Anne Wilson wrote: > In security terms, is there any difference between ending a session (logout of > X) and locking a session? > > Anne If I understand what you are asking - yes. By lock session, you mean "Lock Screen" ?? If you just lock the session - your user is still the console use and has permission to write to certain device nodes. When you log out, your user gives up those permissions. [mpeters at athens ~]$ ls -l /dev/ |grep mpeters |wc -l 29 [mpeters at athens ~]$ That's 29 device nodes that I have permission on because I am the console user. When I log out, they revert to default (typically root) ownership. For example - lock your screen and ssh in from elsewhere - then run the eject command. The CD tray should shoot out (unless you have a slot loader ...) Log out at the console and try it - it will fail: [mpeters at athens ~]$ ssh jerusalem mpeters at jerusalem's password: Last login: Tue Feb 12 01:55:49 2008 from 192.168.15.100 [mpeters at jerusalem ~]$ eject eject: unable to open `/dev/hdc' [mpeters at jerusalem ~]$ There also are some userspace daemons that often start up when you are logged in (IE in gnome) that exit when you actually log out.