Anne Wilson wrote:
In security terms, is there any difference between ending a session (logout of
X) and locking a session?
Anne
If I understand what you are asking - yes.
By lock session, you mean "Lock Screen" ??
If you just lock the session - your user is still the console use and
has permission to write to certain device nodes. When you log out, your
user gives up those permissions.
[mpeters@athens ~]$ ls -l /dev/ |grep mpeters |wc -l
29
[mpeters@athens ~]$
That's 29 device nodes that I have permission on because I am the
console user. When I log out, they revert to default (typically root)
ownership.
For example - lock your screen and ssh in from elsewhere - then run the
eject command. The CD tray should shoot out (unless you have a slot
loader ...)
Log out at the console and try it - it will fail:
[mpeters@athens ~]$ ssh jerusalem
mpeters@jerusalem's password:
Last login: Tue Feb 12 01:55:49 2008 from 192.168.15.100
[mpeters@jerusalem ~]$ eject
eject: unable to open `/dev/hdc'
[mpeters@jerusalem ~]$
There also are some userspace daemons that often start up when you are
logged in (IE in gnome) that exit when you actually log out.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
