LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-08-2004, 05:42 PM   #1
darkleaf
Senior Member
 
Registered: Jun 2004
Location: the Netherlands
Distribution: debian SID
Posts: 2,170

Rep: Reputation: 45
startx/graphical login manager


I've noticed that if I start fluxbox with startx I can still kill the xserver with CTRL_ALT_BSP if the screen is locked, so basically everyone who knows this has access to my user account and can start graphically again.

Now preferably I don;t want to use a graphical login manager but it seems to me it's the only way to secure this or is there another way?
 
Old 10-08-2004, 05:51 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982
in the serverflags section of your XF86config (or xorg.conf) file, add in (or frequently uncomment) a line saying
Code:
Option  "DontZap"  "true"
this should disable those key combinations
 
Old 10-08-2004, 06:01 PM   #3
mirradric
Member
 
Registered: May 2004
Location: Singapore
Distribution: Debian woody and debian sarge
Posts: 188

Rep: Reputation: 31
One trick that I used...
i made startx an alias to startx & exit

so i'll be logged out of the console once x starts. Even if some1 zaps X, he'll end up at a login prompt.
 
Old 10-09-2004, 04:31 AM   #4
darkleaf
Senior Member
 
Registered: Jun 2004
Location: the Netherlands
Distribution: debian SID
Posts: 2,170

Original Poster
Rep: Reputation: 45
Quote:
Originally posted by mirradric
One trick that I used...
i made startx an alias to startx & exit

so i'll be logged out of the console once x starts. Even if some1 zaps X, he'll end up at a login prompt.
This is what I want to do I still want to use those key combinations myself.

But how do I add that in an alias. When I just start with "startx && exit" it works but when I have "startx="startx; exit"" or "startx="startx & exit"" or "startx="startx&&exit"" as alias in my ~/.bashrc or ~/.local_bashrc it doesn't work
 
Old 10-09-2004, 05:41 AM   #5
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982
in .bashrc:
Code:
alias startx='startx && exit'
 
Old 10-09-2004, 05:45 AM   #6
mirradric
Member
 
Registered: May 2004
Location: Singapore
Distribution: Debian woody and debian sarge
Posts: 188

Rep: Reputation: 31
hmmm....
Code:
alias startx="startx & exit"
worked for me.
 
Old 10-09-2004, 06:31 AM   #7
darkleaf
Senior Member
 
Registered: Jun 2004
Location: the Netherlands
Distribution: debian SID
Posts: 2,170

Original Poster
Rep: Reputation: 45
Maybe you can spot the error:

Quote:
# ~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples

# If not running interactively, don't do anything:
[ -z "$PS1" ] && return

# don't put duplicate lines in the history. See bash(1) for more options
#export HISTCONTROL=ignoredups

# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
#shopt -s checkwinsize

# enable color support of ls and also add handy aliases
if [ "$TERM" != "dumb" ]; then
eval `dircolors -b`
alias ls='ls --color=auto'
#alias dir='ls --color=auto --format=vertical'
#alias vdir='ls --color=auto --format=long'
fi

# some more ls aliases
#alias ll='ls -l'
#alias la='ls -A'
#alias l='ls -CF'

alias startx='startx && exit'

# set variable identifying the chroot you work in (used in the prompt below)
#if [ -z "$debian_chroot" -a -r /etc/debian_chroot ]; then
# debian_chroot=$(cat /etc/debian_chroot)
#fi

# set a fancy prompt (non-color)
PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
# Comment in the above and uncomment this below for a color prompt
#PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '

# If this is an xterm set the title to user@host:dir
case $TERM in
xterm*|rxvt*)
PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME}: ${PWD}\007"'
;;
*)
;;
esac

# enable programmable completion features (you don't need to enable
# this, if it's already enabled in /etc/bash.bashrc).
#if [ -f /etc/bash_completion ]; then
# . /etc/bash_completion
#fi
 
Old 10-09-2004, 06:51 AM   #8
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982
Quote:
Originally posted by mirradric
hmmm....
Code:
alias startx="startx & exit"
worked for me.
actually yeah that's better i'd say, as the single & just forks and then logs out. whereas the && only exits after a successful quit of X... and thinking about it, zapping X might even return an error code, meaning exit won't even run... so ignore me, and use mirradric's version.
 
Old 10-10-2004, 05:19 AM   #9
darkleaf
Senior Member
 
Registered: Jun 2004
Location: the Netherlands
Distribution: debian SID
Posts: 2,170

Original Poster
Rep: Reputation: 45
I think I found the problem. If I made the alias different than startx so for example just x it would give unknown command. Now if I do this:

Code:
bash
x
The alias is recognised but it sort of locks when I kill the xserver with CTRL-ALT-BSP, and I have to CTRL-C out. After the CTRL-C it doesn't recognize the command anymore. Could it be that I'm running a different shell than bash and how would I find this out, and make the alias work?
 
Old 10-10-2004, 05:23 AM   #10
darkleaf
Senior Member
 
Registered: Jun 2004
Location: the Netherlands
Distribution: debian SID
Posts: 2,170

Original Poster
Rep: Reputation: 45
BTW: x="startx & exit" gives the exit command to early I think as something like this is the output:

Quote:
xserver killed

exit
philip@debian:#
x="startx && exit" gives sort of a lock like I described in the post above
 
Old 10-10-2004, 05:52 AM   #11
mirradric
Member
 
Registered: May 2004
Location: Singapore
Distribution: Debian woody and debian sarge
Posts: 188

Rep: Reputation: 31
seems like
Code:
$echo $SHELL
doesn't work very well in identifying the shell.
I ran tsch from a xterm running bash followed by the above but $SHELL is still /bin/bash.

i guess that this should be safer.
Code:
echo $0
 
Old 10-10-2004, 05:58 AM   #12
mirradric
Member
 
Registered: May 2004
Location: Singapore
Distribution: Debian woody and debian sarge
Posts: 188

Rep: Reputation: 31
Quote:
Originally posted by darkleaf
I think I found the problem. If I made the alias different than startx so for example just x it would give unknown command. Now if I do this:

Code:
bash
x
The alias is recognised but it sort of locks when I kill the xserver with CTRL-ALT-BSP, and I have to CTRL-C out. After the CTRL-C it doesn't recognize the command anymore. Could it be that I'm running a different shell than bash and how would I find this out, and make the alias work?
are you first running bash then running the alias?
If this is the case, you'll not get a login prompt but just exit from the bash instance you've just created. (dropping you to your previous shell) This is not what you want.
 
Old 10-10-2004, 06:38 AM   #13
darkleaf
Senior Member
 
Registered: Jun 2004
Location: the Netherlands
Distribution: debian SID
Posts: 2,170

Original Poster
Rep: Reputation: 45
Quote:
Originally posted by mirradric
are you first running bash then running the alias?
If this is the case, you'll not get a login prompt but just exit from the bash instance you've just created. (dropping you to your previous shell) This is not what you want.
Yes that's what happening but if I don't run bash the alias isn't recognized. echo $SHELL gives me /bin/bash so that's ok. Any ideas on why it doesn't work?
 
Old 10-10-2004, 06:49 AM   #14
mirradric
Member
 
Registered: May 2004
Location: Singapore
Distribution: Debian woody and debian sarge
Posts: 188

Rep: Reputation: 31
try echo $0 before you run bash.
As I mention $SHELL seems to always contain /bin/bash. I suspect not all shells will set this variable so we can't depenent on it.

echo $0 **should** return the name of the command used to start the shell.

ps. maybe you can try adding the alias to your ~/.bash_profile instead

Last edited by mirradric; 10-10-2004 at 06:51 AM.
 
Old 10-10-2004, 08:41 AM   #15
darkleaf
Senior Member
 
Registered: Jun 2004
Location: the Netherlands
Distribution: debian SID
Posts: 2,170

Original Poster
Rep: Reputation: 45
echo $0 gives bash
editing my .bash_profile doesn't work.
I still have to run bash before the command to make it work at least a bit.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
running "startx -- -depth 16" from a graphical login crm Linux - Software 4 11-15-2004 08:43 PM
Graphical login fail, text login works livewire98801 Linux - General 2 10-11-2004 07:09 PM
[poll] Do you use a graphical login manager or not? sti Linux - General 15 01-31-2004 06:44 AM
Changin Graphical Login to command line login 3DLirio Linux - Newbie 2 10-16-2003 10:43 PM
I get a graphical login screen...have to start window manager expilcitly fundoovikas Linux - General 2 10-11-2003 02:35 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:48 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration