physlock
Lock console and disable input
TLDR
Lock every console (require current user or root to unlock)
Mute kernel messages on console while locked
Disable SysRq mechanism while locked
Display a message before the password prompt
Fork and detach physlock (useful for suspend or hibernate scripts)
SYNOPSIS
physlock [options]
PARAMETERS
-a
Lock all virtual consoles.
-d
Detach from the terminal, running in the background. Password will be needed to kill background task.
-f
Force lock even if other users are logged in on the console.
-h
Display help message and exit.
-p pidfile
Write the process ID to the specified file.
-q
Be quiet (don't print anything to the console).
-s
Use simple password prompt (no PAM).
-t timeout
Set an inactivity timeout (in seconds). After this time, the console will automatically lock.
Default: no timeout.
-u username
Specify the username to use for authentication.
Default: current user.
-V
Display version information and exit.
DESCRIPTION
`vlock` is a program to lock one or more virtual consoles. While vlock is running, no one can switch to a locked console without entering the correct password. `physlock` is a more modern version. It has a few advantages compared to vlock, for example, is actively maintained and supports PAM authentication. Physlock aims to provide a secure and reliable way to lock your Linux terminal or virtual console when you need to step away from your computer, preventing unauthorized access. When invoked, it locks the current virtual console and requires authentication (usually your user password) to unlock it. Once locked, switching to a different virtual console will also be prevented. When invoked, physlock locks the current virtual console and will prevent anyone else from using the terminal until it is unlocked.
CAVEATS
When detached (-d option) to kill the background process, the password of the user who started physlock is necessary.
AUTHENTICATION
Physlock uses PAM (Pluggable Authentication Modules) by default for authentication. This provides a flexible and secure way to verify the user's password. If the -s parameter is given, a simple password prompt is used. This is less secure than PAM.
SECURITY CONSIDERATIONS
It is important to choose a strong password to protect your console. Running `physlock` detatched (-d) will increase system security against physical attacks.
HISTORY
The concept of locking virtual consoles has been around for a long time, with `vlock` being a common tool for this purpose. `physlock` appears to be a modern reimagining that addresses some of the limitations of vlock, such as active maintenance, PAM support, and security concerns. The history of physlock is closely linked to the need for better security in multi-user Linux environments, especially on systems where physical access is not always controlled.
SEE ALSO
vlock(1), slock(1), xlock(1)