LinuxSA Mailing list archives

  From: Alan Kennington <akenning@topology.org>
  To  : LinuxSA <linuxsa@linuxsa.org.au>
  Date: Wed, 25 Jul 2001 09:07:25 +0930

Re: linux X windows screen lock useless?

On Wed, Jul 25, 2001 at 08:33:37AM +0930, Mark Newton wrote:
> On Wed, Jul 25, 2001 at 07:52:56AM +0930, Alan Kennington wrote:
> 
>  > Throughout history (the last 30 years or so anyway), when
>  > people have used a screen lock, they have expected that
>  > they can safely walk away from the computer (or VT-100
>  > terminal etc.) and come back to an uncompromised machine.
>  > That's all that I was hoping for.
>  > In fact, the X screen lock does no do this.
> 
> Alan?  You're doing it all wrong.

Mark,

That seems to be a tautology.

> Don't login on VTY-1 and run "startx" to get your window system
> running;  Execute xdm instead (it'll be in your inittab, on a 
> run-level you're obviously not using).
> 
> If you do that, CTRL-ALT-F1 will do nothing more serious than 
> deliver a "login:" prompt to a casual passer-by, and xlock in your
> X-session will lock anything you happen to be doing which might 
> be privileged.
> 
>  > I'm looking for a method to lock both the X session and
>  > the console session - preferably in one command.
> 
> The question you should be asking is, "Why do I have an X session *AND*
> a console session, when the only thing I use the console session for is
> to start my X server?"  Don't do this, use xdm.  That's what it's for,
> that's what it has always been for, that's what you're supposed to use.


There's a teency-weency problem with this.
It's a good idea if you always have the same monitor on each machine,
but in my case, I often either remove the monitor or swap monitors.
In that case, there's a danger of not being able to control
my machine on boot-up. 
I've foudn that the options on xdm, gdm and kdm are often
quite restrictive too. Like all "user friendly" systems,
they make things easier if you want to do what's in the menus,
but not if you're an individual.
I guess that's why I use unix.

But I take your point.
I can run xdm/gdm/kdm on a machine which always has
the same monitor, and control all other machines from that -
and forgo the flexibility of being able to start up from
a getty-style login prompt.

Having the ability to go back to the getty consoles is
often _essential_ to get back control of my computer when the
windows system (e.g. KDE) hangs totally.
From what you're saying, these getty consoles are still
available with the xdm etc. in the inittab.
(This is one of the first things I _remove_ when I install
and configure a new system, using the management tools.)

Anyway, I have a bundle of new tricks to try now.
I'll give them all a go and see if something meets my needs.

Cheers and thanks,
Alan Kennington.

-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject