Increase security by Locking Admin screen/console

This is especially useful for Linux/BSD/Unixish system which have multiple users with access to the console. One user may lock his or her session while still allowing other users to use the system on other virtual consoles. If desired, the entire console may be locked and virtual console switching disabled. This is really a good idea to lock your workstation which is use to control other servers in your network environment. Both FreeBSD and Linux support locking the screen option. Generally, KDE and Gnome include a locking feature. The idea is very simple secure your terminal from unwanted people.

Shell variables to auto-logout
Almost all-modern shell support some sort of auto logout option. Under BASH you need to use TMOUT variable. You can setup TMOUT in seconds, bash terminates after waiting for that number of seconds if input does not arrive. For example if you setup TMOUT 60 seconds:

$ export TMOUT=60

So, if no input (command typed) arrived it will terminate shell with following message:
timed out waiting for input: auto-logout

You can add TMOUT to your shell configuration file ~/.bash_profile file.

However, I liked tcsh shell (the default shell under FreeBSD) autologout variable. Genral syntax is as follows:
$ set autologout = (VAL1 VAL2)

VAL1 : The number of minutes of inactivity before automatic logout
VAL2 : The number of minutes of inactivity before automatic locking will take place this is optional.
For example, you can set autologout as follows.

$ set autologout = (5 10)

You can add autologout to your shell configuration file ~/.cshrc OR ~/.tcshrc.

Using vlock under Linux to lock screen
vlock is a program to lock one or more sessions on the Linux consol. Install it using apt-get or yum:

# apt-get install vlock

OR if you are a Fedora user

# yum install vlock

Now to lock your console or screen just type vlock command at shell prompt:

$ vlock

This TTY is now locked.
Please enter the password to unlock.
jadmins's Password:

Using lock command under FreeBSD/OpenBSD
The lock command requests a password from the user, reads it again for verification and then will normally not relinquish the terminal until the password is repeated.

$ lock

lock: /dev/ttyp0 on timeout in 15 minutes.
time now is Tue Jan 31 20:46:14 IST 2006

See also:

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 2 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
2 comments… add one
  • Joe Baker Mar 6, 2008 @ 15:40

    It would be neat to combine the tcsh or bash timeout feature to engage the vlock function so you wouldnt’ loose your cwd, history, etc… but would have the safety of having the shell require a password if the timeout was exceeded.

    That’s my Christmas Wish 🙂

  • Balaviswanathan Jul 4, 2013 @ 0:20

    thanks a lot Vivek, Please let us know how to use like the Ctrl + L option in windows
    We would be thankful to you

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum