Arch Linux

moere

Member

Registered: 2010-02-14

Posts: 29

[solved] lxde - lock screen -how to not allow to kill x and change ter

Hi,

I am using LXDE.

What I want:

I would like to lock my screen and the only option then should be to relogin
as the current user (that one who locked the screen).
And no other action should be possible.
( not being able to kill x via ctrl+alt+backspace,
not being able to switch to another virtual console via ctrl+alt+F1 to Fxy)

What I tried:

I tried using xscreensaver ...
and slock.
slock seems great.

Killing my x session with ctrl+alt+backspace is not possible.
I guess because I did not configure that.

But it is possible to change the console via ctrl+alt+Fxy.

I use auto login via mingetty http://wiki.archlinux.org/index.php/Aut … al_consoleand I startx in my .bash_profile (on tty1 only).

So if I now lock my screen it is possible to change to tty1 (via ctrl+alt+F1) and
to kill the x server with ctrl+c.
And then the bad buy has control of my useraccount.

He can even logout and on tty1 he is logged in as me again.
Is there a way to prohibit to kill the xserver or to change the virtual console? (But only when the screen is locked,
in non locked screen mode I still would like to be able to change the virtual console).

And is there a way to not auto login when the user logs out?
So that he only auto logs in on boot up?
(All this is happening on my laptop where I have a encrypted disk
so if I power on my laptop I still have to prompt a password,
so auto log in on boot up seems to make sense to me).

Last edited by moere (2010-04-06 09:36:10)

moere

Member

Registered: 2010-02-14

Posts: 29

Re: [solved] lxde - lock screen -how to not allow to kill x and change ter

alright.

I guess I solved it on my own.

What I did:

I wrote a tiny lock.sh script:

#!/bin/bash
xmodmap ~/.xmodlockscreen
slock
xmodmap ~/.xmodunlockscreen

Before starting slock a different keymap is loaded.
And after unlocking the screen again the default keymap is
loaded.

This http://wiki.archlinux.org/index.php/Xmodmap wiki article helped me
on how to use xmodmap for my purpose.

Now when the screen is locked,
I can make the ctrl and alt keys unuseable and
nobody can do anything to the laptop but typing in the correct
passwort... well.. or stealing it or kill it by taking out the battery or AC or something like that.

Profjim

Member

From: NYC

Registered: 2008-03-24

Posts: 658

Re: [solved] lxde - lock screen -how to not allow to kill x and change ter

That's a good solution.

These can be put into your /etc/X11/xorg.conf "ServerFlags" block. (You can also put them in .fdi files if you don't use xorg.conf, but I won't explain the syntax for that since we're soon moving off of HAL anyway.)

"Options" "DontVTSwitch" "true" # defaults to false
"Options" "DontZap" "true" # defaults to true

You might also remap the Terminate_Server key in your xmodmap file, so that if you do ever enable the server-zapping, that key will be disabled while on the screensaver, too.

Another solution is to use cdm as your login manager. It will start the X session in the background, and immediately log the console out. Then if anyone does ctrl-alt-1, they'll be confronted with a login prompt, not an open terminal. I don't claim this is a better option, just that it's an option.

Last edited by Profjim (2010-04-05 17:09:28)

brisbin33

Member

From: boston, ma

Registered: 2008-07-24

Posts: 1,796

Website

Re: [solved] lxde - lock screen -how to not allow to kill x and change ter

and I startx in my .bash_profile

you could've just put 'startx; logout' in .bash_profile.

KISS ftw.

---

//github/

Profjim

Member

From: NYC

Registered: 2008-03-24

Posts: 658

Re: [solved] lxde - lock screen -how to not allow to kill x and change ter

and I startx in my .bash_profile

you could've just put 'startx; logout' in .bash_profile.

KISS ftw.

Isn't that too simple? startx won't return until your X session terminates. So roommates will still be able to kill the X session. Sure, they *probably* won't be quick enough to hit ^C after doing so and interrupt the script before it logs out... but I think the OP's proposal is a better solution.

moere

Member

Registered: 2010-02-14

Posts: 29

Re: [solved] lxde - lock screen -how to not allow to kill x and change ter

Thanks for your replies.

I do not use the xorg.conf.

@Profjim:
Why are we moving off of HAL?
Where are we moving then?

Peasantoid

Member

Registered: 2009-04-26

Posts: 928

Website

Re: [solved] lxde - lock screen -how to not allow to kill x and change ter

OP: You might also consider vlock.

vlock -an

Note that you need to add yourself to the 'vlock' group.

Profjim

Member

From: NYC

Registered: 2008-03-24

Posts: 658

Re: [solved] lxde - lock screen -how to not allow to kill x and change ter

@Profjim:
Why are we moving off of HAL?
Where are we moving then?

hal is deprecated, everyone is moving off it. xorg-server 1.8 no longer uses hal, it manages hot-plugging using udev instead. Those xorg packages aren't yet in main Arch repos (not even the "testing" repo), but there's a bleeding-edge testing repo available. (See the arch-dev-public mailing list.) Eventually this will show up in extra; the wiki will explain what you need to do to update your config files from /etc/hal/fdi/policy/*.fdi to the new format; and so on. But right now everything is in flux.

If you want to know more, google something like

hal deprecated xorg

.

I was just being lazy and didn't want to convert from the xorg.conf format to the hal format when in a few months, that info will be obsolete anyway.

brisbin33

Member

From: boston, ma

Registered: 2008-07-24

Posts: 1,796

Website

Re: [solved] lxde - lock screen -how to not allow to kill x and change ter

and I startx in my .bash_profile

you could've just put 'startx; logout' in .bash_profile.

KISS ftw.

Isn't that too simple? startx won't return until your X session terminates. So roommates will still be able to kill the X session. Sure, they *probably* won't be quick enough to hit ^C after doing so and interrupt the script before it logs out... but I think the OP's proposal is a better solution.

um what? when x dies for any reason logout is called, that was the intention right?.  are you saying 2+ quick ^C's would preempt the call to logout? i'd have to test that.

---

//github/

Profjim

Member

From: NYC

Registered: 2008-03-24

Posts: 658

Re: [solved] lxde - lock screen -how to not allow to kill x and change ter

you could've just put 'startx; logout' in .bash_profile.

KISS ftw.

Isn't that too simple? startx won't return until your X session terminates. So roommates will still be able to kill the X session. Sure, they *probably* won't be quick enough to hit ^C after doing so and interrupt the script before it logs out... but I think the OP's proposal is a better solution.

um what? when x dies for any reason logout is called, that was the intention right?.  are you saying 2+ quick ^C's would preempt the call to logout? i'd have to test that.

If you put up the X screensaver and walk away, and someone can walk up and switch to the console that's still running startx, then yes there is a race condition and they might in principle be able to kill startx and interrupt the script before logout runs. I don't know how easy it would be do that in practice, probably not that easy.

I didn't mean to make much fuss about that. But the cdm technique is better: startx gets started in the background (I helped in developing that; it was tricky figuring out how to make that work with all the different options cdm permits, but I think it's stable now). So if you switch to the console, the session is *already* logged out, even while X is still running.

I like the OP's proposal even better: wrap the screensaver activation with a script that disables then re-enables the keys allowing passersby to switch to consoles. You can also disable the keys that allow passersby to kill X, in case you've changed the default X setting and made that key normally available.

That's the downside of your method that I meant to be calling attention to: the OP's method can prevent passersby from even being able to kill the X session. Whereas your method would at least allow them to change to console and hit ^C once, killing the X session. Passerby kills the X session == you may lose some work.

(Admittedly,  if you thwart a determined passerby in killing your X session via keyboard-fu, he might start looking at your power cord...)