The current standard policy for suspend/hibernate requires the root password to be entered in case multiple simultaneous logins are active. This is a nuisance in itself for laptop use, however, this policy can be changed to allow suspend/hibernate regardless.
This leaves a security issue though: an unlocked (root?) console will still be unlocked after resume.
Does anyone have recommendations how we could achieve one of the following:
-
automatic forced logout of console sessions (should be possible via loginctl. How to trigger this? systemd?)
-
automatic forced logout of console session, except “screen” is in foreground → lock “screen”
-
other ideas?
Kind regards,
Alex