CentOS - Sep 2006 - Gnome Desktop Screensaver Security Lock Override?

We deployed our first CentOS-4 based workstation this past spring to see
if we can conveniently replace all, or at least most, of our MS-Win based
user systems with Linux boxes instead.  Generally this trial unit has
proved a success but there is one lingering problem that I cannot seem to
find a straight-forward answer to: Is there an administrator override to a
user's password protected screensaver terminal lock?  So far the solution
seems to have been brute force system resets and I am not happy with this
caviler approach to what should be a simple, and safe, administrative
procedure.

So, is there an equivalent function to MS-Win's administrator login to
force entry into a locked terminal and make it available for others?

Regards,
Jim


--
***     e-mail is NOT a secure channel     ***
James B. Byrne                mailto:ByrneJB.<token>@Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3CE               delivery <token> = hal

On Sep 18, 2006, at 10:47 AM, James B. Byrne wrote:
> We deployed our first CentOS-4 based workstation this past spring  
> to see
> if we can conveniently replace all, or at least most, of our MS-Win  
> based
> user systems with Linux boxes instead.  Generally this trial unit has
> proved a success but there is one lingering problem that I cannot  
> seem to
> find a straight-forward answer to: Is there an administrator  
> override to a
> user's password protected screensaver terminal lock?  So far the  
> solution
> seems to have been brute force system resets and I am not happy  
> with this
> caviler approach to what should be a simple, and safe, administrative
> procedure.
>
> So, is there an equivalent function to MS-Win's administrator login to
> force entry into a locked terminal and make it available for others?
1. ssh in
2. become root
3. pkill -u <username of user who locked the screen> -f -x  
"^xscreensaver -nosplash$"

i think that'll do it for you; try it on a noncritical system first :)

-steve

--
If this were played upon a stage now, I could condemn it as an  
improbable fiction. - Fabian, Twelfth Night, III,v

James B. Byrne wrote:
> We deployed our first CentOS-4 based workstation this past spring to see
> if we can conveniently replace all, or at least most, of our MS-Win based
> user systems with Linux boxes instead.  Generally this trial unit has
> proved a success but there is one lingering problem that I cannot seem to
> find a straight-forward answer to: Is there an administrator override to a
> user's password protected screensaver terminal lock?  So far the
solution
> seems to have been brute force system resets and I am not happy with this
> caviler approach to what should be a simple, and safe, administrative
> procedure.
> 
> So, is there an equivalent function to MS-Win's administrator login to
> force entry into a locked terminal and make it available for others?
Here is a brute-force approach: you can force the X server to shutdown with
control-alt-backspace.  The screensaver does not appear
to trap that key sequence for special handling, so it gets passed through to X,
which shuts down.  The init process should respawn
the X server when it detects it's death.

Be warned, I don't think this cleanly shuts any running applications down. 
It forces the X server to die and any child processes
will most likely die unpleasantly.  I've used it before but only as a last
resort.  On the other hand, I've done it accidentally
when trying to change screen resolutions with control-alt-+, too.  I haven't
had any horrible problems with this, but I am a bit
leery of using it unless the need is extreme.

Hope that helps!
-- 
Jay Leafey - Memphis, TN
jay.leafey at mindless.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5177 bytes
Desc: S/MIME Cryptographic Signature
URL:
<http://lists.centos.org/pipermail/centos/attachments/20060918/35934549/attachment-0002.bin>

On Mon, 18 Sep 2006 10:59:21 -0400, Steve Huff <shuff at vecna.org> wrote:
>
> 1. ssh in
> 2. become root
> 3. pkill -u <username of user who locked the screen> -f -x
> "^xscreensaver -nosplash$"
Yes, I have done something si,milar to this in thepast but I was hoping
that there might be away to accomplish the administraor override from the
unit console of the system in question.  I infer then that there is no
such capability built into gnome, correct?

It appears then that we will have to disable the screensvar terminal lock
function since too many people in our organization have the habit of just
leaving that desk with their sessions left on.  Is there an auto logout
capability in CentOS-4 that I can enable instead, so that after say 10
minutes of inactivity the user session is terminated?

Regards,
Jim
-- 
***     e-mail is NOT a secure channel     ***
James B. Byrne                mailto:ByrneJB.<token>@Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3CE               delivery <token> = hal