Re: Lock session vs. End session

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Anne Wilson wrote:
In security terms, is there any difference between ending a session (logout of X) and locking a session?

Anne

If I understand what you are asking - yes.
By lock session, you mean "Lock Screen" ??

If you just lock the session - your user is still the console use and has permission to write to certain device nodes. When you log out, your user gives up those permissions.

[mpeters@athens ~]$ ls -l /dev/ |grep mpeters |wc -l
29
[mpeters@athens ~]$

That's 29 device nodes that I have permission on because I am the console user. When I log out, they revert to default (typically root) ownership.

For example - lock your screen and ssh in from elsewhere - then run the eject command. The CD tray should shoot out (unless you have a slot loader ...)

Log out at the console and try it - it will fail:

[mpeters@athens ~]$ ssh jerusalem
mpeters@jerusalem's password:
Last login: Tue Feb 12 01:55:49 2008 from 192.168.15.100
[mpeters@jerusalem ~]$ eject
eject: unable to open `/dev/hdc'
[mpeters@jerusalem ~]$



There also are some userspace daemons that often start up when you are logged in (IE in gnome) that exit when you actually log out.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux