|
发表于 2003-12-17 00:11:11
|
显示全部楼层
When I'm logged in as root, xscreensaver won't lock my screen!
Don't log in as root.
Please note that xscreensaver works fine as a screen saver when you are logged in as root: it will not, however, lock your screen when you are logged in as root. This is for good and insurmountable security reasons.
In order for it to be safe for xscreensaver to be launched by xdm, certain precautions had to be taken, among them that xscreensaver never runs as root. In particular, if it is launched as root (as xdm is likely to do), xscreensaver will disavow its privileges, and switch itself to a safe user id (such as ``nobody''.)
An implication of this is that if you log in as root on the console, xscreensaver will refuse to lock the screen (because it can't tell the difference between root being logged in on the console, and a normal user being logged in on the console but xscreensaver having been launched by the xdm ``Xsetup'' file.)
The solution to this is simple: you shouldn't be logging in on the console as root in the first place! (What, are you crazy or something?)
Proper Unix hygiene dictates that you should log in as yourself, and su to root as necessary. People who spend their day logged in as root are just begging for disaster.
When I'm logged in as root, xscreensaver won't launch at all!
Don't log in as root.
As described above, xscreensaver disavows its privileges if it finds that it is running as root, for security reasons. An unfortunate side-effect of this is that it may conflict with cookie-based authentication.
If the X server is running as one user (e.g., ``root'') and xscreensaver is running as another user (e.g., ``nobody'') then the xscreensaver process might not be allowed to connect to the X display at all, since it isn't running as the same user.
One way around this is to run the command xhost +localhost before launching xscreensaver.
But beware! This will give access to the X server to anyone capable of logging in to the local machine, and in some environments, that could be considered an unacceptable security risk. |
|