|
Packit Service |
b29381 |
.\" Copyright 2005 Red Hat Software, Inc.
|
|
Packit Service |
b29381 |
.\" Written by Tomas Mraz <tmraz@redhat.com>
|
|
Packit Service |
b29381 |
.TH console.handlers 5 2005/3/18 "Red Hat" "System Administrator's Manual"
|
|
Packit Service |
b29381 |
.SH NAME
|
|
Packit Service |
b29381 |
console.handlers \- file specifying handlers of console lock and unlock events
|
|
Packit Service |
b29381 |
.SH DESCRIPTION
|
|
Packit Service |
b29381 |
/etc/security/console.handlers determines which programs will be run when an
|
|
Packit Service |
b29381 |
user obtains the console lock at login time, and when the user loses it
|
|
Packit Service |
b29381 |
on log out. It is read by the pam_console module.
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
The format is:
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
\fBhandler-filename\fP \fBlock\fP\fI|\fP\fBunlock\fP \fI[\fP\fBflag ...\fP\fI]\fP
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
Where \fBhandler-filename\fP is a name of the executable to be run, \fBlock\fP or
|
|
Packit Service |
b29381 |
\fBunlock\fP specifies on which event it should be run, and flags specify how
|
|
Packit Service |
b29381 |
should pam_console call it.
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
Additionally there should be a line which specifies glob patterns of console devices.
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
The format of this line is:
|
|
Packit Service |
b29381 |
\fBconsole-name\fP \fBconsoledevs\fP \fBregex\fP \fI[\fP\fBregex ...\fP\fI]\fP
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
Where \fBconsole-name\fP is a name of the console class - currently ignored - and
|
|
Packit Service |
b29381 |
regexes are regular expression patterns which specify the name of the tty device.
|
|
Packit Service |
b29381 |
Only the first such line is consulted.
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
.SH FLAGS
|
|
Packit Service |
b29381 |
.IP logfail
|
|
Packit Service |
b29381 |
The pam_console module should log error to the system log if the return value of the
|
|
Packit Service |
b29381 |
handler is not zero or if the handler can not be executed.
|
|
Packit Service |
b29381 |
.IP wait
|
|
Packit Service |
b29381 |
The pam_console should wait for the handler to exit before continuing.
|
|
Packit Service |
b29381 |
.IP setuid
|
|
Packit Service |
b29381 |
The handler should be executed with uid/gid of the user which obtained the
|
|
Packit Service |
b29381 |
console lock.
|
|
Packit Service |
b29381 |
.IP tty
|
|
Packit Service |
b29381 |
The handler will get a tty name as obtained from PAM as a parameter.
|
|
Packit Service |
b29381 |
.IP user
|
|
Packit Service |
b29381 |
The handler will get an user name as obtained from PAM as a parameter.
|
|
Packit Service |
b29381 |
.PP
|
|
Packit Service |
b29381 |
Anything else will be added directly as a parameter to the handler executable.
|
|
Packit Service |
b29381 |
.SH "SEE ALSO"
|
|
Packit Service |
b29381 |
.BR pam_console (8)
|
|
Packit Service |
b29381 |
.SH AUTHOR
|
|
Packit Service |
b29381 |
Tomas Mraz <tmraz@redhat.com>
|