console.handlers(5) System Administrator's Manual console.handlers(5)NAMEconsole.handlers - file specifying handlers of console lock and unlock
/etc/security/console.handlers determines which programs will be run
when an user obtains the console lock at login time, and when the user
loses it on log out. It is read by the pam_console module.
The format is:
handler-filename lock|unlock [flag ...]
Where handler-filename is a name of the executable to be run, lock or
unlock specifies on which event it should be run, and flags specify how
should pam_console call it.
Additionally there should be a line which specifies glob patterns of
The format of this line is: console-name consoledevs regex [regex ...]
Where console-name is a name of the console class - currently ignored -
and regexes are regular expression patterns which specify the name of
the tty device. Only the first such line is consulted.
The pam_console module should log error to the system log if the
return value of the handler is not zero or if the handler can
not be executed.
wait The pam_console should wait for the handler to exit before con‐
setuid The handler should be executed with uid/gid of the user which
obtained the console lock.
tty The handler will get a tty name as obtained from PAM as a param‐
user The handler will get an user name as obtained from PAM as a
Anything else will be added directly as a parameter to the handler exe‐
Tomas Mraz <firstname.lastname@example.org>
Red Hat 2005/3/18 console.handlers(5)