LinuxCommandLibrary

physlock

Lock console and disable input

TLDR

Lock every console (require current user or root to unlock)

$ physlock
copy

Mute kernel messages on console while locked
$ physlock -m
copy

Disable SysRq mechanism while locked
$ physlock -s
copy

Display a message before the password prompt
$ physlock -p "[Locked!]"
copy

Fork and detach physlock (useful for suspend or hibernate scripts)
$ physlock -d
copy

SYNOPSIS

physlock [options]

PARAMETERS

-a
    Lock all virtual consoles.

-d
    Detach from the terminal, running in the background. Password will be needed to kill background task.

-f
    Force lock even if other users are logged in on the console.

-h
    Display help message and exit.

-p pidfile
    Write the process ID to the specified file.

-q
    Be quiet (don't print anything to the console).

-s
    Use simple password prompt (no PAM).

-t timeout
    Set an inactivity timeout (in seconds). After this time, the console will automatically lock.
Default: no timeout.

-u username
    Specify the username to use for authentication.
Default: current user.

-V
    Display version information and exit.

DESCRIPTION

`vlock` is a program to lock one or more virtual consoles. While vlock is running, no one can switch to a locked console without entering the correct password. `physlock` is a more modern version. It has a few advantages compared to vlock, for example, is actively maintained and supports PAM authentication. Physlock aims to provide a secure and reliable way to lock your Linux terminal or virtual console when you need to step away from your computer, preventing unauthorized access. When invoked, it locks the current virtual console and requires authentication (usually your user password) to unlock it. Once locked, switching to a different virtual console will also be prevented. When invoked, physlock locks the current virtual console and will prevent anyone else from using the terminal until it is unlocked.

CAVEATS

When detached (-d option) to kill the background process, the password of the user who started physlock is necessary.

AUTHENTICATION

Physlock uses PAM (Pluggable Authentication Modules) by default for authentication. This provides a flexible and secure way to verify the user's password. If the -s parameter is given, a simple password prompt is used. This is less secure than PAM.

SECURITY CONSIDERATIONS

It is important to choose a strong password to protect your console. Running `physlock` detatched (-d) will increase system security against physical attacks.

HISTORY

The concept of locking virtual consoles has been around for a long time, with `vlock` being a common tool for this purpose. `physlock` appears to be a modern reimagining that addresses some of the limitations of vlock, such as active maintenance, PAM support, and security concerns. The history of physlock is closely linked to the need for better security in multi-user Linux environments, especially on systems where physical access is not always controlled.

SEE ALSO

vlock(1), slock(1), xlock(1)

Copied to clipboard