systemd-logind
Generated by GPT-5-miniExpansion Funnel Raw 59 → Dedup 0 → NER 0 → Enqueued 0
| systemd-logind | |
|---|---|
| Name | systemd-logind |
| Developer | Lennart Poettering, freedesktop.org, Red Hat |
| Released | 2010s |
| Programming language | C (programming language) |
| Operating system | Linux kernel |
| License | GNU Lesser General Public License |
| Website | systemd |
systemd-logind systemd-logind is a session and seat manager component of the broader systemd project developed by contributors including Lennart Poettering and maintained by organizations such as Red Hat and communities around freedesktop.org and various Linux distributions. It mediates user logins, seats, and device access across environments like GNOME, KDE, and X.Org while integrating with kernel features from the Linux kernel and power management subsystems such as ACPI. The component interacts with authentication frameworks and system services including PAM, D-Bus, and udev to coordinate sessions for desktop, embedded, and server scenarios.
Overview
systemd-logind operates as a system-level service inside the systemd init system used by many Linux distribution projects including Debian, Ubuntu, Fedora, Arch Linux, and openSUSE. It provides multi-seat management and session tracking that previously relied on projects like ConsoleKit and interoperates with display servers such as X.Org and Wayland compositors like Weston and Mutter. Administrators commonly interact with it via service managers such as systemctl while desktop software calls into it using D-Bus APIs. The service relies on kernel interfaces like cgroup v1/v2 and udev rules to enforce resource and device policies.
Architecture and Components
The architecture centers on a daemon process that exposes a D-Bus API consumed by components including display managers like GDM and SDDM, desktop environments like GNOME Shell and KDE Plasma, and session tools such as loginctl. Core components include the daemon binary, a session registry, seat abstraction, and integration modules for PAM and udev. It leverages kernel features such as inotify and cgroup to monitor processes and resource usage, and interacts with power management services like UPower and logind clients via D-Bus activation provided by systemd sockets. Storage of transient state can be coordinated with initramfs setups used by distributions like Gentoo and NixOS.
Functionality and Features
systemd-logind implements session creation and teardown, multi-seat assignment, and device ACLs for input and graphics hardware to enable secure access by session owners. It supports session enumerations and user switching used by display managers such as LightDM and desktop shells like Cinnamon, and exposes seat capabilities for hardware hotplugging handled by udev. Power-related features include handling of suspend, hibernate, and lid events interoperating with ACPI and power daemons like UPower and pm-utils in legacy setups. It also enforces resource limits using cgroup controllers and provides session auditing capabilities useful to security frameworks such as SELinux and AppArmor.
Configuration and Administration
Configuration is primarily performed through drop-in files and unit files managed by systemctl and text files under /etc paths used by distributions like Ubuntu and Fedora. Administrators use commands like loginctl and APIs exposed on D-Bus to list sessions, seats, and users, and to terminate or switch sessions in environments managed by LightDM or GDM. PAM integration is configured via files in /etc/pam.d used by authentication stacks such as PAM modules provided by libpam0g or pam-devel. Distribution-specific policies from projects like Red Hat Enterprise Linux and SUSE Linux Enterprise may ship defaults that adjust device ACLs and session behavior.
Integration and Compatibility
systemd-logind integrates with display servers (X.Org, Wayland), display managers (GDM, SDDM), and desktop environments (GNOME, KDE Plasma, XFCE) by exposing session and seat information over D-Bus. It relies on kernel features provided by Linux kernel releases and collaborates with package maintainers in distributions such as Debian, Fedora, Arch Linux, and openSUSE for compatibility. Compatibility shims and migration paths exist for older projects like ConsoleKit and tools such as ConsoleKit2 and traditional init systems like SysVinit through adapter layers. Integration with virtualization platforms like KVM and container runtimes such as systemd-nspawn and Docker is achieved by coordinating cgroup namespaces and device nodes.
Security and Privacy Considerations
Security posture depends on correct interaction with mandatory access control systems like SELinux and AppArmor, and on kernel isolation features including cgroup and namespaces. Device access ACLs are enforced to prevent unauthorized use of input and graphics devices, reducing attack surface for exploits targeting display stacks used by X.Org or Wayland compositors. Privacy concerns arise from session enumeration and auditing features; distributions and projects such as GNOME and KDE may opt to limit information exposed over D-Bus to protect user anonymity. Vulnerability response historically involves coordinated disclosure across maintainers at Red Hat, Debian Security Team, and upstream systemd developers.
History and Development
Development began as part of the broader systemd initiative in the early 2010s led by Lennart Poettering and contributors from organizations like Red Hat and communities affiliated with freedesktop.org. It replaced or supplemented earlier session managers such as ConsoleKit in many distributions including Fedora and Ubuntu. The project evolved through upstream repositories, code reviews, and distribution integration efforts involving teams from Debian, Arch Linux, SUSE, and Gentoo, and underwent debates within open source communities about design and scope that mirrored discussions around systemd adoption more broadly. Continuous improvements track kernel feature additions and desktop ecosystem changes driven by projects like Wayland, Mutter, and KWin.