1XSECURELOCK(1)                                                  XSECURELOCK(1)
2
3
4

NAME

6       XSecureLock - X11 screen lock utility
7

SYNPOSIS

9       [options] xsecurelock [– command-to-run-when-locked]
10

DESCRIPTION

12       XSecureLock  is  an  X11  screen lock utility designed with the primary
13       goal of security.
14
15       It locks the current X11 session, and only allows unlocking if the user
16       authenticates to it (typically with the login password).
17
18       While  locked,  it can launch a screen saver process and then waits for
19       input events.  Upon an input event, it displays a login dialog to allow
20       for unlocking.
21

OPTIONS

23       Options are set as environment variables prior to invoking XSecureLock;
24       the following variables are available:
25
26       • XSECURELOCK_AUTH: specifies the desired  authentication  module  (the
27         part that displays the authentication prompt).
28
29       • XSECURELOCK_AUTHPROTO:  specifies the desired authentication protocol
30         module (the part that talks to the system).
31
32       • XSECURELOCK_AUTH_BACKGROUND_COLOR: specifies the X11 color (see  man‐
33         page of XParseColor) for the background of the auth dialog.
34
35       • XSECURELOCK_AUTH_CURSOR_BLINK:  if  set, the cursor will blink in the
36         auth dialog.  Enabled by default, can be set to 0 to disable.
37
38       • XSECURELOCK_AUTH_SOUNDS: specifies whether to play sounds during  au‐
39         thentication to indicate status.  Sounds are defined as follows:
40
41         • High-pitch ascending: prompt for user input.
42
43         • High-pitch constant: an info message was displayed.
44
45         • Low-pitch descending: an error message was displayed.
46
47         • Medium-pitch ascending: authentication successful.
48
49       • XSECURELOCK_AUTH_FOREGROUND_COLOR:  specifies the X11 color (see man‐
50         page of XParseColor) for the foreground text of the auth dialog.
51
52       • XSECURELOCK_AUTH_TIMEOUT: specifies the time (in seconds) to wait for
53         response  to  a  prompt by auth_x11 before giving up and reverting to
54         the screen saver.
55
56       • XSECURELOCK_AUTH_WARNING_COLOR: specifies the X11 color (see  manpage
57         of XParseColor) for the warning text of the auth dialog.
58
59       • XSECURELOCK_BACKGROUND_COLOR: specifies the X11 color (see manpage of
60         XParseColor) for the background of the main and saver windows.
61
62       • XSECURELOCK_BLANK_TIMEOUT: specifies the  time  (in  seconds)  before
63         telling  X11 to fully blank the screen; a negative value disables X11
64         blanking.  The time is measured since the closing of the auth  window
65         or  xsecurelock startup.  Setting this to 0 is rather nonsensical, as
66         key-release events (e.g. from the keystroke to launch xsecurelock  or
67         from  pressing  escape  to  close the auth dialog) always wake up the
68         screen.
69
70       • XSECURELOCK_BLANK_DPMS_STATE: specifies which DPMS state to  put  the
71         screen  in  when blanking (one of standby, suspend, off and on, where
72         “on” means to not invoke DPMS at all).
73
74       • XSECURELOCK_BURNIN_MITIGATION: specifies the  number  of  pixels  the
75         prompt of auth_x11 may be moved at startup to mitigate possible burn-
76         in effects due to the  auth  dialog  being  displayed  all  the  time
77         (e.g. when spurious mouse events wake up the screen all the time).
78
79       • XSECURELOCK_BURNIN_MITIGATION_DYNAMIC:  if  set  to a non-zero value,
80         auth_x11 will move the prompt while it is being displayed,  but  stay
81         within  the  bounds  of  XSECURELOCK_BURNIN_MITIGATION.  The value of
82         this variable is the maximum allowed shift per screen refresh.   This
83         mitigates short-term burn-in effects but is probably annoying to most
84         users, and thus disabled by default.
85
86       • XSECURELOCK_COMPOSITE_OBSCURER: create a second full-screen window to
87         obscure  window  content  in case a running compositor unmaps its own
88         window.  Helps with some instances of bad compositor  behavior  (such
89         as  compositor  crashes/restarts, but also compton has been caught at
90         drawing notification icons above the screen locker when not using the
91         GLX backend), should prevent compositors from unredirecting as it’s 1
92         pixel smaller than the screen from every side, and  should  otherwise
93         be harmless, so it’s enabled by default.
94
95       • XSECURELOCK_DATETIME_FORMAT:  the  date  format to show.  Defaults to
96         the locale settings.  (see man date for possible formats)
97
98       • XSECURELOCK_DEBUG_ALLOW_LOCKING_IF_INEFFECTIVE: Normally we don’t al‐
99         low  locking sessions that are likely not any useful to lock, such as
100         the X11 part of a Wayland session (one could still use Wayland appli‐
101         catione  when  locked)  or VNC sessions (as it’d only lock the server
102         side session while users will likely think they  locked  the  client,
103         allowing  for  an easy escape).  These checks can be bypassed by set‐
104         ting this variable to 1.  Not recommended other  than  for  debugging
105         XSecureLock itself via such connections.
106
107       • XSECURELOCK_DEBUG_WINDOW_INFO:  When complaining about another window
108         misbehaving, print not just the window ID but also  some  info  about
109         it.  Uses the xwininfo and xprop tools.
110
111       • XSECURELOCK_DIM_ALPHA: Linear-space opacity to fade the screen to.
112
113       • XSECURELOCK_DIM_COLOR: X11 color to fade the screen to.
114
115       • XSECURELOCK_DIM_FPS:  Target  framerate  to attain during the dimming
116         effect of dimmer.  Ideally matches the display refresh rate.
117
118       • XSECURELOCK_DIM_MAX_FILL_SIZE: Maximum size (in width or  height)  to
119         fill at once using an XFillRectangle call.  Low values may cause per‐
120         formance loss or noticeable tearing during dimming; high  values  may
121         cause  crashes  or  hangs with some graphics drivers or a temporarily
122         unresponsive X server.
123
124       • XSECURELOCK_DIM_OVERRIDE_COMPOSITOR_DETECTION: When set to 1,  always
125         try  to  use  transparency  for  dimming; when set to 0, always use a
126         dither pattern.  Default is to autodetect whether  transparency  will
127         likely work.
128
129       • XSECURELOCK_DIM_TIME_MS:  Milliseconds to dim for when above xss-lock
130         command line with dimmer is used; also used by wait_nonidle  to  know
131         when to assume dimming and waiting has finished and exit.
132
133       • XSECURELOCK_DISCARD_FIRST_KEYPRESS:  If  set to 0, the key pressed to
134         stop the screen saver and spawn the auth child is sent  to  the  auth
135         child  (and  thus becomes part of the password entry).  By default we
136         always discard the key press that started the authentication flow, to
137         prevent  users  from  getting  used to type their password on a blank
138         screen (which could be just powered off and have a chat client behind
139         or similar).
140
141       • XSECURELOCK_FONT:  X11  or  FontConfig font name to use for auth_x11.
142         You can get a list of supported font names by  running  xlsfonts  and
143         fc-list.
144
145       • XSECURELOCK_FORCE_GRAB:  When  grabbing  fails, try stealing the grab
146         from other windows (a value of 2 steals from all descendants  of  the
147         root  window,  while  a  value of 1 only steals from client windows).
148         This works only sometimes and is incompatible with many  window  man‐
149         agers,  so  use with care.  See the “Forcing Grabs” section below for
150         details.
151
152       • XSECURELOCK_GLOBAL_SAVER: specifies the desired global  screen  saver
153         module  (by default this is a multiplexer that runs XSECURELOCK_SAVER
154         on each screen).
155
156       • XSECURELOCK_IDLE_TIMERS: comma-separated list of idle  time  counters
157         used  by  until_nonidle.   Typical values are either empty (relies on
158         the X Screen Saver extension instead), “IDLETIME” and “DEVICEIDLETIME
159         ”  where  n  is  an XInput device index (run xinput to see them).  If
160         multiple time counters are specified, the idle time is the minimum of
161         them all.  All listed timers must have the same unit.
162
163       • XSECURELOCK_IMAGE_DURATION_SECONDS: how long to show each still image
164         played by saver_mpv.  Defaults to 1.
165
166       • XSECURELOCK_KEY_%s_COMMAND where %s is the  name  of  an  X11  keysym
167         (find  using  xev): a shell command to execute when the specified key
168         is pressed.  Useful e.g. for media player control.  Beware:  be  cau‐
169         tious about what you run with this, as it may yield attackers control
170         over your computer.
171
172       • XSECURELOCK_LIST_VIDEOS_COMMAND: shell  command  to  list  all  video
173         files to potentially play by saver_mpv or saver_mplayer.  Defaults to
174         find ~/Videos -type f.
175
176       • XSECURELOCK_NO_COMPOSITE: disables  covering  the  composite  overlay
177         window.   This switches to a more traditional way of locking, but may
178         allow desktop notifications to be visible on top of the screen  lock.
179         Not recommended.
180
181       • XSECURELOCK_NO_PAM_RHOST:  do not set PAM_RHOST to localhost, despite
182         recommendation (http://www.linux-pam.org/Linux-PAM-html/adg-security-
183         user-identity.html) to do so by the Linux-PAM Application Developers’
184         Guide.  This may work around bugs in third-party  PAM  authentication
185         modules.   If  this  solves  a  problem  for you, please report a bug
186         against said PAM module.
187
188       • XSECURELOCK_NO_XRANDR: disables multi monitor support using XRandR.
189
190       • XSECURELOCK_NO_XRANDR15: disables multi monitor support using  XRandR
191         1.5 and fall back to XRandR 1.2.  Not recommended.
192
193       • XSECURELOCK_PAM_SERVICE:  pam  service  name.  You should have a file
194         with that name in /etc/pam.d.
195
196       • XSECURELOCK_PASSWORD_PROMPT: Choose password prompt mode:
197
198         • asterisks: shows asterisks, like classic password prompts.  This is
199           the least secure option because password length is visible.
200
201                  ***_
202                  *******_
203
204         • cursor:  shows  a cursor that jumps around on each key press.  This
205           is the default.
206
207                  ________|_______________________
208                  ___________________|____________
209
210         • disco: shows dancers, which dance around on each  key  press.   Re‐
211           quires  a font that can handle Unicode line drawing characters, and
212           FontConfig.
213
214                  ┏(・o・)┛ ♪ ┗(・o・)┓ ♪ ┏(・o・)┛ ♪ ┗(・o・)┓ ♪ ┏(・o・)┛
215                  ┗(・o・)┓ ♪ ┏(・o・)┛ ♪ ┏(・o・)┛ ♪ ┏(・o・)┛ ♪ ┏(・o・)┛
216
217         • emoji: shows an emoji, changing which one on each key  press.   Re‐
218           quires a font that can handle emoji, and FontConfig.
219
220                  👍
221                  🎶
222                  💕
223
224         • emoticon:  shows  an ascii emoticon, changing which one on each key
225           press.
226
227                  :-O
228                  d-X
229                  X-\
230
231         • hidden: completely hides the password, and there’s no feedback  for
232           keypresses.  This would almost be most secure - however as it gives
233           no feedback to input whatsoever, you may not be able to notice  ac‐
234           cidentally  typing to another computer and sending your password to
235           some chatroom.
236
237         • kaomoji: shows a kaomoji (Japanese emoticon), changing which one on
238           each key press.  Requires a Japanese font, and FontConfig.
239
240                  (͡°͜ʖ͡°)
241                  (^u^)
242                  ¯\_(ツ)_/¯
243
244         • time:  shows  the  current  time since the epoch on each keystroke.
245           This may be the most secure mode, as it gives feedback to keystroke
246           based  exclusively  on  public information, and does not carry over
247           any state between keystrokes whatsoever - not  even  some  form  of
248           randomness.
249
250                  1559655410.922329
251
252         • time_hex:  same as time, but in microseconds and hexadecimal.  “Be‐
253           cause we can”.
254
255                  0x58a7f92bd7359
256
257       • XSECURELOCK_SAVER: specifies the desired screen saver module.
258
259       • XSECURELOCK_SAVER_RESET_ON_AUTH_CLOSE: specifies whether to reset the
260         saver module when the auth dialog closes.  Resetting is done by send‐
261         ing SIGUSR1 to the saver, which may either just terminate, or  handle
262         this specifically to do a cheaper reset.
263
264       • XSECURELOCK_SHOW_DATETIME: whether to show local date and time on the
265         login.  Disabled by default.
266
267       • XSECURELOCK_SHOW_HOSTNAME: whether to show the hostname on the  login
268         screen  of auth_x11.  Possible values are 0 for not showing the host‐
269         name, 1 for showing the short form, and 2 for showing the long form.
270
271       • XSECURELOCK_SHOW_USERNAME: whether to show the username on the  login
272         screen of auth_x11.
273
274       • XSECURELOCK_SINGLE_AUTH_WINDOW:  whether  to  show only a single auth
275         window from auth_x11, as opposed to one per screen.
276
277       • XSECURELOCK_SWITCH_USER_COMMAND: shell command to execute when  Win-O
278         or Ctrl-Alt-O are pressed (think “other user”).  Typical values could
279         be lxdm -c USER_SWITCH, dm-tool switch-to-greeter, gdmflexiserver  or
280         kdmctl reserve, depending on your desktop environment.
281
282       • XSECURELOCK_VIDEOS_FLAGS:  flags  to append when invoking mpv/mplayer
283         with saver_mpv or saver_mplayer.  Defaults to empty.
284
285       • XSECURELOCK_WAIT_TIME_MS: Milliseconds to wait after dimming (and be‐
286         fore locking) when above xss-lock command line is used.  Should be at
287         least as large as the period time set using “xset s”.  Also  used  by
288         wait_nonidle  to know when to assume dimming and waiting has finished
289         and exit.
290
291       • XSECURELOCK_SAVER_DELAY_MS: Milliseconds to wait after starting chil‐
292         dren  process  and before mapping windows to let children be ready to
293         display and reduce the black flash.
294
295       • XSECURELOCK_XSCREENSAVER_PATH: Location where XScreenSaver hacks  are
296         installed for use by saver_xscreensaver.
297
298       Additionally,  XSecureLock  spawns  the command-to-run-when-locked once
299       locking is complete; this can be used as a  notification  mechanism  if
300       desired.
301

REPORTING BUGS

303       The  official  bug  tracker  is  at <https://github.com/google/xsecure
304       lock/issues/>.
305
307       The code is released unser the Apache 2.0  license.   See  the  LICENSE
308       file for more details.
309

SEE ALSO

311       xss-lock (1), xautolock (1).
312
313       The  README.md  file included with XSecureLock contains full documenta‐
314       tion.
315
316       The XSecureLock source code and all documentation may be downloaded  on
317       <https://github.com/google/xsecurelock/>.
318

AUTHORS

320       Rudolf Polzer.
321
322
323
324XSecureLock User Manual         April 15, 2019                  XSECURELOCK(1)
Impressum