DRI3000
DRI3000
Posted Feb 23, 2013 22:12 UTC (Sat) by Serge (guest, #84957)In reply to: DRI3000 by khim
Parent article: LCA: The X-men speak
Good. Many people have a dedicated machine, often more than one, they need neither C-A-Del, nor C-A-BS, nor SAK, they just lock screen and don't worry about such things.
> this is where you conveniently change your usecase to make sure you'll win the argument. Why would I log out?
I explained a more complex case, since I wasn't sure what you actually want. What you have described is a regular switch user (http://i.imgur.com/uhIeO.png) feature that is supported in every distribution around.
To protect from someone creating a screensaver-like tool with fake "Switch User" button, you can configure display manager to autologin on tty1 and run a single program with the large "Switch User" button on it. After that to be safe every time you want to enter the password you press Ctrl+Alt+F1. :)
> Windows received this ability in Windows Vista which is six year old by now!
That's another ability. Under Linux on any virtual console you can run arbitrary "guaranteed secure set of programs", anything you want, not just winlogon dialog.
> Both Linux and Windows continue to evolve and while some places where Linux is better still remain Windows is better in many, many aspects.
Windows is usually better if you got used to it and its bugs. Windows is also often better when it works right out of the box and does exactly what you want. But when you want more, or want to optimize it for your needs, it's easier to configure linux then fight with windows. IMHO, of course.
Posted Feb 23, 2013 23:10 UTC (Sat)
by lindi (subscriber, #53135)
[Link] (2 responses)
Before we can assess the security of your solution I think you need to first implement it. Before we can assess the usability of your solution I think you need at least a few hundred users. Sorry but the devil is usually in the implementation details :) Also, constantly running a second X server on tty1 wastes memory.
Posted Feb 24, 2013 13:19 UTC (Sun)
by khim (subscriber, #9252)
[Link]
This waste is limited and should be similar to what Windows wastes for it's own login screen. So that's not a problem. This is a problem. Serge may argue that his solution is perfect (because it's not implemented and thus you can not argue about it's weaknesses) while I argue that it's extremely bad: solution which exists and is used is always more secure on practice then another solution which does not exist and is only imagined by someone.
Posted Feb 25, 2013 10:46 UTC (Mon)
by Serge (guest, #84957)
[Link]
It's easy. Create user "switcher", configure your DM to autologin it, and set its session to a shell script like this:
while true; do if zenity --info --text 'Switch Session'; then gdmflexiserver; fi; done
Just tested it with Ubuntu and LightDM.
> Before we can assess the usability of your solution I think you need at least a few hundred users.
How are you going to find them? Most people don't need it. Those few who really need it are skilled enough to write one-line-shell-script themselves. :)
> Also, constantly running a second X server on tty1 wastes memory.
Yeah, about 10-15 MB. If that's too much you can replace `zenity` with console `dialog` and run similar script instead of getty. Unlike Windows there're lots of options. :)
DRI3000
DRI3000
Also, constantly running a second X server on tty1 wastes memory.
Before we can assess the security of your solution I think you need to first implement it. Before we can assess the usability of your solution I think you need at least a few hundred users.
DRI3000