pam_console(8)    System Administrator's Manual    pam_console(8)

       pam_console  - control permissions for users at the system

       session optional /lib/security/
       auth required /lib/security/

DESCRIPTION is designed to give users at  the  physical
       console  (virtual  terminals  and local xdm-managed X ses-
       sions by default, but that is  configurable)  capabilities
       that  they  would  not  otherwise  have, and to take those
       capabilities away when the are no longer logged in at  the
       console.  It provides two main kinds of capabilities: file
       permissions and authentication.

       When a user logs in at the console and no  other  user  is
       currently  logged  in  at the console, will
       change permissions and ownership of files as described  in
       the  file /etc/security/console.perms.  That user may then
       log in on other terminals that are considered part of  the
       console, and as long as the user is still logged in at any
       one of those terminals, that user will own those  devices.
       When  the  user logs out of the last terminal, the console
       may be taken by the next user to log in.  Other users  who
       have  logged  in  at  the console during the time that the
       first user was logged in will not be  given  ownership  of
       the  devices  unless  they log in on one of the terminals;
       having done so on any one terminal, the next user will own
       those devices until he or she has logged out of every ter-
       minal that is part of the physical console.  Then the race
       can  start  for the next user.  In practice, this is not a
       problem; the physical console is not generally in  use  by
       many  people  at  the  same  time, and just
       tries to do the right thing in weird cases.

       debug  turns on debugging

              tells  to   get   its   permissions
              database  from  a  different  file  than /etc/secu-



       Let's hope not, but if you find any,  please  report  them
       via the "Bug Track" link at

       Michael K. Johnson <>

Red Hat Software             1999/2/4                           1