Bug 147824

Summary: Password of root unlocks screensaver for a user...
Product: [openSUSE] SUSE Linux 10.1 Reporter: Magnus Boman <mboman>
Component: GNOMEAssignee: Rodrigo Moya <rodrigo>
Status: RESOLVED WONTFIX QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: suse-beta
Version: Beta 3   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Magnus Boman 2006-02-02 21:58:57 UTC 
In GNOME, if I'm logged in as a normal user, my root password can be used to unlock the screensaver. Is that a bug or a feature? If it's a feature, then there should be some sort of text in the unlock dialog to inform about it.
Comment 1 Mark Gordon 2006-02-02 22:04:07 UTC 
I'd understood this to be a feature.
Comment 2 Magnus Boman 2006-02-02 22:16:39 UTC 
Then there should be a setting in the control panel for the screen saver to disable this feature. If I'm working on something sensitive, I don't want anyone but myself to be able to unlock the screen saver.
Comment 3 Mark Gordon 2006-02-02 22:29:20 UTC 
OK, how about allowing root to just log you out as an alternative?
Comment 4 Magnus Boman 2006-02-02 23:27:54 UTC 
Yep, that would work. That's how other desktops do it.
Comment 5 Mark Gordon 2006-02-02 23:52:52 UTC 
Hmm... now that I look, there is an option (exposed in gconf, if nowhere else) to allow logout... though I don't think it requires the root password.  Reassigning in any event.  I've heard a couple people voice concern over this feature.
Comment 6 Rodrigo Moya 2006-02-03 10:46:30 UTC 
AFAIR, xscreensaver works the same, isn't it?
Comment 7 JP Rosevear 2006-02-04 17:36:21 UTC 
Indeed, xscreensaver has worked this way for ages as well.

Root can always log in and kill the screensaver, so its not a security hole.