Console Locking | UNIX: The Complete Reference, Second Edition (Complete Reference Series)

Perhaps the most common security lapse is when computer users leave their consoles unattended while they are logged in. When you walk away from your console, anyone can sit at your desk and continue your session. A benign intruder may play a harmless trick on you, such as changing your prompt to something strange, such as “What Do You Want?” But a malicious intruder could change your .profile so that you are immediately logged off after you log in. Or worse, this intruder may erase all your files.

One way to avoid this problem is to log out every time you leave your console. This can be inconvenient, especially if you have multiple windows open on your system, because you have to close each one to log out, and because you have to log in every time you return to your console. If you are using CDE or KDE, you can configure your screensaver so that it activates a relatively short period of time during which no input is entered and so that the screensaver is deactivated only after you enter your password. Alternatively, if you are using any graphical user interface on the X Window System, you can use the xlock to lock your system. To add xlock to your system, you need to add the xlockmore package, which can be obtained at http://www.tux.org/~bagleyd/xlockmore.html. Note that this package is included with many Linux distributions.

If you use your system in text input mode, you can use a terminal locking program that locks, or temporarily disables, your terminal. Several different add-on programs of this type are available for terminals, including tlock or vlock. These programs lock your keyboard and blank out your screen. When you run tlock, it prompts you for a password. Once you enter your password and match it by entering it again at a second prompt, it locks your terminal. To unlock the terminal, you have to enter the password again. On most systems, tlock is written to disregard BREAK, DELETE, CTRL-D, or other disruptions. The tlock program can be obtained at http://directory.fsf.org/tlock.html. The vlock program is included with many Linux distributions.