Fast User Switching
|
Fast User Switching is a feature just (as of 2004) becoming available on modern proprietary multi-user operating systems such as Windows XP and Mac OS X. It allows users to switch between user accounts on a single PC without quitting applications and logging out. The functionality was first developed on consumer level hardware by the Linux Operating system which, in 1992, started supporting multiple virtual consoles which can optionally run separate graphical X Window System sessions.
On Linux, to use the feature fully, the functionality must be enabled in the configuration file of the X display manager (for example GDM) then a hot key sequence such as CTRL-ALT-F8
is pressed. A separate login window will now appear and the second user can login (or even the first user again). Alternatively, in the default install, a user logged onto a text console can start an X windows session with a special option (e.g. startx -- :1
) to have it on a different console. Again hot key sequences allow the user switching to take place.
In some ways it is conceptually similar to the function of the UNIX command su (substitute user), which allows a user to become another user during a login session.
Fast user switching has various security implications and the handling in different operating systems varies, with each possible choice having advantages and disadvantages. One possibility is that only the first user gets ownership of resources. This is the more simple and secure option; the first user is in control of resources; subsequent users cannot use them, but thereby know that the other use has control. A second option is to allow all users access to shared resources; this is more intuitive and easy, but would allow one user to record another user's conversation, for example. In Windows, shared resources such as sound are available to each session. In RedHat linux, the default is that the first session connected gets ownership of the "console resources". RedHat can be relatively easily reconfigured, however, to provide shared resources instead, either through a dedicated group of console users or by altering the way console ownership is changed.