para>Note that this requires that user sessions correctly
224 report the idle status to the system. The system will execute
225 the action after all sessions report that they are idle, no
226 idle inhibitor lock is active, and subsequently, the time
227 configured with <varname>IdleActionSec=</varname> (see below)
233 <term><varname>IdleActionSec=</varname></term>
235 <listitem><para>Configures the delay after which the action
236 configured in <varname>IdleAction=</varname> (see above) is
237 taken after the system is idle.</para></listitem>
241 <term><varname>InhibitDelayMaxSec=</varname></term>
243 <listitem><para>Specifies the maximum time a system shutdown
244 or sleep request is delayed due to an inhibitor lock of type
245 <literal>delay</literal> being active before the inhibitor is
246 ignored and the operation executes anyway. Defaults to
251 <term><varname>HandlePowerKey=</varname></term>
252 <term><varname>HandleSuspendKey=</varname></term>
253 <term><varname>HandleHibernateKey=</varname></term>
254 <term><varname>HandleLidSwitch=</varname></term>
255 <term><varname>HandleLidSwitchExternalPower=</varname></term>
256 <term><varname>HandleLidSwitchDocked=</varname></term>
258 <listitem><para>Controls how logind shall handle the
259 system power and sleep keys and the lid switch to trigger
260 actions such as system power-off or suspend. Can be one of
261 <literal>ignore</literal>,
262 <literal>poweroff</literal>,
263 <literal>reboot</literal>,
264 <literal>halt</literal>,
265 <literal>kexec</literal>,
266 <literal>suspend</literal>,
267 <literal>hibernate</literal>,
268 <literal>hybrid-sleep</literal>, and
269 <literal>lock</literal>.
270 If <literal>ignore</literal>, logind will never handle these
271 keys. If <literal>lock</literal>, all running sessions will be
272 screen-locked; otherwise, the specified action will be taken
273 in the respective event. Only input devices with the
274 <literal>power-switch</literal> udev tag will be watched for
275 key/lid switch events. <varname>HandlePowerKey=</varname>
276 defaults to <literal>poweroff</literal>.
277 <varname>HandleSuspendKey=</varname> and
278 <varname>HandleLidSwitch=</varname> default to
279 <literal>suspend</literal>.
280 <varname>HandleLidSwitchExternalPower=</varname> is completely
281 ignored by default (for backwards compatibility) — an explicit
282 value must be set before it will be used to determine
283 behaviour. <varname>HandleLidSwitchDocked=</varname> defaults
284 to <literal>ignore</literal>.
285 <varname>HandleHibernateKey=</varname> defaults to
286 <literal>hibernate</literal>. If the system is inserted in a
287 docking station, or if more than one display is connected, the
288 action specified by <varname>HandleLidSwitchDocked=</varname>
289 occurs; if the system is on external power the action (if any)
290 specified by <varname>HandleLidSwitchExternalPower=</varname>
291 occurs; otherwise the <varname>HandleLidSwitch=</varname>
292 action occurs.</para>
294 <para>A different application may disable logind's handling of system power and
295 sleep keys and the lid switch by taking a low-level inhibitor lock
296 (<literal>handle-power-key</literal>, <literal>handle-suspend-key</literal>,
297 <literal>handle-hibernate-key</literal>, <literal>handle-lid-switch</literal>).
298 This is most commonly used by graphical desktop environments
299 to take over suspend and hibernation handling, and to use their own configuration
300 mechanisms. If a low-level inhibitor lock is taken, logind will not take any
301 action when that key or switch is triggered and the <varname>Handle*=</varname>
302 settings are irrelevant.</para></listitem>
306 <term><varname>PowerKeyIgnoreInhibited=</varname></term>
307 <term><varname>SuspendKeyIgnoreInhibited=</varname></term>
308 <term><varname>HibernateKeyIgnoreInhibited=</varname></term>
309 <term><varname>LidSwitchIgnoreInhibited=</varname></term>
311 <listitem><para>Controls whether actions that <command>elogind</command>
312 takes when the power and sleep keys and the lid switch are triggered are subject
313 to high-level inhibitor locks ("shutdown", "sleep", "idle"). Low level inhibitor
314 locks (<literal>handle-power-key</literal>, <literal>handle-suspend-key</literal>,
315 <literal>handle-hibernate-key</literal>, <literal>handle-lid-switch</literal>),
316 are always honored, irrespective of this setting.</para>
318 <para>These settings take boolean arguments. If <literal>no</literal>, the
319 inhibitor locks taken by applications are respected. If <literal>yes</literal>,
320 "shutdown", "sleep", and "idle" inhibitor locks are ignored.
321 <varname>PowerKeyIgnoreInhibited=</varname>,
322 <varname>SuspendKeyIgnoreInhibited=</varname>, and
323 <varname>HibernateKeyIgnoreInhibited=</varname> default to <literal>no</literal>.
324 <varname>LidSwitchIgnoreInhibited=</varname> defaults to <literal>yes</literal>.
325 This means that when <command>elogind</command> is handling events by
326 itself (no low level inhibitor locks are taken by another application), the lid
327 switch does not respect suspend blockers by default, but the power and sleep keys
328 do.</para></listitem>
332 <term><varname>HoldoffTimeoutSec=</varname></term>
334 <listitem><para>Specifies the timeout after system startup or
335 system resume in which systemd will hold off on reacting to
336 lid events. This is required for the system to properly
337 detect any hotplugged devices so systemd can ignore lid events
338 if external monitors, or docks, are connected. If set to 0,
339 systemd will always react immediately, possibly before the
340 kernel fully probed all hotplugged devices. This is safe, as
341 long as you do not care for systemd to account for devices
342 that have been plugged or unplugged while the system was off.
343 Defaults to 30s.</para></listitem>
347 <term><varname>RuntimeDirectorySize=</varname></term>
349 <listitem><para>Sets the size limit on the
350 <varname>$XDG_RUNTIME_DIR</varname> runtime directory for each
351 user who logs in. Takes a size in bytes, optionally suffixed
352 with the usual K, G, M, and T suffixes, to the base 1024
353 (IEC). Alternatively, a numerical percentage suffixed by
354 <literal>%</literal> may be specified, which sets the size
355 limit relative to the amount of physical RAM. Defaults to 10%.
356 Note that this size is a safety limit only. As each runtime
357 directory is a tmpfs file system, it will only consume as much
358 memory as is needed.</para></listitem>
362 <term><varname>InhibitorsMax=</varname></term>
364 <listitem><para>Controls the maximum number of concurrent inhibitors to permit. Defaults to 8192
365 (8K).</para></listitem>
369 <term><varname>SessionsMax=</varname></term>
371 <listitem><para>Controls the maximum number of concurrent user sessions to manage. Defaults to 8192
372 (8K). Depending on how the <filename>pam_systemd.so</filename> module is included in the PAM stack
373 configuration, further login sessions will either be refused, or permitted but not tracked by
374 <filename>elogind</filename>.</para></listitem>
378 <term><varname>UserTasksMax=</varname></term>
380 <listitem><para>Sets the maximum number of OS tasks each user may run concurrently. This controls the
381 <varname>TasksMax=</varname> setting of the per-user slice unit, see
382 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
383 for details. If assigned the special value <literal>infinity</literal>, no tasks limit is applied.
384 Defaults to 33%, which equals 10813 with the kernel's defaults on the host, but might be smaller in
385 OS containers.</para></listitem>
389 <term><varname>RemoveIPC=</varname></term>
391 <listitem><para>Controls whether System V and POSIX IPC objects belonging to the user shall be removed when the
392 user fully logs out. Takes a boolean argument. If enabled, the user may not consume IPC resources after the
393 last of the user's sessions terminated. This covers System V semaphores, shared memory and message queues, as
394 well as POSIX shared memory and message queues. Note that IPC objects of the root user and other system users
395 are excluded from the effect of this setting. Defaults to <literal>yes</literal>.</para></listitem>
399 <!-- 1 /// elogind has an additional section for system commands. -->
402 <refsect2><title>[Sleep] section:</title>
403 <para><command>elogind</command> supports three general
404 power-saving modes:</para>
410 <listitem><para>a low-power state
411 where execution of the OS is paused,
412 and complete power loss might result
413 in lost data, and which is fast to
414 enter and exit. This corresponds to
415 suspend, standby, or freeze states as
416 understood by the kernel.
421 <term>hibernate</term>
423 <listitem><para>a low-power state
424 where execution of the OS is paused,
425 and complete power loss does not
426 result in lost data, and which might
427 be slow to enter and exit. This
428 corresponds to the hibernation as
429 understood by the kernel.
434 <term>hybrid-sleep</term>
436 <listitem><para>a low-power state
437 where execution of the OS is paused,
438 which might be slow to enter, and on
439 complete power loss does not result in
440 lost data but might be slower to exit
441 in that case. This mode is called
442 suspend-to-both by the kernel.
447 <term><varname>SuspendMode=</varname></term>
448 <term><varname>HibernateMode=</varname></term>
449 <term><varname>HybridSleepMode=</varname></term>
451 <listitem><para>The string to be written to
452 <filename>/sys/power/disk</filename> by elogind.
453 More than one value can be specified by separating
454 multiple values with whitespace. They will be tried
455 in turn, until one is written without error. If
456 neither succeeds, the operation will be aborted.
461 <term><varname>SuspendState=</varname></term>
462 <term><varname>HibernateState=</varname></term>
463 <term><varname>HybridSleepState=</varname></term>
465 <listitem><para>The string to be written to
466 <filename>/sys/power/state</filename> by elogind.
467 More than one value can be specified by separating
468 multiple values with whitespace. They will be tried
469 in turn, until one is written without error. If
470 neither succeeds, the operation will be aborted.
480 <title>See Also</title>
482 <!-- 0 /// elogind is in section 8
483 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
484 <citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
486 <citerefentry><refentrytitle>elogind</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
488 <citerefentry><refentrytitle>loginctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
489 <!-- 0 /// UNNEEDED by elogind
490 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>