logind.conf, logind.conf.d — Login manager configuration files
The default configuration is defined during compilation, so a
configuration file is only needed when it is necessary to deviate
from those defaults. By default, the configuration file in
/etc/systemd/ contains commented out entries
showing the defaults as a guide to the administrator. This file
can be edited to create local overrides.
When packages need to customize the configuration, they can
install configuration snippets in
/usr/lib/systemd/*.conf.d/. Files in
/etc/ are reserved for the local
administrator, who may use this logic to override the
configuration files installed by vendor packages. The main
configuration file is read before any of the configuration
directories, and has the lowest precedence; entries in a file in
any configuration directory override entries in the single
configuration file. Files in the
configuration subdirectories are sorted by their filename in lexicographic
order, regardless of which of the subdirectories they reside in. When
multiple files specify the same option, for options which accept just a
single value, the entry in the file with the lexicographically latest name
takes precedence. For options which accept a list of values, entries are
collected as they occur in files sorted lexicographically. It is recommended
to prefix all filenames in those subdirectories with a two-digit number and
a dash, to simplify the ordering of the files.
To disable a configuration file supplied by the vendor, the
recommended way is to place a symlink to
/dev/null in the configuration directory in
/etc/, with the same filename as the vendor
All options are configured in the
Takes a positive integer. Configures how many
virtual terminals (VTs) to allocate by default that, when
switched to and are previously unused,
autovt" services are automatically spawned
on. These services are instantiated from the template unit
autovt@.service for the respective VT TTY
name, for example,
autovt@.service is linked to
getty@.service. In other words, login
prompts are started dynamically as the user switches to unused
virtual terminals. Hence, this parameter controls how many
gettys" are available on the VTs. If a
VT is already used by some other subsystem (for example, a
graphical login), this kind of activation will not be
attempted. Note that the VT configured in
ReserveVT= is always subject to this kind
of activation, even if it is not one of the VTs configured
NAutoVTs= directive. Defaults to
6. When set to 0, automatic spawning of
autovt" services is
Takes a positive integer. Identifies one
virtual terminal that shall unconditionally be reserved for
autovt@.service activation (see above).
The VT selected with this option will be marked busy
unconditionally, so that no other subsystem will allocate it.
This functionality is useful to ensure that, regardless of how
many VTs are allocated by other subsystems, one login
getty" is always available. Defaults to 6
(in other words, there will always be a
getty" available on Alt-F6.). When set to 0,
VT reservation is disabled.
Takes a boolean argument. Configures whether the processes of a
user should be killed when the user logs out. If true, the scope unit
corresponding to the session and all processes inside that scope will be
terminated. If false, the scope is "abandoned", see
and processes are not killed. Defaults to "
but see the options
In addition to session processes, user process may run under the user
user@.service. Depending on the linger
settings, this may allow users to run processes independent of their login
sessions. See the description of enable-linger in
These settings take space-separated lists of usernames that override
KillUserProcesses= setting. A user name may be added to
KillExcludeUsers= to exclude the processes in the session scopes of
that user from being killed even if
KillUserProcesses=yes is set. If
KillExcludeUsers= is not set, the "
root" user is
excluded by default.
KillExcludeUsers= may be set to an empty value
to override this default. If a user is not excluded,
is checked next. If this setting is specified, only the session scopes of those users
will be killed. Otherwise, users are subject to the
Configures the action to take when the system
is idle. Takes one of
Defaults to "
Note that this requires that user sessions correctly
report the idle status to the system. The system will execute
the action after all sessions report that they are idle, no
idle inhibitor lock is active, and subsequently, the time
IdleActionSec= (see below)
Configures the delay after which the action
IdleAction= (see above) is
taken after the system is idle.
Specifies the maximum time a system shutdown
or sleep request is delayed due to an inhibitor lock of type
delay" being active before the inhibitor is
ignored and the operation executes anyway. Defaults to
Controls how logind shall handle the
system power and sleep keys and the lid switch to trigger
actions such as system power-off or suspend. Can be one of
ignore", logind will never handle these
keys. If "
lock", all running sessions will be
screen-locked; otherwise, the specified action will be taken
in the respective event. Only input devices with the
power-switch" udev tag will be watched for
key/lid switch events.
defaults to "
HandleLidSwitch= default to
HandleLidSwitchExternalPower= is completely
ignored by default (for backwards compatibility) — an explicit
value must be set before it will be used to determine
HandleHibernateKey= defaults to
hibernate". If the system is inserted in a
docking station, or if more than one display is connected, the
action specified by
occurs; if the system is on external power the action (if any)
occurs; otherwise the
A different application may disable logind's handling of system power and
sleep keys and the lid switch by taking a low-level inhibitor lock
This is most commonly used by graphical desktop environments
to take over suspend and hibernation handling, and to use their own configuration
mechanisms. If a low-level inhibitor lock is taken, logind will not take any
action when that key or switch is triggered and the
settings are irrelevant.
Controls whether actions that systemd-logind
takes when the power and sleep keys and the lid switch are triggered are subject
to high-level inhibitor locks ("shutdown", "sleep", "idle"). Low level inhibitor
are always honored, irrespective of this setting.
These settings take boolean arguments. If "
inhibitor locks taken by applications are respected. If "
"shutdown", "sleep", and "idle" inhibitor locks are ignored.
HibernateKeyIgnoreInhibited= default to "
LidSwitchIgnoreInhibited= defaults to "
This means that when systemd-logind is handling events by
itself (no low level inhibitor locks are taken by another application), the lid
switch does not respect suspend blockers by default, but the power and sleep keys
Specifies the timeout after system startup or system resume in which systemd will hold off on reacting to lid events. This is required for the system to properly detect any hotplugged devices so systemd can ignore lid events if external monitors, or docks, are connected. If set to 0, systemd will always react immediately, possibly before the kernel fully probed all hotplugged devices. This is safe, as long as you do not care for systemd to account for devices that have been plugged or unplugged while the system was off. Defaults to 30s.
Sets the size limit on the
$XDG_RUNTIME_DIR runtime directory for each
user who logs in. Takes a size in bytes, optionally suffixed
with the usual K, G, M, and T suffixes, to the base 1024
(IEC). Alternatively, a numerical percentage suffixed by
%" may be specified, which sets the size
limit relative to the amount of physical RAM. Defaults to 10%.
Note that this size is a safety limit only. As each runtime
directory is a tmpfs file system, it will only consume as much
memory as is needed.
Controls the maximum number of concurrent inhibitors to permit. Defaults to 8192 (8K).
Controls the maximum number of concurrent user sessions to manage. Defaults to 8192
(8K). Depending on how the
pam_systemd.so module is included in the PAM stack
configuration, further login sessions will either be refused, or permitted but not tracked by
Controls whether System V and POSIX IPC objects belonging to the user shall be removed when the
user fully logs out. Takes a boolean argument. If enabled, the user may not consume IPC resources after the
last of the user's sessions terminated. This covers System V semaphores, shared memory and message queues, as
well as POSIX shared memory and message queues. Note that IPC objects of the root user and other system users
are excluded from the effect of this setting. Defaults to "