Anne Wilson wrote:
In security terms, is there any difference between ending a session (logout of X) and locking a session?
Anne
If I understand what you are asking - yes. By lock session, you mean "Lock Screen" ??
If you just lock the session - your user is still the console use and has permission to write to certain device nodes. When you log out, your user gives up those permissions.
[mpeters@athens ~]$ ls -l /dev/ |grep mpeters |wc -l 29 [mpeters@athens ~]$
That's 29 device nodes that I have permission on because I am the console user. When I log out, they revert to default (typically root) ownership.
For example - lock your screen and ssh in from elsewhere - then run the eject command. The CD tray should shoot out (unless you have a slot loader ...)
Log out at the console and try it - it will fail:
[mpeters@athens ~]$ ssh jerusalem mpeters@jerusalem's password: Last login: Tue Feb 12 01:55:49 2008 from 192.168.15.100 [mpeters@jerusalem ~]$ eject eject: unable to open `/dev/hdc' [mpeters@jerusalem ~]$
There also are some userspace daemons that often start up when you are logged in (IE in gnome) that exit when you actually log out.