I'm currently working on a CentOS system (with Gnome desktop), where i want to disable the use of console for non allowed users.
Actually when logging in with a standard user it launch my app and there is no way to access the desktop, but the user can still user VT switch to issue some command. In the other hand when logging as an administrator it will splash the desktop.
What I want to do is prevent a standard user from issuing commands but enable it for an administator.
I've tried so far modifiying /etc/X11/xorg.conf to disable terminal switching (Option "DontVTSwitch" "True") with success but it will prevent using it for every user.
Question :
Is there a way to allow VT switching for a certain user and disable it for other users ?
Best Answer
You can use the pam_time PAM module to restrict logins for certain users on certain tty's (and at certain times of the day, which is the module's main use).
So if you want to tell the system that logins on tty0 through tty7 (that is, all the VT's that are typically enabled) for all users other than root are never allowed, add this line to
/etc/security/time.conf:and then add the following line at or near the first
accountline in/etc/pam.d/login:Users will still be able to login by using the gdm login screen. And while they can switch to a VT before (or after) logging in, all they'll be able to do is see the login and password prompts; they won't be able to login successfully on a VT.
Tested on CentOS 6.6.