Back to systemd




This page has been obsoleted and replaced: https://www.freedesktop.org/software/systemd/man/org.freedesktop.login1.html.




logind

systemd 30 and newer include systemd-logind. This is a tiny daemon that manages user logins and seats in various ways.

See systemd-logind(8).service for more information. Please consult Multi-Seat on Linux for more information on the basic concepts.

The daemon provides both a C library interface as well as a D-Bus interface. The library interface may be used to introspect and watch the state of user logins or seat. The bus interface provides the same but in addition may also be used to make changes to system state. For more information please consult the man pages: sd-login(7)

If you are interested in writing a display manager that makes use of logind, please have look at Writing Display Managers. If you are interested in writing a desktop environment that makes use of logind, please have look at Writing Desktop Environments.

The inhibition logic is documented in Inhibitor Locks.

The Manager Object

The service exposes the following interfaces on the Manager object on the bus:

$ gdbus introspect --system --dest org.freedesktop.login1 --object-path /org/freedesktop/login1
node /org/freedesktop/login1 {
  interface org.freedesktop.login1.Manager {
    methods:
      GetSession(in  s session_id,
                 out o object_path);
      GetSessionByPID(in  u pid,
                      out o object_path);
      GetUser(in  u uid,
              out o object_path);
      GetUserByPID(in  u pid,
                   out o object_path);
      GetSeat(in  s seat_id,
              out o object_path);
      ListSessions(out a(susso) session_list);
      ListUsers(out a(uso) user_list);
      ListSeats(out a(so) seat_list);
      ListInhibitors(out a(ssssuu) inhibitor_list);
      CreateSession(in  u uid,
                    in  u pid,
                    in  s service,
                    in  s type,
                    in  s class,
                    in  s desktop,
                    in  s seat_id,
                    in  u vtnr,
                    in  s tty,
                    in  s display,
                    in  b remote,
                    in  s remote_user,
                    in  s remote_host,
                    in  a(sv) properties,
                    out s session_id,
                    out o object_path,
                    out s runtime_path,
                    out h fifo_fd,
                    out u uid,
                    out s seat_id,
                    out u vtnr,
                    out b existing);
      ReleaseSession(in  s session_id);
      ActivateSession(in  s session_id);
      ActivateSessionOnSeat(in  s session_id,
                            in  s seat_id);
      LockSession(in  s session_id);
      UnlockSession(in  s session_id);
      LockSessions();
      UnlockSessions();
      KillSession(in  s session_id,
                  in  s who,
                  in  i signo);
      KillUser(in  u uid,
               in  i signo);
      TerminateSession(in  s session_id);
      TerminateUser(in  u uid);
      TerminateSeat(in  s seat_id);
      SetUserLinger(in  u uid,
                    in  b linger,
                    in  b interactive);
      AttachDevice(in  s seat_id,
                   in  s sysfs,
                   in  b interactive);
      FlushDevices(in  b interactive);
      PowerOff(in  b interactive);
      Reboot(in  b interactive);
      Suspend(in  b interactive);
      Hibernate(in  b interactive);
      HybridSleep(in  b interactive);
      CanPowerOff(out s result);
      CanReboot(out s result);
      CanSuspend(out s result);
      CanHibernate(out s result);
      CanHybridSleep(out s result);
      ScheduleShutdown(in  s type,
                       in  t usec);
      CancelScheduledShutdown(out b cancelled);
      Inhibit(in  s what,
              in  s who,
              in  s why,
              in  s mode,
              out h pipe_fd);
      CanRebootToFirmwareSetup(out s result);
      SetRebootToFirmwareSetup(in  b enable);
      SetWallMessage(in  s wall_message,
                     in  b enable);
    signals:
      SessionNew(s session_id,
                 o object_path);
      SessionRemoved(s session_id,
                     o object_path);
      UserNew(u uid,
              o object_path);
      UserRemoved(u uid,
                  o object_path);
      SeatNew(s seat_id,
              o object_path);
      SeatRemoved(s seat_id,
                  o object_path);
      PrepareForShutdown(b start);
      PrepareForSleep(b start);
    properties:
      readwrite b EnableWallMessages = false;
      readwrite s WallMessage = '';
      readonly u NAutoVTs = 6;
      readonly as KillOnlyUsers = [];
      readonly as KillExcludeUsers = ['root'];
      readonly b KillUserProcesses = false;
      readonly b RebootToFirmwareSetup = false;
      readonly b IdleHint = false;
      readonly t IdleSinceHint = 0;
      readonly t IdleSinceHintMonotonic = 0;
      readonly s BlockInhibited = 'handle-power-key:handle-suspend-key:handle-hibernate-key';
      readonly s DelayInhibited = 'sleep';
      readonly t InhibitDelayMaxUSec = 5000000;
      readonly s HandlePowerKey = 'poweroff';
      readonly s HandleSuspendKey = 'suspend';
      readonly s HandleHibernateKey = 'hibernate';
      readonly s HandleLidSwitch = 'suspend';    
      readonly s HandleLidSwitchDocked = 'ignore';    
      readonly t HoldoffTimeoutUSec = 30000000;
      readonly s IdleAction = 'ignore';
      readonly t IdleActionUSec = 1800000000;
      readonly b PreparingForShutdown = false;
      readonly b PreparingForSleep = false;
      readonly (st) ScheduledShutdown = ('', 0);
      readonly b Docked = false;
  };
  interface org.freedesktop.DBus.Peer {
  };
  interface org.freedesktop.DBus.Introspectable {
  };
  interface org.freedesktop.DBus.Properties {
  };
};

Security

A number of operations are protected via the PolicyKit privilege system. SetUserLinger() requires the org.freedesktop.login1.set-user-linger privilege. AttachDevice() requires org.freedesktop.login1.attach-device and FlushDevices() org.freedesktop.login1.flush-devices. PowerOff(), Reboot(), Suspend(), Hibernate(), HybridSleep() require org.freedesktop.login1.power-off, org.freedesktop.login1.power-off-multiple-sessions, org.freedesktop.login1.power-off-ignore-inhibit, org.freedesktop.login1.reboot, org.freedesktop.login1.reboot-multiple-sessions, org.freedesktop.login1.reboot-ignore-inhibit, org.freedesktop.login1.suspend, org.freedesktop.login1.suspend-multiple-sessions, org.freedesktop.login1.suspend-ignore-inhibit, org.freedesktop.login1.hibernate, org.freedesktop.login1.hibernate-multiple-sessions resp. org.freedesktop.login1.hibernate-ignore-inhibit, depending whether there are other sessions around or active inhibits. Inhibit() is protected via either one of org.freedesktop.login1.inhibit-block-shutdown, org.freedesktop.login1.inhibit-delay-shutdown, org.freedesktop.login1.inhibit-block-sleep, org.freedesktop.login1.inhibit-delay-sleep, org.freedesktop.login1.inhibit-block-idle, org.freedesktop.login1.inhibit-handle-power-key, org.freedesktop.login1.inhibit-handle-suspend-key, org.freedesktop.login1.inhibit-handle-hibernate-key, org.freedesktop.login1.inhibit-handle-lid-switch depending on the lock type and mode taken.

The user_interaction boolean parameters can be used to control whether PolicyKit should interactively ask the user for authentication credentials if it needs to.

Methods

GetSession() may be used to get the session object path for the session with the specified ID. Similar, GetUser() and GetSeat() get the user resp. seat objects. GetSessionByPID() and GetUserByPID() get the session/user object the specified PID belongs to if there is any.

ListSessions() returns an array with all current sessions. The structures in the array consist of the following fields: session id, user id, user name, seat id, session object path. If a session does not have a seat attached the seat id field will be an empty string.

ListUsers() returns an array with all currently logged in users. The structures in the array consist of the following fields: user id, user name, user object path.

ListSeats() returns an array with all currently available seats. The structure in the array consists of the following fields: seat id, seat object path.

CreateSession() and ReleaseSession() may be used to open or close login sessions. These calls should never be invoked directly by clients. Creating/closing sessions is exclusively the job of PAM and its pam_systemd module.

ActivateSession() brings the session with the specified ID into the foreground. ActivateSessionOnSeat() does the same, but only if the seat id matches.

LockSession() asks the session with the specified ID to activate the screen lock. UnlockSession() asks the session with the specified ID to remove an active screen lock, if there is any. This is implemented by sending out the Lock() and Unlock() signals from the respective session object which session managers are supposed to listen on.

LockSessions() asks all sessions to activate the screen locks. This may be used to lock any access to the machine in one action. Similar, UnlockSessions() asks all sessions to deactivate their screen locks.

KillSession() may be used to send a Unix signal to one or all processes of a session. As arguments it takes the session id, either the string "leader" or "all" and a signal number. If "leader" is passed only the session "leader" is killed. If "all" is passed all processes of the session are killed.

KillUser() may be used to send a Unix signal to all processes of a user. As argument it takes the user id and a signal number.

TerminateSession(), TerminateUser(), TerminateSeat() may be used to forcibly terminate one specific session, all processes of a user, resp. all sessions attached to a specific seat. The session, user, seat is identified by their respective IDs.

SetUserLinger() enables or disables user lingering. If enabled the runtime directory of a user is kept around and he may continue to run processes while he is logged out. If disabled the runtime directory goes away as soon as he logs out. Expects three arguments: the UID, a boolean whether to enable/disable and a boolean controlling the PolicyKit authorization interactivity (see above). Note that the user linger state is persistently stored on disk.

AttachDevice() may be used to assign a specific device to a specific seat. The device is identified by its /sys path, and must be eligible for seat assignments. Takes three arguments: the seat id, the sysfs path, and a boolean for controlling PolicyKit interactivity (see above). Device assignments are persistently stored to disk. To create a new seat, simply specify a previously unused seat id. For more information about the seat assignment logic see Multi-Seat for Linux.

FlushDevices() removes all explicit seat assignments for devices, resetting all assignments to the automatic defaults. The only argument this takes is the PolicyKit interactivity boolean (see above).

PowerOff(), Reboot(), Suspend(), Hibernate(), HybridSleep() results in the system being powered off, rebooted, suspend, hibernated or hibernated+suspended. The only argument is the PolicyKit interactivity boolean (see above). The main purpose of these calls is that they enforce PolicyKit policy and hence allow powering off/rebooting/suspending/hibernating even by unprivileged users. They also enforce inhibition locks. UIs should expose these calls as primary mechanism to poweroff/reboot/suspend/hibernate/hybrid-sleep the machine.

CanPowerOff(), CanReboot(), CanSuspend(), CanHibernate(), CanHybridSleep() tests whether the system supports the respective operation and whether the calling user is eligible for the desired operation. Returns one of "na", "yes", "no" or "challenge". If "na" is returned the operation is not available because hardware, kernel or drivers do not support it. If "yes" is returned the operation is supported and the user may execute the operation without further authentication. If "no" is returned the operation is available but the user is not allowed to execute the operation. If "challenge" is returned the operation is available, but only after authorization.

Inhibit() creates an inhibition lock. It takes four parameters: What, Who, Why and Mode. "What" is one or more of "shutdown", "sleep", "idle", "handle-power-key", "handle-suspend-key", "handle-hibernate-key", "handle-lid-switch", separated by colons, for inhibiting poweroff/reboot, suspend/hibernate, the automatic idle logic, or hardware key handling. "Who" should be a short human readable string identifying the application taking the lock. "Why" should be a short human readable string identifying the reason why the lock is taken. Finally, "Mode" is either "block" or "delay" which encodes whether the inhibit shall be consider mandatory or whether it should just delay the operation to a certain maximum time. The call returns a file descriptor. The lock is released the moment this file descriptor (and all its duplicates) are closed. For more information on the inhibition logic see Inhibitor Locks.

ListInhibitors() lists all currently active inhibitors. Returns an array of structures consisting of what, who, why, mode, user ID and process ID.

Signals

Whenever the inhibition state or idle hint changes daemon PropertyChanged signals are sent out to which clients can subscribe.

The SessionNew(), SessionRemoved(), UserNew(), UserRemoved(), SeatNew(), SeatRemoved() signals are sent each time a session is created or removed, a user logs in or out, or a seat is added or removed. They each contain the ID of the object plus the object path.

The PrepareForShutdown() resp. PrepareForSleep() signals are sent right before (with the argument True) and after (with the argument False) the system goes down for reboot/poweroff, resp. suspend/hibernate. This may be used by applications for saving data on disk, releasing memory or doing other jobs that shall be done shortly before shutdown/sleep, in conjunction with delay inhibitor locks. After completion of this work they should release their inhibition locks in order not to delay the operation any further. For more information see Inhibitor Locks.

Properties

Most properties simply reflect the configuration stored in logind.conf. For more information, see: logind.conf(5)

The IdleHint property reflects the idle hint state of the system. If the system is idle it might get into automatic suspend or shutdown, depending on configuration.

IdleSinceHint and IdleSinceHintMonotonic encode the timestamps of the last change of the idle hint boolean, in CLOCK_REALTIME resp. CLOCK_MONOTONIC timestamps in usec since the epoch.

The BlockInhibited and DelayInhibited properties encode the currently active locks of the respective modes. They are colon separated lists of "shutdown", "sleep", "idle" (see above).

The PreparingForShutdown and PreparingForSleep boolean properties are true between the two PrepareForShutdown resp. PrepareForSleep signals are sent. Note that these properties do not send out PropertyChanged signals.

Seat Objects

$ gdbus introspect --system --dest org.freedesktop.login1 --object-path /org/freedesktop/login1/seat/seat0
node /org/freedesktop/login1/seat/seat0 {
  interface org.freedesktop.login1.Seat {
    methods:
      Terminate();
      ActivateSession(in  s session_id);
      SwitchTo(in  u vtnr);
      SwitchToNext();
      SwitchToPrevious();
    properties:
      readonly s Id = 'seat0';
      readonly (so) ActiveSession = ('', '/');
      readonly b CanMultiSession = true;
      readonly b CanTTY = true;
      readonly b CanGraphical = true;
      readonly a(so) Sessions = [('c1', '/org/freedesktop/login1/session/c1')];
      readonly b IdleHint = true;
      readonly t IdleSinceHint = 1389368976087311;
      readonly t IdleSinceHintMonotonic = 48213948;
  };
  interface org.freedesktop.DBus.Properties {
  };
  interface org.freedesktop.DBus.Peer {
  };
  interface org.freedesktop.DBus.Introspectable {
  };
};

Methods

Terminate() and ActivateSession() work similar to TerminateSeat(), ActivationSessionOnSeat() on the Manager object.

Signals

Whenever ActiveSession, Sessions, CanGraphical, CanMultiSession and CanTTY or the idle state changes PropertyChanged signals are sent out to which clients can subscribe.

Properties

The Id property encodes the ID of the seat.

ActiveSession encodes the currently active session if there is one. It is a structure consisting of session id and object path.

CanMultiSession encodes whether the session is multi-session capable, CanTTY whether it is suitable for text logins, CanGraphical whether it is suitable for graphical sessions.

The Sessions array is an array of all current sessions of this seat, each encoded in a structure consisting of the ID and the object path.

The IdleHint, IdleSinceHint, IdleSinceHint properties encode the idle state, similar to the one exposed on the Manager object, but specific for this seat.

User Objects

$ gdbus introspect --system --dest org.freedesktop.login1 --object-path /org/freedesktop/login1/user/_1000
node /org/freedesktop/login1/user/_1000 {
  interface org.freedesktop.login1.User {
    methods:
      Terminate();
      Kill(in  i signo);
    properties:
      readonly u UID = 1000;
      readonly u GID = 1000;
      readonly s Name = 'test';
      readonly t Timestamp = 1389368964102424;
      readonly t TimestampMonotonic = 36229061;
      readonly s RuntimePath = '/run/user/1000';
      readonly s Service = 'user@1000.service';
      readonly s Slice = 'user-1000.slice';
      readonly (so) Display = ('', '/');
      readonly s State = 'active';
      readonly a(so) Sessions = [('28', '/org/freedesktop/login1/session/_328'), ('3', '/org/freedesktop/login1/session/_33')];
      readonly b IdleHint = false;
      readonly t IdleSinceHint = 0;
      readonly t IdleSinceHintMonotonic = 0;
      readonly b Linger = false;
  };
  interface org.freedesktop.DBus.Properties {
  };
  interface org.freedesktop.DBus.Peer {
  };
  interface org.freedesktop.DBus.Introspectable {
  };
};

Methods

Terminate() and Kill() work similar to the TerminateUser() resp. KillUser() calls on the manager object.

Signals

Whenever Sessions or the idle state changes PropertyChanged signals are sent out to which clients can subscribe.

Properties

The UID and GID properties encode the Unix UID and primary GID of the user.

The Name property encodes the user name.

Timestamp and TimestampMonotonic encode the login time of the user in usec since the epoch, in the CLOCK_REALTIME resp. CLOCK_MONOTONIC clocks.

RuntimePath encodes the runtime path of the user, i.e. $XDG_RUNTIME_DIR, for details see the XDG Basedir Specification.

Service contains the name of the user systemd service unit name of this user. Each logged in user gets a user service unit assigned that runs a user systemd instance. This is usually an instance of user@.service.

Slice contains the name of the user systemd slice unit name of this user. Each logged in user gets a private slice.

Display encodes which graphical session should be used as primary UI display for the use. It is a structure encoding session ID and object path of the session to use.

State encodes the user state, one of "offline", "lingering", "online", "active", "closing". See sd_uid_get_state(3) for more information about the states.

Sessions is an array of structures encoding all current sessions of the user. Each structure consists of ID and object path.

The IdleHint, IdleSinceHint, IdleSinceHintMonotonic properties encode the idle hint state of the user, similar to the Manager's properties, but specific for this user.

Session Objects

$ gdbus introspect --system --dest org.freedesktop.login1 --object-path /org/freedesktop/login1/session/3
node /org/freedesktop/login1/session/3 {
  interface org.freedesktop.login1.Session {
    methods:
      Terminate();
      Activate();
      Lock();
      Unlock();
      SetIdleHint(in  b idle);
      Kill(in  s who,
           in  i signo);
      TakeControl(in  b force);
      ReleaseControl();
      TakeDevice(in  u major,
                 in  u minor,
                 out h fd,
                 out b inactive);
      ReleaseDevice(in  u major,
                    in  u minor);
      PauseDeviceComplete(in  u major,
                          in  u minor);
    signals:
      PauseDevice(u major,
                  u minor,
                  s type);
      ResumeDevice(u major,
                   u minor,
                   h fd);
      Lock();
      Unlock();
    properties:
      readonly s Id = '3';
      readonly (uo) User = (1000, '/org/freedesktop/login1/user/_1000');
      readonly s Name = 'test';
      readonly t Timestamp = 1389370644734067;
      readonly t TimestampMonotonic = 72063381;
      readonly u VTNr = 0;
      readonly (so) Seat = ('', '/');
      readonly s TTY = '';
      readonly s Display = '';
      readonly b Remote = true;
      readonly s RemoteHost = '129.174.150.217';
      readonly s RemoteUser = '';
      readonly s Service = 'sshd';
      readonly s Desktop = '';
      readonly s Scope = 'session-3.scope';
      readonly u Leader = 1854;
      readonly u Audit = 3;
      readonly s Type = 'tty';
      readonly s Class = 'user';
      readonly b Active = true;
      readonly s State = 'active';
      readonly b IdleHint = false;
      readonly t IdleSinceHint = 0;
      readonly t IdleSinceHintMonotonic = 0;
  };
  interface org.freedesktop.DBus.Properties {
  };
  interface org.freedesktop.DBus.Peer {
  };
  interface org.freedesktop.DBus.Introspectable {
  };
};

Methods

Terminate(), Activate(), Lock(), Unlock(), Kill() work similar to the respective calls on the Manager object.

SetIdleHint() shall be called by the session object to update the idle state of the session, whenever it changes.

TakeControl() allows a process to take exclusive managed device access-control for that session. Only one dbus-connection can be a controller for a given session at a time. If the force argument is set (root only), an existing controller is kicked out and replaced. Otherwise, this call fails if there is already a controller. Note that this call is limited to dbus-users with the effective UID set to the User of the Session or root.

ReleaseControl() drops control of a given session again. Closing the dbus-connection implicitly releases control, too. See TakeControl() for more. This also releases all devices for the controller that were requested via TakeDevice().

TakeDevice() allows a session-controller to get a file-descriptor for a specific device. Pass in the major and minor numbers of the character-device and logind will return a file-descriptor for the device. Only a limited set of device-types is currently supported (but may be extended). logind automatically mutes the file-descriptor if the session is inactive and resumes it once the session gets active again. This guarantees that a session can only access session-devices if the session is active. Note that this revoke/resume mechanism is asynchronous and may happen at any given time. This only works on devices that are attached to the seat of the given session. A process is not required to have direct access to the device-node. logind only requires you to be the active session controller (see TakeControl()). Also note that any device can only be requested once. As long as you don't release it, further TakeDevice() calls will fail.

ReleaseDevice() releases a device again (see TakeDevice()). This is also implicitly done by ReleaseControl() or when closing the dbus-connection.

PauseDeviceComplete() allows a session-controller to synchronously pause a device after receiving a PauseDevice("pause") signal. Forced signals (or after an internal timeout) are automatically completed by logind asynchronously.

Signals

The active session-controller exclusively gets PauseDevice and ResumeDevice events for any device it requested via TakeDevice(). They notify the controller whenever a device is paused or resumed. A device is never resumed if a session is inactive. Also note that PauseDevice signals are sent before the PropertyChanged signal for the Active state. The inverse is true for ResumeDevice. A device may remain paused for unknown reasons even though the Session is active. A PauseDevice signal carries the major/minor as arguments and a string describing the type. force means the device got paused by logind already and this is only an asynchronous notification. pause means logind tries to pause the device and grants you limited amount of time to pause it. You must respond to this via PauseDeviceComplete(). This synchronous pausing-mechanism is used for backwards-compatibility to VTs and logind is free to not make use of it. It is also free to send a forced PauseDevice if you don't respond in a timely manner (or for any other reason). gone means the device was unplugged from the system and you will no longer get any notifications about it. There is no reason to call ReleaseDevice(). You may call TakeDevice() again if a new device gets the major+minor combination assigned. ResumeDevice is sent whenever a session is active and a device is resumed. It carries the major/minor as arguments and provides a new open file-descriptor. You should switch to the new descriptor and close the old one. They are not guaranteed to have the same underlying open-file-descriptor in the kernel (except for a limited set of device types).

Whenever Active or the idle state changes PropertyChanged signals are sent out to which clients can subscribe.

Lock (resp. Unlock) is sent when the session is asked to be screen-locked/screen-unlocked. A session manager of the session should listen to this signal and act accordingly. This signal is sent out as a result of the Lock() resp. Unlock() methods.

Properties

Id encodes the session ID.

User encodes the user ID of the user this session belongs to. This is a structure encoding the Unix UID and the object path.

Name encodes the user name.

Timestamp and TimestampMonotonic encode the usec timestamp since the epoch when the session was created, in CLOCK_REALTIME resp. CLOCK_MONOTONIC.

VTNr encodes the virtual terminal number of the session if there is any, 0 otherwise.

Seat encodes the seat this session belongs to, if there is any. This is a structure consisting of the ID and the seat object path.

TTY encodes the kernel TTY path of the session if this is a text login. If not this is an empty string.

Display encodes the X11 display name if this is a graphical login. If not this is an empty string.

Remote encodes whether the session is local or remote.

RemoteHost and RemoteUser encode the remote host and user if this is a remote session, or an empty string otherwise.

Service encodes the PAM service name that registered the session.

Scope contains the systemd scope unit name of this session.

Leader encodes the PID of the process that registered the session.

Audit encodes the Kernel Audit session ID of the session, if auditing is available.

Type encodes the session type. It's one of "unspecified" (for cron PAM sessions and suchlike), "tty" (for text logins) or "x11"/"mir"/"wayland" (for graphical logins).

Class encodes the session class. It's one of "user" (for normal user sessions), "greeter" (for display manager pseudo-sessions), "lock-screen" (for display lock screens).

Active is a boolean that is true if the session is active, i.e. currently in the foreground. This field is semi-redundant due to State.

State encodes the session state and one of "online", "active", "closing". See sd_session_get_state(3) for more information about the states.

IdleHint, IdleSinceHint, IdleSinceHintMonotonic encapsulate the idle hint state of this session, similar to how the respective properties on the manager object do it for the whole system.


These D-Bus interfaces follow the usual interface versioning guidelines.