Preventing sleep and suspension on a Debian server

Hello,

A server must be available 24 hours a day and obviously should not go to sleep, especially if we don’t have the tools to “wake it up.”

By default, or following the installation of certain packages, a Debian distribution may retain power-saving settings. The result: our machine “falls asleep” after a period of inactivity, and we can no longer access it remotely. ¹

This is particularly true for systems installed in a Desktop version (i.e., with a desktop manager like GNOME or others).

It’s a bit stupid for a server, isn’t it?

Here is how to prevent sleep at the system level.

We will only use the command line. ²

Standard GUI configuration is not enough (and can be misleading)

#

On Debian, power management is multi-layered.

Disabling sleep in a GUI or via a simple script isn’t always enough, as several services can trigger a suspend event:

• systemd targets, which orchestrate the transition to sleep states.
• systemd-logind, which reacts to hardware events (power button, reset button, inactivity…).

For a production machine, we can mask the sleep tools to make them inaccessible even to the system itself.

Masking sleep services

#

Rather than simply disabling the services associated with sleep, we mask them to prevent any access.

We use the mask command (instead of disable). It creates a symbolic link to /dev/null, making it impossible to activate the service, even if another process requests it.

To do this, we run: ³

1

systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target suspend-then-hibernate.target systemd-suspend.service systemd-hibernate.service systemd-hybrid-sleep.service systemd-suspend-then-hibernate.service

To confirm that the targets are indeed locked:

1

systemctl list-unit-files | grep -E 'sleep|suspend|hibernate'

Example output:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

systemd-hibernate-clear.service          static   -
systemd-hibernate-resume.service         static   -
systemd-hibernate.service                masked   enabled
systemd-hybrid-sleep.service             masked   enabled
systemd-suspend-then-hibernate.service   masked   enabled
systemd-suspend.service                  masked   enabled
hibernate.target                         masked   enabled
hybrid-sleep.target                      masked   enabled
sleep.target                             masked   enabled
suspend-then-hibernate.target            masked   enabled
suspend.target                           masked   enabled

Configuring systemd-logind

#

Even if the targets are masked and thus inaccessible, we can configure the session manager (systemd-logind = login daemon) so that it doesn’t even try to interpret inactivity signals or physical buttons… Better safe than sorry.

We edit the configuration file:

1

nano /etc/systemd/logind.conf

We modify and/or uncomment the following lines to force the ignore state:

1
2
3
4
5
6

[Login]
HandlePowerKey=ignore
HandleSuspendKey=ignore
HandleHibernateKey=ignore
LidSwitchIgnoreInhibited=no
IdleAction=ignore

We restart the service to apply the changes:

1

systemctl restart systemd-logind

Analyzing logs

#

Two commands can be useful for auditing the server logs:

To check systemd-logind events:

1

journalctl -u systemd-logind --since "1 hour ago"

For ACPI state changes at the kernel level:

1

journalctl -k | grep -i "ACPI: PM"

This command allows you to see if the kernel has actually prepared a transition to S3 (sleep to RAM) or S4 (hibernation).

Conclusion

#

By combining the masking of systemd targets and the neutralization of actions in logind.conf, we eliminate any risk of accidental sleep on our Debian server. ⁴

This is a hardening step that is best taken BEFORE you find yourself in a mess.

Best regards,

Marc JESTIN
https://marcjestin.fr