path: root/Software/systemd/logind.mdwn

[[Back to systemd|http://www.freedesktop.org/wiki/Software/systemd/]]

# logind

systemd 30 and newer include systemd-logind. This is a tiny daemon that manages user logins and seats in various ways.

See [[systemd-logind(8).service|http://www.freedesktop.org/software/systemd/man/systemd-logind.service.html]] for more information. Please consult [[Multi-Seat on Linux|http://www.freedesktop.org/wiki/Software/systemd/multiseat]] for more information on the basic concepts.

The daemon provides both a C library interface as well as a D-Bus interface. The library interface may be used to introspect and watch the state of user logins or seat. The bus interface provides the same but in addition may also be used to make changes to system state. For more information please consult the man pages: [[sd-login(7)|http://www.freedesktop.org/software/systemd/man/sd-login.html]]

If you are interested in writing a display manager that makes use of logind, please have look at [[Writing Display Managers|http://www.freedesktop.org/wiki/Software/systemd/writing-display-managers]].  If you are interested in writing a desktop environment that makes use of logind, please have look at [[Writing Desktop Environments|http://www.freedesktop.org/wiki/Software/systemd/writing-desktop-environments]].

The inhibition logic is documented in [[Inhibitor Locks|http://www.freedesktop.org/wiki/Software/systemd/inhibit]].

## The Manager Object

The service exposes the following interfaces on the Manager object on the bus:

    $ gdbus introspect --system --dest org.freedesktop.login1 --object-path /org/freedesktop/login1
    node /org/freedesktop/login1 {
      interface org.freedesktop.login1.Manager {
        methods:
          GetSession(in  s id,
                     out o session);
          GetSessionByPID(in  u pid,
                          out o session);
          GetUser(in  u uid,
                  out o user);
          GetUserByPID(in  u pid,
                   out o user);
          GetSeat(in  s id,
                  out o seat);
          ListSessions(out a(susso) sessions);
          ListUsers(out a(uso) users);
          ListSeats(out a(so) seats);
          CreateSession(...);
          ReleaseSession(...);
          ActivateSession(in  s id);
          ActivateSessionOnSeat(in  s id,
                                in  s seat);
          LockSession(in  s id);
          UnlockSession(in  s id);
          LockSessions();
          UnlockSessions();
          KillSession(in  s id,
                      in  s who,
                      in  s signal);
          KillUser(in  u uid,
                   in  s signal);
          TerminateSession(in  s id);
          TerminateUser(in  u uid);
          TerminateSeat(in  s id);
          SetUserLinger(in  u uid,
                        in  b b,
                        in  b interactive);
          AttachDevice(in  s seat,
                       in  s sysfs,
                       in  b interactive);
          FlushDevices(in  b interactive);
          PowerOff(in  b interactive);
          Reboot(in  b interactive);
          Suspend(in  b interactive);
          Hibernate(in  b interactive);
          HybridSleep(in  b interactive);
          CanPowerOff(out s result);
          CanReboot(out s result);
          CanSuspend(out s result);
          CanHibernate(out s result);
          CanHybridSleep(out s result);
          Inhibit(in  s what,
                  in  s who,
                  in  s why,
                  in  s mode,
                  out h fd);
          ListInhibitors(out a(ssssuu) inhibitors);
        signals:
          SessionNew(s id,
                     o path);
          SessionRemoved(s id,
                         o path);
          UserNew(u uid,
                  o path);
          UserRemoved(u uid,
                      o path);
          SeatNew(s id,
                  o path);
          SeatRemoved(s id,
                      o path);
          PrepareForShutdown(b active);
          PrepareForSleep(b active);
        properties:
          readonly u NAutoVTs = 6;
          readonly as KillOnlyUsers = [];
          readonly as KillExcludeUsers = ['root'];
          readonly b KillUserProcesses = false;
          readonly b IdleHint = false;
          readonly t IdleSinceHint = 1340873864854884;
          readonly t IdleSinceHintMonotonic = 14409495315;
          readonly s BlockInhibited = '';
          readonly s DelayInhibited = '';
          readonly t InhibitDelayMaxUSec = 5000000;
          readonly s HandlePowerKey = 'poweroff';
          readonly s HandleSuspendKey = 'suspend';
          readonly s HandleHibernateKey = 'hibernate';
          readonly s HandleLidSwitch = 'suspend';      
          readonly s IdleAction = 'ignore';
          readonly t IdleActionUSec = 1800000000;
          readonly b PreparingForShutdown = false;
          readonly b PreparingForSleep = false;
      };
      interface org.freedesktop.DBus.Properties {
      };
      interface org.freedesktop.DBus.Peer {
      };
      interface org.freedesktop.DBus.Introspectable {
      };
    };

### Security

A number of operations are protected via the PolicyKit privilege system. SetUserLinger() requires the _org.freedesktop.login1.set-user-linger_ privilege. AttachDevice() requires _org.freedesktop.login1.attach-device_ and FlushDevices() _org.freedesktop.login1.flush-devices_. PowerOff(), Reboot(), Suspend(), Hibernate(), HybridSleep() require _org.freedesktop.login1.power-off_, _org.freedesktop.login1.power-off-multiple-sessions_, _org.freedesktop.login1.power-off-ignore-inhibit_, _org.freedesktop.login1.reboot_, _org.freedesktop.login1.reboot-multiple-sessions_, _org.freedesktop.login1.reboot-ignore-inhibit_, _org.freedesktop.login1.suspend_, _org.freedesktop.login1.suspend-multiple-sessions_, _org.freedesktop.login1.suspend-ignore-inhibit_, _org.freedesktop.login1.hibernate_, _org.freedesktop.login1.hibernate-multiple-sessions_ resp. _org.freedesktop.login1.hibernate-ignore-inhibit_, depending whether there are other sessions around or active inhibits. Inhibit() is protected via either one of _org.freedesktop.login1.inhibit-block-shutdown_, _org.freedesktop.login1.inhibit-delay-shutdown_,  _org.freedesktop.login1.inhibit-block-sleep_, _org.freedesktop.login1.inhibit-delay-sleep_, _org.freedesktop.login1.inhibit-block-idle_, _org.freedesktop.login1.inhibit-handle-power-key_, _org.freedesktop.login1.inhibit-handle-suspend-key_, _org.freedesktop.login1.inhibit-handle-hibernate-key_, _org.freedesktop.login1.inhibit-handle-lid-switch_ depending on the lock type and mode taken.

The user_interaction boolean parameters can be used to control whether PolicyKit should interactively ask the user for authentication credentials if it needs to.

### Methods

**GetSession()** may be used to get the session object path for the session with the specified ID. Similar, **GetUser()** and **GetSeat()** get the user resp. seat objects. **GetSessionByPID()** and **GetUserByPID()** get the session/user object of the specified PID belongs to if there is any.

**ListSessions()** returns an array with all current sessions. The structures in the array consist of the following fields: session id, user id, user name, seat id, session object path. If a session does not have a seat attached the seat id field will be an empty string.

**ListUsers()** returns an array with all currently logged in users. The structures in the array consist of the following fields: user id, user name, user object path.

**ListSeats()** returns an array with all currently available seats. The structure in the array consists of the following fields: seat id, seat object path.

**CreateSession()** and **ReleaseSession()** may be used to open or close login sessions. These calls should _never_ be invoked directly by clients. Creating/closing sessions is exclusively the job of PAM and its pam_systemd module.

**ActivateSession()** brings the session with the specified ID into the foreground. **ActivateSessionOnSeat()** does the same, but only if the seat id matches.

**LockSession()** asks the session with the specified ID to activate the screen lock. **UnlockSession()** asks the session with the specified ID to remove an active screen lock, if there is any. This is implemented by sending out the Lock() and Unlock() signals from the respective session object which session managers are supposed to listen on.

**LockSessions()** asks all sessions to activate the screen locks. This may be used to lock any access to the machine in one action. Similar, **UnlockSessions()** asks all sessions to deactivate their screen locks.

**KillSession()** may be used to send a Unix signal to one or all processes of a session. As arguments it takes the session id, either the string "leader" or "all" and a signal number. If "leader" is passed only the session "leader" is killed. If "all" is passed all processes of the session are killed.

**KillUser()** may be used to send a Unix signal to all processes of a user. As argument it takes the user id and a signal number.

**TerminateSession()**, **TerminateUser()**, **TerminateSeat()** may be used to forcibly terminate one specific session, all processes of a user, resp. all sessions attached to a specific seat. The session, user, seat is identified by their respective IDs.

**SetUserLinger()** enables or disables user lingering. If enabled the runtime directory of a user is kept around and he may continue to run processes while he is logged out. If disabled the runtime directory goes away as soon as he logs out. Expects three arguments: the UID, a boolean whether to enable/disable and a boolean controlling the PolicyKit authorization interactivity (see above). Note that the user linger state is persistently stored on disk.

**AttachDevice()** may be used to assign a specific device to a specific seat. The device is identified by its /sys path, and must be eligible for seat assignments. Takes three arguments: the seat id, the sysfs path, and a boolean for controlling PolicyKit interactivity (see above). Device assignments are persistently stored to disk. To create a new seat, simply specify a previously unused seat id. For more information about the seat assignment logic see [[Multi-Seat for Linux|http://www.freedesktop.org/wiki/Software/systemd/multiseat]].

**FlushDevices()** removes all explicit seat assignments for devices, resetting all assignments to the automatic defaults. The only argument this takes is the PolicyKit interactivity boolean (see above).

**PowerOff()**, **Reboot()**, **Suspend()**, **Hibernate()**, **HybridSleep()** results in the system being powered off, rebooted, suspend, hibernated or hibernated+suspended. The only argument is the PolicyKit interactivity boolean (see above). The main purpose of these calls is that they enforce [[PolicyKit|PolicyKit]] policy and hence allow powering off/rebooting/suspending/hibernating even by unprivileged users. They also enforce inhibition locks. UIs should expose these calls as primary mechanism to poweroff/reboot/suspend/hibernate/hybrid-sleep the machine.

**CanPowerOff()**, **CanReboot()**, **CanSuspend()**, **CanHibernate()**, **CanHybridSleep()** tests whether the system supports the respective operation and whether the calling user is eligible for the desired operation. Returns one of "na", "yes", "no" or "challenge". If "na" is returned the operation is not available because hardware, kernel or drivers do not support it. If "yes" is returned the operation is supported and the user may execute the operation without further authentication. If "no" is returned the operation is available but the user is not allowed to execute the operation. If "challenge" is returned the operation is available, but only after authorization.

**Inhibit()** creates an inhibition lock. It takes four parameters: What, Who, Why and Mode. "What" is one or more of "shutdown", "sleep", "idle", "handle-power-key", "handle-suspend-key", "handle-hibernate-key", "handle-lid-switch", separated by colons, for inhibiting poweroff/reboot, suspend/hibernate, the automatic idle logic, or hardware key handling. "Who" should be a short human readable string identifying the application taking the lock. "Why" should be a short human readable string identifying the reason why the lock is taken. Finally, "Mode" is either "block" or "delay" which encodes whether the inhibit shall be consider mandatory or whether it should just delay the operation to a certain maximum time. The call returns a file descriptor. The lock is released the moment this file descriptor (and all its duplicates) are closed. For more information on the inhibition logic see [[Inhibitor Locks|http://www.freedesktop.org/wiki/Software/systemd/inhibit]].

**ListInhibitors()** lists all currently active inhibitors. Returns an array of structures consisting of what, who, why, mode, user ID and process ID.

### Signals

Whenever the inhibition state or idle hint changes daemon **PropertyChanged** signals are sent out to which clients can subscribe.

The **SessionNew()**, **SessionRemoved()**, **UserNew()**, **UserRemoved()**, **SeatNew()**, **SeatRemoved()** signals are sent each time a session is created or removed, a user logs in or out, or a seat is added or removed. They each contain the ID of the object plus the object path.

The **PrepareForShutdown()** resp. **PrepareForSleep()** signals are sent right before (with the argument True) and after (with the argument False) the system goes down for reboot/poweroff, resp. suspend/hibernate. This may be used by applications for saving data on disk, releasing memory or doing other jobs that shall be done shortly before shutdown/sleep, in conjunction with delay inhibitor locks. After completion of this work they should release their inhibition locks in order not to delay the operation any further. For more information see [[Inhibitor Locks|http://www.freedesktop.org/wiki/Software/systemd/inhibit]].

### Properties

Most properties simply reflect the configuration stored in logind.conf. For more information, see: [[logind.conf(5)|http://www.freedesktop.org/software/systemd/man/logind.conf.html]]

The **IdleHint** property reflects the idle hint state of the system. If the system is idle it might get into automatic suspend or shutdown, depending on configuration.

**IdleSinceHint** and **IdleSinceHintMonotonic** encode the timestamps of the last change of the idle hint boolean, in CLOCK_REALTIME resp. CLOCK_MONOTONIC timestamps in usec since the epoch.

The **BlockInhibited** and **DelayInhibited** properties encode the currently active locks of the respective modes. They are colon separated lists of "shutdown", "sleep", "idle" (see above).

The **PreparingForShutdown** and **PreparingForSleep** boolean properties are true between the two PrepareForShutdown resp. PrepareForSleep signals are sent. Note that these properties do not send out PropertyChanged signals.

## Seat Objects

    $ gdbus introspect --system --dest org.freedesktop.login1 --object-path /org/freedesktop/login1/seat/seat0
    node /org/freedesktop/login1/seat/seat0 {
      interface org.freedesktop.login1.Seat {
        methods:
          Terminate();
          ActivateSession(in  s id);
        signals:
        properties:
          readonly s Id = 'seat0';
          readonly so ActiveSession = ('2', '/org/freedesktop/login1/session/2');
          readonly b CanMultiSession = true;
          readonly b CanTTY = true;
          readonly b CanGraphical = true;
          readonly a(so) Sessions = [('2', '/org/freedesktop/login1/session/2')];
          readonly b IdleHint = false;
          readonly t IdleSinceHint = 1340873864854884;
          readonly t IdleSinceHintMonotonic = 14409495315;
      };
      interface org.freedesktop.DBus.Properties {
      };
      interface org.freedesktop.DBus.Peer {
      };
      interface org.freedesktop.DBus.Introspectable {
      };
    };

### Methods

**Terminate()** and **ActivateSession()** work similar to TerminateSeat(), ActivationSessionOnSeat() on the Manager object.

### Signals

Whenever **ActiveSession**, **Sessions**, **CanGraphical**, **CanMultiSession** and **CanTTY** or the idle state changes **PropertyChanged** signals are sent out to which clients can subscribe.

### Properties

The **Id** property encodes the ID of the seat.

**ActiveSession** encodes the currently active session if there is one. It is a structure consisting of session id and object path.

**CanMultiSession** encodes whether the session is multi-session capable, CanTTY whether it is suitable for text logins, CanGraphical whether it is suitable for graphical sessions.

The **Sessions** array is an array of all current sessions of this seat, each encoded in a structure consisting of the ID and the object path.

The **IdleHint**, **IdleSinceHint**, **IdleSinceHint** properties encode the idle state, similar to the one exposed on the Manager object, but specific for this seat.

## User Objects

    $ gdbus introspect --system --dest org.freedesktop.login1 --object-path /org/freedesktop/login1/user/500
    node /org/freedesktop/login1/user/500 {
      interface org.freedesktop.login1.User {
        methods:
          Terminate();
          Kill(in  s signal);
        signals:
        properties:
          readonly u UID = 500;
          readonly u GID = 500;
          readonly s Name = 'lennart';
          readonly t Timestamp = 1340822974613785;
          readonly t TimestampMonotonic = 22320963;
          readonly s RuntimePath = '/run/user/500';
          readonly s Service = 'user@500.service';
          readonly s Slice = 'user-500.slice';
          readonly (so) Display = ('2', '/org/freedesktop/login1/session/2');
          readonly s State = 'active';
          readonly a(so) Sessions = [('2', '/org/freedesktop/login1/session/2')];
          readonly b IdleHint = false;
          readonly t IdleSinceHint = 1340873864854884;
          readonly t IdleSinceHintMonotonic = 14409495315;
      };
      interface org.freedesktop.DBus.Properties {
      };
      interface org.freedesktop.DBus.Peer {
      };
      interface org.freedesktop.DBus.Introspectable {
      };
    };

### Methods

**Terminate()** and **Kill()** work similar to the TerminateUser() resp. KillUser() calls on the manager object.

### Signals

Whenever **Sessions** or the idle state changes **PropertyChanged** signals are sent out to which clients can subscribe.

### Properties

The **UID** and **GID** properties encode the Unix UID and primary GID of the user.

The **Name** property encodes the user name.

**Timestamp** and **TimestampMonotonic** encode the login time of the user in usec since the epoch, in the CLOCK_REALTIME resp. CLOCK_MONOTONIC clocks.

**RuntimePath** encodes the runtime path of the user, i.e. $XDG_RUNTIME_DIR, for details see the [[XDG Basedir Specification|http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html]].

**Service** contains the name of the user systemd service unit name of this user. Each logged in user gets a user service unit assigned that runs a user systemd instance. This is usually an instance of user@.service.

**Slice** contains the name of the user systemd slice unit name of this user. Each logged in user gets a private slice.

**Display** encodes which graphical session should be used as primary UI display for the use. It is a structure encoding session ID and object path of the session to use.

**State** encodes the user state, one of "offline", "lingering", "online", "active", "closing". See [[sd_uid_get_state(3)|http://www.freedesktop.org/software/systemd/man/sd_uid_get_state.html]] for more information about the states.

**Sessions** is an array of structures encoding all current sessions of the user. Each structure consists of ID and object path.

The **IdleHint**, **IdleSinceHint**, **IdleSinceHintMonotonic** properties encode the idle hint state of the user, similar to the Manager's properties, but specific for this user.

## Session Objects

    $ gdbus introspect --system --dest org.freedesktop.login1 --object-path /org/freedesktop/login1/session/2
    node /org/freedesktop/login1/session/2 {
      interface org.freedesktop.login1.Session {
        methods:
          Terminate();
          Activate();
          Lock();
          Unlock();
          SetIdleHint(in  b b);
          Kill(in  s who,
               in  s signal);
        signals:
          Lock();
          Unlock();
        properties:
          readonly s Id = '2';
          readonly (uo) User = (500, '/org/freedesktop/login1/user/500');
          readonly s Name = 'lennart';
          readonly t Timestamp = 1340822974628160;
          readonly t TimestampMonotonic = 22335339;
          readonly u VTNr = 2;
          readonly (so) Seat = ('seat0', '/org/freedesktop/login1/seat/seat0');
          readonly s TTY = '';
          readonly s Display = ':0';
          readonly b Remote = false;
          readonly s RemoteHost = '';
          readonly s RemoteUser = '';
          readonly s Service = 'gdm-password';  
          readonly s Scope = 'session-2.scope';
          readonly u Leader = 905;
          readonly u Audit = 2;
          readonly s Type = 'x11';
          readonly s Class = 'user';
          readonly b Active = true;
          readonly s State = 'active';
          readonly b IdleHint = false;
          readonly t IdleSinceHint = 1340873864854884;
          readonly t IdleSinceHintMonotonic = 14409495315;
      };
      interface org.freedesktop.DBus.Properties {
      };
      interface org.freedesktop.DBus.Peer {
      };
      interface org.freedesktop.DBus.Introspectable {
      };
    };


### Methods

**Terminate()**, **Activate()**, **Lock()**, **Unlock()**, **Kill()** work similar to the respective calls on the Manager object.

**SetIdleHint()** shall be called by the session object to update the idle state of the session, whenever it changes.


### Signals

Whenever **Active** or the idle state changes **PropertyChanged** signals are sent out to which clients can subscribe.

**Lock** (resp. **Unlock**) is sent when the session is asked to be screen-locked/screen-unlocked. A session manager of the session should listen to this signal and act accordingly. This signal is sent out as a result of the **Lock()** resp. **Unlock()** methods.


### Properties

**Id** encodes the session ID.

**User** encodes the user ID of the user this session belongs to. This is a structure encoding the Unix UID and the object path.

**Name** encodes the user name.

**Timestamp** and **TimestampMonotonic** encode the usec timestamp since the epoch when the session was created, in CLOCK_REALTIME resp. CLOCK_MONOTONIC.

**DefaultControlGroup** encodes the default control group of the session, in systemd's own cgroup hierarchy.

**VTNr** encodes the virtual terminal number of the session if there is any, 0 otherwise.

**Seat** encodes the seat this session belongs to, if there is any. This is a structure consisting of the ID and the seat object path.

**TTY** encodes the kernel TTY path of the session if this is a text login. If not this is an empty string.

**Display** encodes the X11 display name if this is a graphical login. If not this is an empty string.

**Remote** encodes whether the session is local or remote.

**RemoteHost** and **RemoteUser** encode the remote host and user if this is a remote session, or an empty string otherwise.

**Service** encodes the PAM service name that registered the session.

**Leader** encodes the PID of the process that registered the session.

**Audit** encodes the Kernel Audit session ID of the session, if auditing is available.

**Type** encodes the session type. It's one of "unspecified" (for cron PAM sessions and suchlike), "tty" (for text logins) or "x11" (for graphical logins).

**Class** encodes the session class. It's one of "user" (for normal user sessions), "greeter" (for display manager pseudo-sessions), "lock-screen" (for display lock screens).

**Active** is a boolean that is true if the session is active, i.e. currently in the foreground. This field is semi-redundant due to State.

**State** encodes the session state and one of "online", "active", "closing". See [[sd_session_get_state(3)|http://www.freedesktop.org/software/systemd/man/sd_session_is_active.html]] for more information about the states.

**Controllers** and **ResetControllers** encode the cgroup controllers this session has been explicitly added to/remove from, using pam_systemd's command line.

**KillProcesses** encodes whether the processes of this session shall be killed if the session ends. It's also controllable on pam_systemd's command line.

**IdleHint**, **IdleSinceHint**, **IdleSinceHintMonotonic** encapsulate the idle hint state of this session, similar to how the respective properties on the manager object do it for the whole system.



---



These D-Bus interfaces follow [[the usual interface versioning guidelines|http://0pointer.de/blog/projects/versioning-dbus.html]].