You are not logged in.

#1 2012-10-12 18:38:36

LiranV
Member
Registered: 2012-02-27
Posts: 57

Security - XScreenSaver with XFCE

Hi guys,
I've installed Arch on my netbook and I'm using XFCE as my DE.
I also installed xscreensaver-arch-logo package from AUR.

I'm starting my DE like this:
1) boot.
2) from tty1 enter my login and password.
3) execute "startx" which loads XFCE and XFCE loads xscreensaver automatically for my understanding.

Now the problem is that while the PC is locked by xscreensaver I can just do "alt + ctrl + f1" to go back to tty1 and then just press "ctrl + c" and it will return to my logged in user in tty1,
and from there anyone can do what he wants with my user.

What can I do to block this from happening? After all it's not enough to just make the computer look like it's locked smile

Offline

#2 2012-10-12 18:56:45

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,592
Website

Re: Security - XScreenSaver with XFCE

So use a greeter and do not login to your console.  I suggest lxdm.


CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#3 2012-10-12 19:00:51

Pres
Member
Registered: 2011-09-12
Posts: 423

Re: Security - XScreenSaver with XFCE

Offline

#4 2012-10-12 19:01:13

ZekeSulastin
Member
Registered: 2010-09-20
Posts: 266

Re: Security - XScreenSaver with XFCE

exec startx

Offline

#5 2012-10-12 19:03:02

LiranV
Member
Registered: 2012-02-27
Posts: 57

Re: Security - XScreenSaver with XFCE

ZekeSulastin, can you please explain what it does when you prefix startx with exec?

Edit: Using exec solve half of the problem. Because now when I do "ctrl + c" in tty1 it exit's the DE and logout of the user. But what if I had somthing importent and unsaved running in the DE? It will be lost.

Last edited by LiranV (2012-10-12 19:07:14)

Offline

#6 2012-10-12 19:11:40

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,592
Website

Re: Security - XScreenSaver with XFCE

LiranV wrote:

Edit: Using exec solve half of the problem. Because now when I do "ctrl + c" in tty1 it exit's the DE and logout of the user. But what if I had somthing importent and unsaved running in the DE? It will be lost.


Mumble-mumble...

graysky wrote:

So use a greeter and do not login to your console.  I suggest lxdm.

...mumble.


CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#7 2012-10-12 19:15:40

LiranV
Member
Registered: 2012-02-27
Posts: 57

Re: Security - XScreenSaver with XFCE

graysky wrote:

So use a greeter and do not login to your console.  I suggest lxdm.

Thanks for the help but I don't want a graphical login manager.

By the way, I still didn't solved this issue so please share a sulotion if you have one.

Last edited by LiranV (2012-10-12 19:37:42)

Offline

#8 2012-10-12 19:48:00

Pres
Member
Registered: 2011-09-12
Posts: 423

Re: Security - XScreenSaver with XFCE

I use this in my .bash_profile. You'll need to adjust it if you don't automatically startx on login (alias it most likely). Install vlock, which allows you to lock tty's. There are also other way's to accomplish this if you look at the Gentoo article I posted up above.

if [[ -z $DISPLAY ]] && [[ $(tty) = /dev/tty1 ]]; then
  exec nohup startx &
  sleep 10
  vlock 
fi

Offline

#9 2012-10-12 20:02:21

brebs
Member
Registered: 2007-04-03
Posts: 3,742

Re: Security - XScreenSaver with XFCE

An interesting issue smile  I just tried this, seems to work OK:  In ~/.bashrc:

alias x='setsid /usr/bin/startx -- -nolisten tcp & logout'

Offline

#10 2012-10-12 20:19:09

LiranV
Member
Registered: 2012-02-27
Posts: 57

Re: Security - XScreenSaver with XFCE

brebs wrote:

An interesting issue smile  I just tried this, seems to work OK:  In ~/.bashrc:

alias x='setsid /usr/bin/startx -- -nolisten tcp & logout'

Thanks a lot! It's seems to work just fine!
Can you please share where did you find this solution? Shouldn't this be added to the wiki or something?

So if I understand the command correctly it goes something like:
start "startx" on new session seperate from tty1 with nolisten on tcp (which disables the option of connecting to the x server?) and then logout from the current session.
Is this right?

Edit:
There is one problem I found with this.
When I login using this method I'm unable to shutdown via XFCE's menu as "Switch User" "Suspend" & "Shut Down" are all greyed out.

Last edited by LiranV (2012-10-12 20:24:37)

Offline

#11 2012-10-12 20:47:28

brebs
Member
Registered: 2007-04-03
Posts: 3,742

Re: Security - XScreenSaver with XFCE

LiranV wrote:

where did you find this solution?

setsid startx is mentioned on Gentoo wiki.

The nolisten tcp is for a separate issue (remote connections).

Shouldn't this be added to the wiki

Sure, but note that I just tried this for the first time ever, 10 minutes ago wink

unable to shutdown via XFCE's menu

Probably an issue with polkit, which I have uninstalled anyway because it's gone nuts. The XFCE "log out" button works fine.

Offline

#12 2012-10-12 21:38:49

ZekeSulastin
Member
Registered: 2010-09-20
Posts: 266

Re: Security - XScreenSaver with XFCE

Also an idea - try 'exec startx -- vt1' as indicated on the wiki article Start X at Login (you can just make an alias if you don't need the line in bash_profile).  No need to use vlock or sleep or w/e, and it keeps X on the tty you logged in from, a necessity for systemd-logind's session management if you're starting X from a console (you never did indicate if you were using systemd or initscripts+consolekit wrt XFCE's power menu).

graysky: don't do that 'mumble mumble' crap when you clearly only have a partial view of the problem and solution.  Forgive me for not posting the rest of the line, as I'm rather used to X starting in the same tty.

Last edited by ZekeSulastin (2012-10-12 21:42:03)

Offline

#13 2012-10-13 00:56:26

LiranV
Member
Registered: 2012-02-27
Posts: 57

Re: Security - XScreenSaver with XFCE

For some reason 'exec startx -- vt1' starts the DE in "tty7" (like it normally do).

brebs, Yes the logout button is the only one who work but if I want to shutdown or reboot the system I don't want to do it from the terminal all the time and having to enter my root password everytime.

Offline

#14 2012-10-13 01:04:57

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,592
Website

Re: Security - XScreenSaver with XFCE

I know you don't want to but try lxdm.  What is your aversion to using one?  You have to login to a tty so why not login to a graphical one?


CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#15 2012-10-13 02:23:48

brebs
Member
Registered: 2007-04-03
Posts: 3,742

Re: Security - XScreenSaver with XFCE

LiranV wrote:

if I want to shutdown or reboot the system I don't want to do it from the terminal all the time and having to enter my root password everytime.

That's not necessary. Use the 3-fingered salute (keys Alt, Ctrl, Delete) to trigger a shutdown - no need to log in.

Offline

#16 2012-10-13 02:40:58

WonderWoofy
Member
From: Los Gatos, CA
Registered: 2012-05-19
Posts: 8,414

Re: Security - XScreenSaver with XFCE

Also, did you actually read the link Pres provided in the 3rd post?  It provides a couple of solutions to the problem when using console login and one solution for using a graphical (which I seem to gather you are staunchly opposed to).  In any case, you could have found a solution quite a ways back in this thread.

Offline

#17 2012-10-13 09:48:04

LiranV
Member
Registered: 2012-02-27
Posts: 57

Re: Security - XScreenSaver with XFCE

WonderWoofy wrote:

Also, did you actually read the link Pres provided in the 3rd post?  It provides a couple of solutions to the problem when using console login and one solution for using a graphical (which I seem to gather you are staunchly opposed to).  In any case, you could have found a solution quite a ways back in this thread.

If you read the thread from top to bottom you shoul'd know that the solution 'brebs' gave me worked but raised other "problems".
And yes I did read the link in the 3rd post, and the solutions there didn't really helped me (I didn't try them all because I didn't like them all).

Offline

#18 2012-10-13 13:01:22

brebs
Member
Registered: 2007-04-03
Posts: 3,742

Re: Security - XScreenSaver with XFCE

LiranV, I suggest you see if nohup works better for the XFCE shutdown button.

Best I've found so far:

alias x='setsid /usr/bin/startx -- -nolisten tcp &> ~/.xorg.log & logout'

Offline

#19 2012-10-13 13:26:40

LiranV
Member
Registered: 2012-02-27
Posts: 57

Re: Security - XScreenSaver with XFCE

This:
alias x='setsid /usr/bin/startx -- -nolisten tcp &> ~/.xorg.log & logout'

Is just like:
alias x='setsid /usr/bin/startx -- -nolisten tcp & logout'

But with saving xorg log to home folder?

Anyway, whats causing the greyed out Shut down etc. is the "& logout" at the end of the commands.
I think if I can get XFCE to start on the tty that I login from this will be just fine. Any idea how can I do that? (startx --vt1 doesn't seem to work - just starts in "tty7")

Offline

#20 2012-10-13 22:28:44

Radioactiveman
Member
From: Germany
Registered: 2010-05-13
Posts: 388

Re: Security - XScreenSaver with XFCE

Have you tried vlock?

.xinitrc

exec startxfce4 --with-ck-launch

And an alias like

alias startx='exec nohup startx >/dev/null 2>&1 & vlock'

Offline

#21 2012-10-14 14:12:20

LiranV
Member
Registered: 2012-02-27
Posts: 57

Re: Security - XScreenSaver with XFCE

This starts to be painful to solve.
I initially thought that some people use this kind of login method and this should be quite easy to set. Apparently I was wrong smile
I guess I should consider using DM like Slim or LXDM.
I tried to avoid GUI login screens because I'm running on a slow netbook and I wanted to keep the boot time short as possible.
If anyone do use the startx method I would love to hear about it big_smile

Offline

#22 2012-10-14 14:27:30

WonderWoofy
Member
From: Los Gatos, CA
Registered: 2012-05-19
Posts: 8,414

Re: Security - XScreenSaver with XFCE

I use systemd, and have it automatically drop me into an X session.  I did this by creating a couple services, and it was actually super easy.

I found the necessary info here:
https://bbs.archlinux.org/viewtopic.php?id=147913

This way, there is no logged in tty, and certainly no DM. But it does drop you into the gui w/o asking for a password.  But it seems like you are more worried about the computer inactivity thingy timing out and the access at that point.

Offline

#23 2012-10-14 15:21:42

Radioactiveman
Member
From: Germany
Registered: 2010-05-13
Posts: 388

Re: Security - XScreenSaver with XFCE

LiranV wrote:

This starts to be painful to solve.
If anyone do use the startx method I would love to hear about it big_smile

Have you even tried my solution?
Of course vlock should be installed...

Offline

#24 2012-10-14 15:28:40

WonderWoofy
Member
From: Los Gatos, CA
Registered: 2012-05-19
Posts: 8,414

Re: Security - XScreenSaver with XFCE

@Radioactiveman, unfortunately, it seems as though the OP is kind of weeding through the suggestions, trying a couple here and there, then saying the untried are not optimal.  I think there were two very real and good solutions in the gentoo link in the third post.  If not an end solution, they were both good points to start with (actually, one of them was simply backgrounding, disowning, then logging out, which I see as super simple and definitely something that one could add to or fix).

Offline

#25 2012-10-14 15:40:55

LiranV
Member
Registered: 2012-02-27
Posts: 57

Re: Security - XScreenSaver with XFCE

WonderWoofy wrote:

one of them was simply backgrounding, disowning, then logging out

I've tried that... didn't seem to work.

Offline

Board footer

Powered by FluxBB