KDE: Location-based Screen Lock Activation

Some laptop users may know the following scenario: In situations where others may potentially gain unauthorized access to your machine, e.g., in public places or in the office, you may want to enable a screen lock shortly after the screensaver kicks in so that the time window during which your system is potentially vulnerable to malicious users stays short (of course, it is still recommended to manually lock the screen when you leave your laptop unattended). However, at home, the need to unlock the machine after some inactivity becomes a little annoying, which makes enabling the locking functionality by default a less desirable option.

Now, what if your laptop could automatically detect your working environment and disarm or re-arm the screen lock depending on its physical location? Well, it can: Turns out there are some nice hooks available to run scripts during various network state change events. The ones that will be of interest for us are if-up and if-down. Apart from that we make the assumption that it will be possible to detect the laptop’s “safe” home location by means of it being signed in to a given WiFi network (identified by its SSID).

Before proceeding, let’s make some further assumptions for the sake of simplicity:

  • You are running a recent KDE version (the author uses 4.6.x – older versions may also work, though).
  • The paths mentioned in this guide may be specific to Ubuntu/Debian. Your mileage for other distributions may vary.
  • You have configured a screensaver through the KDE System Settings to automatically kick in after some time of inactivity.

The portion we will be automating is enabling and disabling the automatic screen lock after disengaging the screensaver using KDE’s kwriteconfig command. To do so, create a new script /etc/network/if-up.d/screenlock and populate it with the following content:


/sbin/iwconfig wlan0 | /bin/grep -q ${SSID}

if [ $? = 0 ]; then
    logger "Disarming screen lock"
    su -c "/usr/bin/kwriteconfig --file kscreensaverrc \
       --group ScreenSaver --key Lock false" ${USERNAME}
    logger "Re-arming screen lock"
    su -c "/usr/bin/kwriteconfig --file kscreensaverrc \
       --group ScreenSaver --key Lock true" ${USERNAME}

exit 0

Make sure not to forget to configure your user and SSID placeholder at the top of the script.

Also, make the script executable:

sudo chmod +x /etc/network/if-up.d/screenlock

So far, the script is only invoked when establishing a network connection. To also invoke it upon disconnecting, we need to create an appropriate symbolic link:

cd /etc/network/if-down.d/ sudo ln -s ../if-up.d/screenlock .

You can test whether the screen lock is working by manually enabling the locking facility in the KDE System Settings -> “Display and Monitor” -> “Screen Saver” -> “Require password after …”. Test whether the lock is effective by letting the screensaver kick in. When dismissing the screensaver you should be prompted for a password. Now, connect to your WLAN. Retry the screensaver test cycle, which should no longer require the entry of a password. Last, disconnect from your WLAN again to observe the lock coming back.

That’s it. Have fun with your new location-aware screen lock configuration. Of course, further uses of the mechanism can be thought of, such as automatic file synchronization. More to follow in a future blog post.