[CentOS] How to disable screen locking system-wide?

Thu Jan 20 11:05:19 UTC 2011
John Hodrien <J.H.Hodrien at leeds.ac.uk>

On Thu, 20 Jan 2011, Rudi Ahlers wrote:

>> I think I see things differently.  Allowing others to access your account *is*
>> a security risk.  It potentially opens confidential data open to other people,
>> and leaves that specific user open to abuse through people using their
>> machine.  You might as well just pin your passwords on the notice board and be
>> done.  After all, you trust all your staff.
> I don't agree with that, sorry.
> A few years ago one of our staff members decided his salary isn't good
> enough so he started a side-line business, on our company time. He
> stole some of our client's data (contact details, emails, and even
> contracts) and sold it to 3rd parties. This went on for about 6 months
> before we actually realized what was going on.

Yes, and with poor security like you're describing, you can actually mask your
activity under someone else's account.  Having weak security on accounts (and
leaving them unlocked definitely counts as that) makes this sort of abuse much
easier to hide.  If you can't reasonably trust (and there are various reasons
why you should never 100% trust this) that activity under an account maps back
to an individual, you've really diluted the quality of your evidence.

> Needless to say, he was fined heavily and sent to jail for 3 years.
> So, I don't care if you feel the PC is your's, as long as it's a
> company PC, with company data and company property, we will take a
> look at the data on it.

You're very much mixing two issues.  I have no objection with admins having
access to machines and data.  Some random colleague being able to pop open a
file browser and download some company confidential material, or send an email
to a client, or download some illegal material to my desktop?  No thanks.

An account is a personal account that should not be shared.  You shouldn't
tell someone else your password, nor should you let them use your account
unsupervised.  This is a rule that's often relaxed (shared accounts, admin
accounts etc.), but relaxing it doesn't typically improve security, it just
sometimes makes things easier to do.  But you should always be aware of the
compromises you're making by doing so.