From Gentoo Wiki
Jump to:navigation Jump to:search

vlock is a Virtual Console lock program.


Sometimes a malicious local user could cause more problems than a sophisticated remote one. vlock is a program that locks one or more sessions on the Linux console to prevent attackers from gaining physical access to the machine.


USE flags

USE flags for app-misc/vlock Allows to lock one or all of the sessions of your console display

pam Add support for PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip
selinux !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur
test Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)


To install app-misc/vlock:

root #emerge --ask app-misc/vlock


When not working in a virtual console, switch to one by pressing CTRL+ALT+F1 through F6. By default, vlock locks the current console session. Use the -a switch in order to lock all console sessions.

user $vlock -a

It is also possible to use vlock from an X session. Use the -n option to make vlock switch to an empty virtual console.

root #usermod -a -G vlock larry
user $vlock -na

Disable SysRq key

The magic SysRq key combination can unlock consoles when least expected. In order to prevent this, disable the SysRq mechanism while consoles are locked like so:

user $vlock -sa

If a user does not know how to use the SysRq key, then it is probably not needed. Disable it when configuring the kernel:

KERNEL Disabling Magic SysRq key
Kernel hacking --->
  [ ] Magic SysRq key