XScreeensaver must be one of the coolest programs ever, many of the "hacks" (screensavers) bring me nerdy delight. Unfortunately, do to security reasons it can't lock the screen as root. I understand this and think it is a good thing not to provide a false sense of security. However, understanding that the locking is not really secure I just wanted something that would prevent my friends from posting things to my facebook on the computer that I run as root (yes, I know I shouldn't).
For a while I used xlockmore but the selection of screensavers wasn't quite the same and you can't easily add more. So I was looking for a while for a way to hack xscreensaver into locking my root user display when I acidently stumbled into this solution.
ONCE AGAIN, THIS IS A BAD IDEAtm. DON'T JUST DO IT BECAUSE IT SOUNDS COOL, LOOK UP THE RISKS AND FULLY UNDERSTAND THEM BEFORE YOU DO THIS. I am not responsible if ninjas break into your house and are able to unlock your computer (they can) or anything else that happens as a result of you trying this, YOU HAVE BEEN WARNED.
How to do it
The basic principle is that you are actually running xscreensaver as another user, who isn't root, and giving them access to your X display. Please realize that once they have access to your display it is trivial to open a terminal and execute arbitrary commands (not that it matters because your screen isn't really locked anyway).
The following commands are all run as root but I am using $s so that SyntaxHighlighter doesn't think the line is a comment.
$ useradd -m xscreensaver # Create the user. $ passwd xscreensaver # Give them the password that you want to unlock the screen with. Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
That's pretty much it. Notice that you are actually using the xscreensaver user's login credentials to unlock the screen. Now all you have to do is use the following commands to launch xscreensaver. Please note that the following command does not daemonize so you may need a & after the command to launch it in the background.
$ xhost +local: # Allow local users to access your screen. $ sudo -u kevin xscreensaver -no-splash
There you go. There is just one last thing, since xscreensaver is running as a different user you will have to configure it as that user as well. The following command will pop up the settings window as the following user. While you have to run the settings as the xscreensaver user all the other commands such as xscreensaver-command should work when run as root.
$ sudo -u kevin xscreensaver-demo
There you have it, xscreensaver with locking as root. Remember, you shouldn't do this, but if you do, enjoy.
This comment has been removed by the author.
ReplyDelete