Version: (using KDE KDE 3.4.0) Installed from: Compiled From Sources Compiler: gcc 3.3.4 OS: Linux If a root user is logged in through tty it is shown in the switch user menu. This means that users can easily switch to root without authentication!! Personally I don't think that any tty logins should be shown just in case a user has logged in through tty and su'd to root during that session. Furthermore, just as eye candy, I would like to not see the type of login (VT and such), just the user name of users logged in only through kdm. Since my machine has many users I don't like the idea of users being able to switch to tty login I've made as root or as user and switched to root. When my users are in KDE I like to keep them there.
Created attachment 9877 [details] here is a screen shot.
and how exactly do you want to prevent your users from switching to the root login a different way? whether tty logins should be listed at all is another question. i'm still reconsidering it. maybe add an option. the listing of pts/1 is definitely not intended. probably some x terminal emulator did not set the display as the source of the login (doesn't konsole get it right, still?). i'm pondering with possible workarounds.
Well, my users don't know that they can switch out of X by hitting ctl+alt+Fkey . I keep it that way and am planning on dissabling it entirely. I think I saw somewhere that that is possible. If I do disable it will those open accounts still be shown and can we still switch to a different user? As far as the pts, it has always shown. Even after a clean login after a reboot. Recently I've been getting various exit statuses from konsole when I exit. Could it be related? What I would like to see is a list of users that have only signed in through KDM. Since root can't sign in through KDM by default (and I intend to keep it that way, thanks for that) I would feel much more secure about it.
> I keep it that way > you'll experience a bitter surprise one day. ;) > If I do disable it will those open accounts still be shown and can we > still switch to a different user? > i have no idea. never tried it.
TTY logins should not be listed, definitely. More importantly, 'switch user' should _always_ ask for authentication of the chosen user before actually switching to that user's session. The current behaviour is an important security hole. One simple way to do it, when switching from user A to B, is to systematically lock A's session before actually switching to B.
it's not a security hole, but an inconvenience. a security hole are only the users that expect it to work as osx/winxp without verifying. always locking the screen can be an inconvenience, too. that's why both "start new session" and "lock current and start new session" exist. hmm, just switching can be done without the menu, too, so always locking in this case might be worth a consideration. as for tty logins, that's your opinion. this feature is not meant for dummies only. i like to know what logins are open without switching through all terminals first.
I agree with Oswald. Users can easily lock there session before switching. Of course this is good practice. When I posted this bug I didn't mean that the system should be adapt to idiot users that don't lock there system, but that it simply shouldn't show any root logins. Also I fear that some of my not-so-savy users will switch to a login outside of KDE (even outside of X) and not know how to get back to their KDE login. Like I said, none of them now about the Ctrl+Alt+Fkey . Any news, Osswald, on the pts/0 showing?
> Any news, Os[s]wald, on the pts/0 showing? > no. what does the "who" output for such an entry look like? fwiw, i made kicker and kdesktop start the screen locker when switching via the popup menu. the assumption is that users who don't want to lock are the knowledgable ones and will use alt-ctrl-fx anyway. maybe it's even true. *g*
The who output shows pts/# . It's the same on my laptop. I guess it's a SuSE thing. I have an idea I'd like to throw out at you. What if you made the switch user menu display only users logged in through kdm (just for ease of reading show only the user name) and for usability of seeing a list of all terminals have a hotkey like Win+Esc that pops up a list of all users logged in on any vt:# . I think this would be a good compromise. The reason I'm pushing not to show technical info in the switch user menu is I want to see KDE become as user friendly as humanly possible. You have to consider that most people that use Windows use it because they don't know any different. As a result they don't know anything about computers. When my grandmother (that can barely use Windows) can sit down in front of KDE and use it without confusion, I'll say it's ready. I really don't want my wife asking me, "Why does my name have a vt:8 after it, is it OK to click on it?" There's my speech.
> The who output shows pts/# > that was obvious to me. :) more interesting is the part after the date (the FROM column in the "w" output). i suppose it is non-existing. > I guess it's a SuSE thing. > you know what? i think you're right ... i remember once patching kpty to make utempter set the "from". the result was devastating in some respect, so i gave up and put a generic utempter replacement on the todo list. > [menu only x, hotkey all] > even more diversity ... :} > I really don't want my wife asking me [...] > is this a hypothetical or a historical situation? i would really hate to add additional code just to optionally hide this information which i find very useful. aren't the parens a clear enough separation?
> that was obvious to me. Sorry, I didn't mean to insult your intellegence. No there is no column after the date. Should there be? The only linux system I've used has been SuSE. Is there something I should change? > i remember once patching kpty Any pointers? > is this a hypothetical or a historical situation? Historical. My wife has used mac exclusively for years now. She has no understanding of what goes on behind the scenes of any operating system. I thought it would be pretty comfortable for her to use the main desktop (linux) but sure enough, with kde 3.4 she asked me if it was ok to click on her user name in the switch user menu. Don't get me wrong Os, I agree. It is very useful information. But it confuses those that don't understand it and people are reluctant to use anything they don't understand. Would it be possible to show it for some users and not or others? I know I'm making my requests more and more complicated for a very simple thing. For that I apologize. I just want everything to be perfect, like I'm sure you do.
*** Bug 102006 has been marked as a duplicate of this bug. ***
I've been looking at the code for the switch user section in kdebase-3.4.0/kicker/ui/k_mnu.cpp . This piece in particular: if (dm.localSessions( sess )) for (SessList::ConstIterator it = sess.begin(); it != sess.end(); ++it) { int id = sessionsMenu->insertItem( DM::sess2Str( *it ), (*it).vt ); if (!(*it).vt ) sessionsMenu->setItemEnabled( id, false ); if ((*it).self) sessionsMenu->setItemChecked( id, true ); } } It looks to me that `id` is the variable used for the list item. I would like to change the code to send `id` through a sting search function that searches for "TTY" . If the function returns true then continue with the loop. I am a very beginner programmer and don't know any functions like this. Can you help me?
I was thinking. What if we changed the switch user menu to be more user friendly without compromising usability. I propose we break the switch user menu into sections. The first section says KDE and lists logged in users through KDM. This section shows the logged in user with their user pic beside their name. The name is in a larger font with text under it in a smaller font saying "Screen $vt_screen_number". The other section will say TTY and will list all TTY logged in users in the same fashion as the KDE section with the exception of no user pic. Of course, if their are no TTY logins the TTY section is not shown. This is a good compromise in my mind. And of course none should list the pts.
*** Bug 104564 has been marked as a duplicate of this bug. ***
bug #104564 (listing of all konsole sessions) is fixed. remains the part about listing ttys at all. i say: they stay. the only reasonable argument against it was, that lusers might not know how to get back to x. however, if they switch to a non-kde session, they are faced with practically the same problem, so i don't buy this argument at this point. it would get fixed when i put even more of the switching stuff directly into kdm, but we don't need a second open report for this .