logind.conf, logind.conf.d - Login manager configuration files
These files configure various parameters of the systemd login manager,
The default configuration is defined during compilation, so a configuration file
is only needed when it is necessary to deviate from those defaults. By
default, the configuration file in /etc/systemd/ contains commented out
entries showing the defaults as a guide to the administrator. This file can be
edited to create local overrides.
When packages need to customize the configuration, they can install
configuration snippets in /usr/lib/systemd/*.conf.d/. Files in /etc/ are
reserved for the local administrator, who may use this logic to override the
configuration files installed by vendor packages. The main configuration file
is read before any of the configuration directories, and has the lowest
precedence; entries in a file in any configuration directory override entries
in the single configuration file. Files in the *.conf.d/ configuration
subdirectories are sorted by their filename in lexicographic order, regardless
of which of the subdirectories they reside in. When multiple files specify the
same option, for options which accept just a single value, the entry in the
file with the lexicographically latest name takes precedence. For options
which accept a list of values, entries are collected as they occur in files
sorted lexicographically. It is recommended to prefix all filenames in those
subdirectories with a two-digit number and a dash, to simplify the ordering of
To disable a configuration file supplied by the vendor, the recommended way is
to place a symlink to /dev/null in the configuration directory in /etc/, with
the same filename as the vendor configuration file.
All options are configured in the "[Login]" section:
Takes a positive integer. Configures how many
virtual terminals (VTs) to allocate by default that, when switched to and are
previously unused, "autovt" services are automatically spawned on.
These services are instantiated from the template unit autovt@.service for the
respective VT TTY name, for example, firstname.lastname@example.org. By default,
autovt@.service is linked to getty@.service. In other words, login prompts are
started dynamically as the user switches to unused virtual terminals. Hence,
this parameter controls how many login "gettys" are available on the
VTs. If a VT is already used by some other subsystem (for example, a graphical
login), this kind of activation will not be attempted. Note that the VT
configured in ReserveVT= is always subject to this kind of activation,
even if it is not one of the VTs configured with the NAutoVTs=
directive. Defaults to 6. When set to 0, automatic spawning of
"autovt" services is disabled.
Takes a positive integer. Identifies one
virtual terminal that shall unconditionally be reserved for autovt@.service
activation (see above). The VT selected with this option will be marked busy
unconditionally, so that no other subsystem will allocate it. This
functionality is useful to ensure that, regardless of how many VTs are
allocated by other subsystems, one login "getty" is always
available. Defaults to 6 (in other words, there will always be a
"getty" available on Alt-F6.). When set to 0, VT reservation is
Takes a boolean argument. Configures whether
the processes of a user should be killed when the user logs out. If true, the
scope unit corresponding to the session and all processes inside that scope
will be terminated. If false, the scope is "abandoned", see
(5), and processes are not killed. Defaults to
"yes", but see the options KillOnlyUsers=
In addition to session processes, user process may run under the user manager
unit user@.service. Depending on the linger settings, this may allow users to
run processes independent of their login sessions. See the description of
Note that setting KillUserProcesses=yes
will break tools like
(1) and tmux
(1), unless they are moved out of the session
scope. See example in systemd-run
These settings take space-separated lists of
usernames that override the KillUserProcesses= setting. A user name may
be added to KillExcludeUsers= to exclude the processes in the session
scopes of that user from being killed even if KillUserProcesses=yes is
set. If KillExcludeUsers= is not set, the "root" user is
excluded by default. KillExcludeUsers= may be set to an empty value to
override this default. If a user is not excluded, KillOnlyUsers= is
checked next. If this setting is specified, only the session scopes of those
users will be killed. Otherwise, users are subject to the
Configures the action to take when the system
is idle. Takes one of "ignore", "poweroff",
"reboot", "halt", "kexec", "suspend",
"hibernate", "hybrid-sleep", and "lock".
Defaults to "ignore".
Note that this requires that user sessions correctly report the idle status to
the system. The system will execute the action after all sessions report that
they are idle, no idle inhibitor lock is active, and subsequently, the time
configured with IdleActionSec=
(see below) has expired.
Configures the delay after which the action
configured in IdleAction= (see above) is taken after the system is
Specifies the maximum time a system shutdown
or sleep request is delayed due to an inhibitor lock of type "delay"
being active before the inhibitor is ignored and the operation executes
anyway. Defaults to 5.
Controls how logind shall handle the system
power and sleep keys and the lid switch to trigger actions such as system
power-off or suspend. Can be one of "ignore", "poweroff",
"reboot", "halt", "kexec", "suspend",
"hibernate", "hybrid-sleep", and "lock". If
"ignore", logind will never handle these keys. If "lock",
all running sessions will be screen-locked; otherwise, the specified action
will be taken in the respective event. Only input devices with the
"power-switch" udev tag will be watched for key/lid switch events.
defaults to "poweroff".
"hibernate". If the system is inserted in a docking station, or if
more than one display is connected, the action specified by
occurs; otherwise the HandleLidSwitch=
A different application may disable logind's handling of system power and sleep
keys and the lid switch by taking a low-level inhibitor lock
"handle-hibernate-key", "handle-lid-switch"). This is most
commonly used by graphical desktop environments to take over suspend and
hibernation handling, and to use their own configuration mechanisms. If a
low-level inhibitor lock is taken, logind will not take any action when that
key or switch is triggered and the Handle*=
Controls whether actions that
takes when the power and sleep keys and the lid switch
are triggered are subject to high-level inhibitor locks ("shutdown",
"sleep", "idle"). Low level inhibitor locks
"handle-hibernate-key", "handle-lid-switch"), are always
honored, irrespective of this setting.
These settings take boolean arguments. If "no", the inhibitor locks
taken by applications are respected. If "yes", "shutdown",
"sleep", and "idle" inhibitor locks are ignored.
default to "no".
defaults to "yes". This means that
is handling events by itself (no low level
inhibitor locks are taken by another application), the lid switch does not
respect suspend blockers by default, but the power and sleep keys do.
Specifies the timeout after system startup or
system resume in which systemd will hold off on reacting to lid events. This
is required for the system to properly detect any hotplugged devices so
systemd can ignore lid events if external monitors, or docks, are connected.
If set to 0, systemd will always react immediately, possibly before the kernel
fully probed all hotplugged devices. This is safe, as long as you do not care
for systemd to account for devices that have been plugged or unplugged while
the system was off. Defaults to 30s.
Sets the size limit on the
$XDG_RUNTIME_DIR runtime directory for each user who logs in. Takes a
size in bytes, optionally suffixed with the usual K, G, M, and T suffixes, to
the base 1024 (IEC). Alternatively, a numerical percentage suffixed by
"%" may be specified, which sets the size limit relative to the
amount of physical RAM. Defaults to 10%. Note that this size is a safety limit
only. As each runtime directory is a tmpfs file system, it will only consume
as much memory as is needed.
Controls the maximum number of concurrent
inhibitors to permit. Defaults to 8192 (8K).
Controls the maximum number of concurrent user
sessions to manage. Defaults to 8192 (8K). Depending on how the pam_systemd.so
module is included in the PAM stack configuration, further login sessions will
either be refused, or permitted but not tracked by systemd-logind.
Sets the maximum number of OS tasks each user
may run concurrently. This controls the TasksMax= setting of the
per-user slice unit, see systemd.resource-control(5) for details. If
assigned the special value "infinity", no tasks limit is applied.
Defaults to 33%, which equals 10813 with the kernel's defaults on the host,
but might be smaller in OS containers.
Controls whether System V and POSIX IPC
objects belonging to the user shall be removed when the user fully logs out.
Takes a boolean argument. If enabled, the user may not consume IPC resources
after the last of the user's sessions terminated. This covers System V
semaphores, shared memory and message queues, as well as POSIX shared memory
and message queues. Note that IPC objects of the root user and other system
users are excluded from the effect of this setting. Defaults to