BACKGROUND
I am running xscreensaver and have configured the settings to lock the screen automatically after 15 minutes. I have searched through the Linux - Security forum here and came across similar questions on other forums
http://nixcraft.com/getting-started-...rotection.html
Under Windows, in the Group Policy Object Editor, collapse Computer Configuration, under User Configuration, expand Administrative Templates, expand Control Panel, and then click Display. Then set Password protect the screen saver = enabled and Screen Saver Timeout = [no. of seconds]. This prevents user from changing the timeout and password protect settings.
Under Linux using xscreensaver, because it runs with setuid for root privileges in order to access the password and shadow files, even if I set the owner:group to root:root, xscreensaver will write over the .xscreensaver file and reset change the owner:group back to what it was previously for that userid.
I pinged the author of xscreensaver, whom for the most part confirmed this.
QUESTION
Is there a way to change the permissions of the .xscreensaver file and/or of the xscreensaver setuid process to restrict users from changing the lock settings?
Or is there another tool or option to restrict changes?
Elvis