Security issue in switching sessions

I have two users on one laptop. If I switch between users using tty switching (ctrl+alt+{F1/F2}) I can access the previous users full account as if I’d logged in as them, no password required.

What security setting do I need to change as this is clearly insecure at present.

Can you explain the circumstances to duplicate this in full?

ctrl+alt+f1 should be your graphical session and ctrl+alt+f2 should be a TTY

what’s the output from the following command?
replace User1 and User2 with your users.

sudo cat /etc/passwd | grep 'User1\|User2'

It’s possible I’ve not used the right terminology, my apologies if so.

I’ve two of what you’re calling ‘graphical sessions’ one for each user Ctrl+Alt+F1 gets me to one of them Ctrl+Alt+F2 gets me to the other.

I can switch freely between the two without needing to enter the password for either user.

Switching TTYs doesn’t lock the session so you should be able to switch between them freely.

Switching TTYs isn’t “user switching”.

Have you tried engaging the screen lock before switching?

Thanks. It’s

user1:x:1000:1000:{user1s full name}:/home/user1:/bin/bash
user2:x:1001:1001:{user2s full name}:/home/user2:/bin/bash

I’ve replaced real names

your user information looks good.

I see. Thanks.

I must say I find that default behaviour quite odd. It seems at odds with the generally very secure nature of Linux, but…

…does work, so I’ll just have to remember to do so.

You can setup a keyboard shortcut bound to the swapping that also locks the session when you do.

Hit Meta (usually Windows key)+L before switching.