Here is a quick tip to kill a crashed Linux / UNIX X desktop system. Many new user do not know this simple tip and end up hitting computer reboot button. Press CTRL + ALT + Backspace to kill GUI and get back to login screen. There are more ways to kill a crashed desktop without restarting your computer.
If CTRL + ALT + Backspace refused to work, try to login to console by pressing CTRL +ALT + F1. To kill GDM (Gnome Desktop) manger, enter:
You can also run the following:
To start GDM again, enter:
To kill KDM (KDE Desktop), enter:
To start KDM again, enter:
This is useful for killing desktop session. You can always kill indidual process such as a web server or firefox using kill / killall command line option. Under X windows you can use xkill command kill a client by its X resource and not by process ID.
Each OS has its own advantages and disadvantages. This article from Pc Advisor takes diffrent angle and considers normal joe user who just wanted to do their work:
When it comes to an OS, what should you choose? Each of the four biggest players; Linux, Mac OS X, Windows Vista and Windows XP all have their merits. So we've taken four experts and asked them to defend their chosen operating systems in an opinionated free-for-all.
=> Linux, Mac OS X, Vista and XP: head-to-head
It is true that connections to remote X Window servers should be always made over SSH. SSH supports X windows connections. So my task was allow X over ssh but block unprivileged X windows mangers TCP ports.
The first running server (or display) use TCP port 6000. Next server will use 6001 and so on upto 6063 (max 64 X managers are allowed from 6000-6063).
So assuming that you are going to force user to use ssh for remote connections, here are rules for IPTABLES (add to your firewall script):
iptables -A OUTPUT -o eth0 -p tcp --syn --destination-port 6000:6063 -j REJECT
iptables -A INPUT -i eth0 -p tcp --syn --destination-port 6000:6063 -j DROP
a) The first rules blocks outgoing connection attempt to remove X windows manger.
b) The second rule block incoming request for X windows manger. By using --syn flag you are blocking only connection establishments to the server port.
This is the good way to disallow unprivileged X windows mangers - TCP 6000:6063 ports :)