On Wed, 2008-11-19 at 10:00 +0900, Coe, Colin C. (Unix Engineer) wrote: > Thanks all for the comments. > > Citing security concerns really doesn't work with people that don't see > what's so bad about telnet... > > The Solaris admins look for any excuse not to replace Solaris with Linux. > This screen unlocking is just one example. There are 8 Solaris admins vs 2 > Linux admins. > > Switching to VT1 then killing kdesktop_lock is considered too hard.
The root unlock definitely needs to work in your situation. Killing the processes of a desktop user that may have hours or days of unsaved work that could easily be saved by someone needed to do maintenance will get you guys a kicking for sure. The "you were told about this" approach just isn't good enough when your a service department and those "other" systems do it just fine! > > I'm log an SR with RedHat and take it from there. > > Thanks again. > > CC > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of John Summerfield > > Sent: Wednesday, 19 November 2008 9:17 AM > > To: Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list > > Subject: Re: [rhelv5-list] RE: Enable root to unlock screen > > saver (KDE) > > > > Sharpe, Sam J wrote: > > >> -----Original Message----- > > >> From: [EMAIL PROTECTED] [mailto:rhelv5-list- > > >> [EMAIL PROTECTED] On Behalf Of John Summerfield > > >> Coe, Colin C. (Unix Engineer) wrote: > > >>> Hi and thanks for the response. > > >>> > > >>> I should have stated more clearly that we use KDE not Gnome. The > > >> reason for this is the oil & gas apps that our > > workstations users' use > > >> work best under KDE not Gnome so to keep things standard, > > we use KDE > > >> everywhere. > > >>> On my workstation, I see these two processes: > > >>> me 8220 7283 0 15:49 ? 00:00:00 > > >> /usr/bin/kdesktop_lock --forcelock > > >>> me 8221 8220 0 15:49 ? 00:00:00 > > >> /usr/bin/kblankscrn.kss -root > > >>> There is no gnome-screensaver process. > > >>> > > >>> I have tried just using the root password to unlock the > > screen saver > > >> but this doesn't work. > > >>> Thanks > > >>> > > >>> CC > > >>> > > >> try marking one or both of those binaries setuid root and > > see whether > > >> it > > >> works. > > >> > > >> Then, you can > > >> 1. Deploy systems that way > > >> or > > >> 2. Tell the SUN users it's a security issue and the gods > > will not allow > > >> it. > > > > > > Or just tell the SUN users to follow these steps: > > > 1) CTRL-ALT-F1 to get to a console > > > 2) Login as root > > login as whomever > > startx :2 > > > 3) killall -9 kdesktop_lock > > > 4) CTRL-F7 to get back to the desktop. > > > > X is usually on tty13 on my systems:-) > > > > On reflection, interfering with another user's session is particularly > > bad form. I'm not sure my policies would permit it. The > > "unlock" screen > > should allow user switching. > > > > > > -- > > > > Cheers > > John > > > > -- spambait > > [EMAIL PROTECTED] [EMAIL PROTECTED] > > -- Advice > > http://webfoot.com/advice/email.top.php > > http://www.catb.org/~esr/faqs/smart-questions.html > > http://support.microsoft.com/kb/555375 > > > > You cannot reply off-list:-) > > > > _______________________________________________ > > rhelv5-list mailing list > > [email protected] > > https://www.redhat.com/mailman/listinfo/rhelv5-list > > > > NOTICE: This email and any attachments are confidential. > They may contain legally privileged information or > copyright material. You must not read, copy, use or > disclose them without authorisation. If you are not an > intended recipient, please contact us at once by return > email and then delete both messages and all attachments. > > > _______________________________________________ > rhelv5-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/rhelv5-list _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
