.\" Copyright 2005 Red Hat Software, Inc.

.\" Written by Tomas Mraz <tmraz@redhat.com>

.TH console.handlers 5 2005/3/18 "Red Hat" "System Administrator's Manual"

.SH NAME

console.handlers \- file specifying handlers of console lock and unlock events

.SH DESCRIPTION

/etc/security/console.handlers determines which programs will be run when an

user obtains the console lock at login time, and when the user loses it

on log out. It is read by the pam_console module.

The format is:

\fBhandler-filename\fP \fBlock\fP\fI|\fP\fBunlock\fP \fI[\fP\fBflag ...\fP\fI]\fP

Where \fBhandler-filename\fP is a name of the executable to be run, \fBlock\fP or

\fBunlock\fP specifies on which event it should be run, and flags specify how

should pam_console call it.

Additionally there should be a line which specifies glob patterns of console devices.

The format of this line is:

\fBconsole-name\fP \fBconsoledevs\fP \fBregex\fP \fI[\fP\fBregex ...\fP\fI]\fP

Where \fBconsole-name\fP is a name of the console class - currently ignored - and

regexes are regular expression patterns which specify the name of the tty device.

Only the first such line is consulted.

.SH FLAGS

.IP logfail

The pam_console module should log error to the system log if the return value of the

handler is not zero or if the handler can not be executed.

.IP wait

The pam_console should wait for the handler to exit before continuing.

.IP setuid

The handler should be executed with uid/gid of the user which obtained the

console lock.

.IP tty

The handler will get a tty name as obtained from PAM as a parameter.

.IP user

The handler will get an user name as obtained from PAM as a parameter.

.PP

Anything else will be added directly as a parameter to the handler executable.

.SH "SEE ALSO"

.BR pam_console (8)

.SH AUTHOR

Tomas Mraz <tmraz@redhat.com>