Many screen lockers (mine is i3lock) do not block access to other Virtual Terminals. This means that, if I leave a session opened in some VT, then even when the desktop is locked (for example when resuming), a malicious person can switch to the VT and do anything.
This is an actual issue for me, as I occasionally switch to a VT, then switch back to the graphical environment and forget to log out from the VT.
The question then is: how to add VT-locking on top of an existing screen locker?
The Arch Linux wiki suggests to simply disable VTs from Xorg, with this piece of configuration for the X server:
Section "ServerFlags"
# disable VT switching:
Option "DontVTSwitch" "True"
# disable “zapping”, ie. killing the X server with Ctrl-Alt-Bksp:
Option "DontZap" "True"
EndSection
This is not an option since I use VTs, as already explained above. Maybe one solution would be to set and reset those options dynamically, but I found nothing to change X server options at runtime, at least in general (there are things like setxkbmap for keyboard layouts, or xset for misc stuff). Is this possible?
I also found the command vlock -a which, when called from a text-based VT, locks the session and disable VT switching. However, it does not work from the graphical environment, and would anyway be redundant with the graphical screen locker.
How can I solve this problem?
Best Answer
I did it with a not-so-graceful way: first, changed to the first terminal with
chvt(that's where myslocklocker will be running), then disabled the keys F1 to F12 withxmodmapin asystemdunit called aftersleep.target, and enabled them back afterresume.target, and it seems to be working fine.systemdUnit:disableVTS.shscript: