Cannot deactivate Virtual terminal

I have attempted to shutdown an app with ALT F4, but by accident pressed the Ctrl Alt F$ and noticed that none of the Virtual terminals are disabled. IS there a way to disable all besides the F1? I have checked the /etc/X11/xorg.conf.d/10-xorg.conf and it looks like it should be disabled:

Section “Serverflags”

Option “DontVTSwitch” “yes”

EndSection

Added tty, x11, x11-wayland-transition

A few more infos would help.

What variant are you using, are you really still on Xorg or just assume that?

I am using a kiosk user:

kiosk@fedora:$ $echo XDG_SESSION_TYPE
wayland

The virtual terminals are important way of administering your system if there is a problem with the GUI. You need to consider if it is worth reducing the number of virtual terminal.

The kernel has 63 virtual terminals compiled into it.
You can limit the number that will allow a login, but that is not usually an issue.

This is regarding a cyber security issue. Which fir the intended use needs Virtual terminals unaccessible by the kiosk. Is there another way of doing this? Thank you very much

1 Like

Ok, understood.

What you want to do it prevent a user being able to switch to the virtual terminals.
That will mean that the ctrl-alt-F1 etc will need to be disabled.

You can try disabling getty for each virtual tty and see if that is enough.

For example:

systemctl stop getty@tty1.service
systemctl disable getty@tty1.service

Repeat for tty2 to tty7

1 Like

Sadly i have already tried it and does not work. I can still access all of the tty. I was looking on old posts and saw someone mention to delete the tty* from the event.d file. But I do not have such file

I don’t know how it works, but it looks that these systemd units are actually started when you type CTRL+ALT+F*

Perhaps take a look at /etc/systemd/logind.conf.

It has the option NAutoVTs=6. I guess you could set that to 1 or maybe even to zero.

1 Like

Maybe systemctl mask getty@tty1.service to prevent them starting as well as the disable.

1 Like

It seems like that the unit to work on is autovt@tty*.service
So, try

for i in {1..12}
   do sudo systemctl mask --now autovt@tty${i}.service
done
1 Like

He, tried that, but they are always started anyway.

Good idea.

sudo mkdir /etc/systemd/logind.conf.d

sudo tee /etc/systemd/logind.conf.d/novt.conf <<EOF
[Login]
NAutoVTs=0
EOF

sudo systemctl reload systemd-logind.service
2 Likes

The above drop-in is working for all but one VT (retained active by the system afaik). On my system, the one which doesn’t get disabled is tty6.

I would just add that a reboot might be necessary, systemctl reload systemd-logind.service might not be enough.

2 Likes

You are right, there is also the ReserveVT option.

NAutoVTs=
Takes a positive integer. Configures how many virtual terminals (VTs) to allocate by default that, when switched to and are previously unused, “autovt” services are automatically spawned on. These services are instantiated from the template unit autovt@.service for the respective VT TTY name, for example, autovt@tty4.service. By default, autovt@.service is linked to getty@.service. In other words, login prompts are started dynamically as the user switches to unused virtual terminals. Hence, this parameter controls how many login “gettys” are available on the VTs. If a VT is already used by some other subsystem (for example, a graphical login), this kind of activation will not be attempted. Note that the VT configured in ReserveVT= is always subject to this kind of activation, even if it is not one of the VTs configured with the NAutoVTs= directive. Defaults to 6. When set to 0, automatic spawning of “autovt” services is disabled.

ReserveVT=
Takes a positive integer. Identifies one virtual terminal that shall unconditionally be reserved for autovt@.service activation (see above). The VT selected with this option will be marked busy unconditionally, so that no other subsystem will allocate it. This functionality is useful to ensure that, regardless of how many VTs are allocated by other subsystems, one login “getty” is always available. Defaults to 6 (in other words, there will always be a “getty” available on Alt-F6.). When set to 0, VT reservation is disabled.

2 Likes

Thank you very much for the effort. I will attempt the suggestions :slight_smile:

Just Updating the status: The NAutoVTs and ReserveVT worked. I left them as 1 and 1 respectively for maintenance. Thank you for the help :slight_smile:

1 Like