[CentOS] Lock session vs. End session
Michael A. Peters
mpeters at mac.com
Thu Feb 14 16:39:55 UTC 2008
Anne Wilson wrote:
> In security terms, is there any difference between ending a session (logout of
> X) and locking a session?
>
> Anne
If I understand what you are asking - yes.
By lock session, you mean "Lock Screen" ??
If you just lock the session - your user is still the console use and
has permission to write to certain device nodes. When you log out, your
user gives up those permissions.
[mpeters at athens ~]$ ls -l /dev/ |grep mpeters |wc -l
29
[mpeters at athens ~]$
That's 29 device nodes that I have permission on because I am the
console user. When I log out, they revert to default (typically root)
ownership.
For example - lock your screen and ssh in from elsewhere - then run the
eject command. The CD tray should shoot out (unless you have a slot
loader ...)
Log out at the console and try it - it will fail:
[mpeters at athens ~]$ ssh jerusalem
mpeters at jerusalem's password:
Last login: Tue Feb 12 01:55:49 2008 from 192.168.15.100
[mpeters at jerusalem ~]$ eject
eject: unable to open `/dev/hdc'
[mpeters at jerusalem ~]$
There also are some userspace daemons that often start up when you are
logged in (IE in gnome) that exit when you actually log out.
More information about the CentOS
mailing list