Apparently, MDV2007 does not allow root logins from the main login screen. Is there any particular reason for this? I am able to open a Konsole window (using KDE) and su into root from there with the password.

When MDV2007 was installed, I set the security level to Standard.


[moved from Software by spinynorman]

Is there any particular reason for this?
It depends if you want a long or short answer ......

Usually if you have to ask the question then its there to protect you.... and on the whole noone who understands why its there would want to run the GUI as root or anyone who wants to run the GUI as root is prevented doing so until they work out how to do it... usually by the time anyone works out how they no longer want ot run the GUI as root...

Its trivial to change but there is no need, there is nothing you need a GUI running as root for...

( with the exception of perhaps some realtime permissions for music mixing... ) but then you need to disconnect from the internet or run a good firewall and know what your doing...

Also if you want to run the GUI as root then just stop the dm and start the GUI from a console as root... but again there is nothing in the GUI that needs to be run as root that cannot be opened specifically as root...

Many programs will not even run as root... anyway because the program designers have kept to good practice so progs like gtk-gnutella and most irc chat clients will refuse to even start as root.

Edit /etc/kde/kdm/kdmrc file.

AllowRootLogin=true.

The intent was to check permissions for a CD-ROM device, because KsCD would not play any CD's as I reported in another thread.

cwhobbes: Thank you. I checked the file you mentioned and that line was set to false, but it also mentioned true was the default. I guess that it must have to do with my setting the security to Standard when I installed it.

You certainly do not need a graphical login as root to fix a permissions thing.
You can do it with a simple "kdesu krusader", or from a root console with
chmod/chown command for /dev/hdc or whatever your CD-ROM's device node is.

To check permissions you don't even need root access...obviously you do to chnage them in which case the kdesu krusador or even kdesu konqueror works fine...

i think it's a whole much easier to be able to run the gui as root, and allmost all apps work as root. That warning that shows up when u start the gui should be enough, and who ever is still a newbie who doesn't know what he is doing, the warning screen should be enough. Who ever ignores it, is going on his own responsability. I tryed doing stuff from a normal user, but it's a pain in the A**. For me is crucial that i can run the gui as root, so they should reenable it.

When I first started with linux I ran as root a lot to find out WHAT NOT TO DO! That will teach you fast. I didn't mind the reinstalls and all the crap...doing it all over and over helped me remember things.

Anyway, I like root login too when I have a lot I want to do as root. I start a new session as root and make system wide changes or whatever and I agree entering a password every 30 seconds sucks. Root GUI saves me a lot of hassle. It stinks where they have hidden the settings for this. Something else to remember, that is untill next version when they MOVE IT!

I don't think it's crucial to have the gui run as root. In fact, it would be stupid. This is why Windows is so bad because it's done by default. Luckily they are realising this too, I've seen from recent Microsoft training I've done.

So, soon, if you use Windows, you'll have to do the same. They're taking automatic root/administrator access away for your own good. But if you're happy running as root, go for it, but the default won't change.

i too hate those password challenges since they break my rhythm. what i do is launch a terminal, change to root, and launch everything i need by backgrounding them:



i get the benefit of both worlds since i am restricting root access to the things where i need them. the rest of my applications run on my account. this just involved figuring out the cli equivalent of my applications but the properties of each item will reveal that.

ciao!

Yep that's just sloppy programming because the programmers rely on the fact people wouln't be so crazy as to run the apps as root. Its a function of misplaced faith in human intellegence.

What linux needs is the same warning you find on lighter fluid or drain cleaner etc.
AFAIK, there is nothing on a lighter refill that physically prevents me trying to microwave it or stick it in an oven. There is nothing on the drain cleaner that stops me pouring it into a glass and drinking it.
There are different nozzles on different fuel types... I guess this just takes away my freedom to fill my gasoline car with deisel, which of course is my right since its my car (although the forecourt is not my property so I should perhaps arrange for a tow truck before I do this).


Why should they?
Why don't you start taking responsibility for your own actions and you enable it?
Meanwhile why not campaign for universal gas pumps and see if you can't get all gas pump nozzels to be the same so anyone can screw up their car without meaning to?

While you are at it I have a list of packages not installed by DEFAULT.... this imposes on my freedom ... I want my packages to be installed and no others... ?? While we are at it why doesn't the window manager revert to fvwm by default? I use this so everyone else should presumably.

I also want all the ports setting open by default its a pain to have to open them up manually so people can try and hack me.

What you find convenient matters not one iota to me.
What noobies do to their systems however does or at least should mean something to mandriva....
What people say in the reviews should matter to mandriva.

What I recommend is making your own distro ... call it insecurenux or something
Here is the kernel
http://kernel.org
Here is a suggested compiler, feel free to use whatever you like
http://www.gnu.org/software/gcc/gcc.html


meanwhile you need to find the source code for all the apps that will not run as root and recompile them after editing out the safeguards.

edits:
Incidentally here is what KDE have to say
http://docs.kde.org/userguide/root.html

Its all possible when you take responsibility for your actions and stop expecting a distro should do every default the way YOU want it and force that on others.

So why exactly should Mandriva follow your advice and not that of the programmers who wrote KDM and KDE?

I think the point here has been missed. Some of the new users don't know all of the commands to do things and a GUI as root makes it easier. Granted, it is also easier to trash your system but as they say, live and learn. The root user can be hidden and with a good password you should be protected. Anyone who wants to hack into your system surly knows how to elable root login. We didn't say Mandriva should enable it by default, but that it should not be hidden so deep in a file.

As I said, when I first started with linux I used the root login to the GUI to poke around everywhere. It made it much easier to find files like /etc/kde/kdm/kdmrc and learn for myself without asking someone where a setting was. I was also able to figure out some of the file system and where programs are installed.

Most people don't need NASA strength security because who cares what you have? ANd as I said, a good password (something other than your dogs name) should protect most people from someone sitting down at their computer and logging in as root and using their desktop like a video game!

KDE also said this:

Although this means that it is easy to perform administrative tasks without hassle, it also means that there are no security restrictions imposed upon it. Thus, a small typographical error or other mistake can result in irrevocable damage.

Key words being "easy to perform administrative tasks without hassle" and "can result in irrevocable damage". Easy to administer and cause irrevocable damage. Well you have been warned.

maybe i didn't expressed my self clearly. What i wanted to say is that they should as yankee sayd to keep root hidden, but to allow logins in graph mode from login manager. I never ment to use the root for web browsing, video games etc. It is just A LOT easyer to config ur computer. The warning that comes up SHOULD BE ENOUGH. If u ignore it, and dono what u are doing and IF also u plan to use root as default user, than u are on ur own. Microsoft's problem with default admin is THEYR problem. Never sayd to set root as default user. Just sayd that they should REENABLE root login as graph from loggin menu.

Noone has yet come up with any task that is..there is nothing that needs a root login into X... and nothing it can do that cannot be done using the correct tool.
Even if you want to copy files etc. then you just start a filemanger as root... add it to your menu and it will always be there... same for a editor etc. and if this is just for a one off then why go through ksm/gsm/xdm at all? Just run startx from a root console???


So you want mandriva to completely rewrite the login managers so that someone doesn't need to find a single file that anyone who knows what they are doing knows exactly where it is anyway???
The file is where the file is meant to be ...


How is this easier than starting konqueror as root or running kommander and switching to root mode?
(The best way to figure out where something is installed btw is looking in the package info for that package. )




Who needs a password? That is the whole point of seperate accounts. If you use a browser then I don't need a password because you already opened the connection. This is the whole reason for having seperate accounts .... if X is running as root then X can start any other process as root. If firefox is running as root the same... the can also see and manipulate your whole filesystem... try for yourself, go to a webmail client and attach file ... the http:// server you are browsing has the same privlidges as the user running the browser ... the point being they don't need a password.

If you try something like webmin and use it as root you can add/delete install packages etc. etc. with abandon and NO PASSWORD required .... any website can do exactly the same. (or IRC bot or 100 other things) Im not saying this to criticise webmin Im saying it because this is what can be done from a web browser running with root privilidges.

(This is basically sort of a distallation of a couple of posts I made a while back on mandrivausers.org)

That one chooses the wrong way to do something does not mean it's the right way, even for them. I've seen endless discussions about running the desktop as root and never heard a single convincing reason to do it. NOT ONE. No one's given one here either. Knowing how to log in to a GUI desktop is not a "solution" to any problem. Jeeze, why would anyone ever even want to risk it?

Look, in nearly 6 years of using Linux I've never needed to do anything I couldn't do quickly and easily when logged in as a user, using either text-based tools or GUI, including any file-editing chores or whatever. Logging in as root doesn't save any time. I haven't logged into my desktop as root since the 1st day I used Linux. I was coming over from Win98 and knew nothing of permissions, etc. I immediately learned not to ever do it again and why it was pointless to do so anyway.

Besides, if you get used to doing root chores logged into a GUI and using only GUI tools, what would you do if X gets trashed? Working exclusively with GUI tools is OK as far as it goes, but doesn't teach you know how to work from a console or with Midnight Commander if X is not available. For those new to Linux I can't recommend learning to be comfortable with Midnight Commander highly enough. Every Linux user, especially those who don't want to learn the command line or vim, should learn the basics of using MC.

Again, I want to make this perfectly clear for any n00bs who may be reading this thread and are tempted to do the familiar Windoze kinda thing and run their desktop as root: There is absolutely NO reason or need, not for ease, not speed or any other reason I have ever heard, to EVER log into your desktop as root. Running as root is just a VERY BAD IDEA - period. You are only learning NOT to use some of the best advantages of Linux.

I think I can end this debate pretty quick. Without using exact quotes from above I think I can sum it up. I said new users do not know all of the commands to do things and a root GUI helps them. They will learn. I just installed a nvidia driver that hosed the whole thing. My title bars disappeared, the screen went white when I tried to fix that so I clicked where I knew stuff was and it was there, and I tried to change the driver back and said screw it...and did a reinstall of the whole thing. But I have a back up because linux is known to throw curve balls at times. I was shooting in the dark and got it back but I am not going to dig through thousands of files to see what is wrong.

This whole security thing about a root GUI is NULL...you know what that is don't you???

Well I forgot, when you install it gives you the option to set the administrator or ROOT users with NO password so your security just flew out the window!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

I know, anyone who knows what they're doing would never do that....BUT we were talking about new users who don't know what a CLI is....right??? I do...I used CLI since the old days as in beep-beep and that was your sound. 8 colors and half-bright gave you 16...how about the Amiga? Means friend!

I guess you should fix that install (root user) with no password before you complain that someone wants to use a GUI as root.

Yankee, that solution might work OK for you, but I'm sure that there are many other users out there who would not be able to "click where [they] knew stuff was" and fix things up. Some might learn from the experience, reinstall and think twice about doing the same thing again (whether that's logging into the GUI as root or doing whatever it was that killed their system), but there are many people who would say 'What is this useless system? I'm going back to Windows' and abandon Linux. You might be resilient and/or patient, but not everyone is. This is especially the case with a distro like Mandriva, which prides itself on a reputation for being easy to use even for beginners.

You don't like having to dig through thousands of files to find out what's wrong? That's how Linux works sometimes. I had to do the same thing to work out how to install a Japanese IME in Mandrake 10.1, and no amount of root GUI would have fixed that for me. What I'm saying is, a root GUI can be great for some things, but there are always other, safer ways of doing things. Why not do what ramfree does and launch programs you want to run as root from the CLI? It's not that hard; a lot of the time all you have to do is punch in the name of the program, hit [Enter] and there you are. Yes, there are cases where this doesn't work, and it does depend on your system being set up correctly, but it's worked well for me so far.

By the way, with the whole 'no root password' thing - I had no choice but to do this when I installed MDV2007 on this computer. I'm using a USB keyboard that doesn't work in Linux without legacy USB support disabled, which meant that to install Linux, I had to do it with mouse only. No way of typing in a root password there. Of course, I set one up once I got things up and running and was able to do so, but without the option of installing with no root password, I wouldn't have been able to install at all. I agree that it is a security risk to be able to install with no root password, but is it worse than using the GUI as root? There are some cases where you need to be able to install without a root password, but are there any cases where you need to be logged in to the GUI as root?

I installed the new Nvidia driver and enabled the 3D desktop. MISTAKE! At least on my machine it was. First I lost my title bars and could not move things around to hit ok and apply, not even with the alt-click to grab a window anywhere. Then the desktop turned white but everything was there. So I clicked where things were and rebooted and got back in and no title bars, no sound, no network and I don't know what all.

My refresh rates were hosed real bad. Told me my refresh rate could be from 50 to 59, though it was at 85 or so it said. It was a new install with not much I needed so I just reinstalled. I could've probably figured out what was up but why do all that work. It was clear that new driver was not going to work! I forget the version # but I found the link on these forums somewhere and thought cool...not so cool.

I installed it as it said too but that don't mean I didn't screw something up. I believe I done it right and the driver is just screwed up. By the way, I had to be root user in a console without X running to install it. It wouldn't go anywhere but root with GUI for awhile.

This is exactly the point and somehow Yankee is using spurious logic to say if one thing is "allowed" then the other should?


Well you seem to have missed the whole point.

Simply stating it doesn't make it so. So far noone has provided a single thing that is easier in a root GUI than using the MCC or a su'd file manager or editor.


This exemplifies it exactly ...
1) you are unable to follow simple instructions installing the driver
2) You don't say how you installed the driver... but of you changed it while in X then of course things screwed up...I mean actually changed it not changed the xorg.conf because that is only read when it loads X.

3) Clicking where you knew these files to be (once again you avoid mentioning which files) did nothig to fix it. Nor was a root gui even necassary to "click" where these files were... a simple kdesu konqueror would have sufficed.
4) ... which is the whole point.. how does having a root GUI help this??? So you just have access to a bewildering number of files most of which you have no idea what they are.
All you have is the extra chance of messing something else up...

.............which is exactly what you did.

Had you used the GUI tools provided (although at this point you claim the GUI was all screwed so which was it? However you could have used the MCC from the console too and just changed the nvidia driver to nv, dropped out of X and installed the nvidia driver again. (or just copied the backup xorg.conf file back) which you of course made before installing the old driver?


Nope I know quite the opposite and anyone who understands the basis for the security model in linux does too. Unfortunately it is those who don't understand the reasons that are complaining that they are being prevented from logging into X as root.
Noone is stopping anyone... its 3 letters in one file .. but you don't even need to change anything you can actually do all this at the GUI.
Firstly stop the service dm in MCC.
Login as root at the console it drops you to
startx (or startkde)
.. and there you go.. no changing anything....
... finish what you are doig and restart dm....

What you have decided to ignore with your "Without using exact quotes from above I think I can sum it up." is the fact that root owns the desktop and every process started from the desktop.
Thus every app you run is runing with root privelidges and every web server in the world has complete read/write access to your whole filesystem without needing ANY password because fundamentally firefox/konqueror etc ARE root.



Again totally spurious...even if the two are equally bad just because of one possibility for poor security exists is no reason to add another BY DEFAULT.

Secondly, BY DEFAULT is what we are talking about. Its equally possible to disable the root password or set it to null after install ... if you know how.


I am not complaining if people want to use the GUI as root. Just don't expect me to give my time up fixing the mess...
What I'm "complaining" is that people are spreading dangerous FUD .. that there is somehow something you can do logged in as root which is only possible through this. This simply isn't the case and noone has yet provided a single example not only of "only possible" but actually EASIER...

And secondly I'm "complaining" that these people because of their ignorance of the proper way to change something are demanding Mandriva put back a DEFAULT to a dangerous one. This very discussion indicates that many people are ignorant of the actual reasons ... (and they have a perfect right to just use the blackbox, Im not disputing that) but this is a binary option... root login in dm or not... it has to be one or the other ...

Is the no root password a default in install? No.... ? Why because noobies would not realise the importance. The same goes for activating the root login.... its simple to change but the default is the safer option. Anyone who knows what they are doing can change it in seconds but the whole point is noone NEEDS to do this. Equally you could be presented with every user on your system, including mysql or apache at login.. someone has to make a choice on this... and confronting a noobie with all these options is confusing and serves no purpose, just like having a root login.



This is worth repeating.... you don't need to understand why ... like everything in linux though you can find out if you wish to but arguing for it without understanding the reasons simply confuses noobies ...

So noobies should think about this... which option do you trust? The person who can't install a graphics driver without screwing stuff up and reinstalling or someone who hasn't had to reinstall in many years.
(If you except trying a different distro and having to reinstall because that distro was insecure)

I don't know any linux or *nix professional who knows more than I do about linux who would even consider running X as root. The only people who do are those where a little knowledge is a dangerous thing.

Sigh...people will never learn I guess...

http://forum.club.mandriva.com/viewtopic.php?t=55562

Anyone want to place a bet on how long it is before the originator of that thread is back asking for advice on how to fix whatever he mucks up running as root?

sayd nothing to be sayd to default. All i meant was that thay "false" value to be set to "true". That is just about it. Not everyone can do console stuff. If u fuind it easy, fine, but don't deny others right. It is stupidity to set no password to root and to use root as default. That is what i think. Others may not think like this, but this is me. So let's put an end to this argue. THE END.

Just use it as root if you like. We'll be waiting when you come back with a fubar'd system

I like the sig in the guy on the club


Everything is already said, but if someone doesn't listen it always needs to start again...


Yes it should but obviously it isn't.
People are hardened to warnings like that... from "Danger the serrated edge on the hand towel dispenser are sharp and may cut you" (wow its a serated edge you don't say) to "warning do not insert toothpicks in your ear" ...or "warning boiling water may scald" ...

We see these everyday on every consumer item and I don't know about you but I don't really read them.
This is why microwaves have a door detector which makes sure the door is closed but this hasn't stopped various people defeating the mechanism and cooking themselves nor even trying to dry pets in the microwave.

Furthermore you don't need a root login in the login manager to login as root... but perhaps most importantly you don't need to login as root at all. On the other hand Mandriva also sell the distro to companies and having dangerous defaults is a big turn off for the companies. If you are installing 200 installs then you don't want to have to correct 200 seperate kdmrc's ... sure you can automate it but just by doing this mandriva is producing a "non professional" distro. Moreover each time kdm is upgraded (and this is an importtant thing to keep currect because of the huge security implications) they would need to edit the kdmrc as well.

Step back and imagine being in this company and an employee has 20 logged attempted root logins.
You are in charge of IT security but the employee says "but I just pressed the wrong user on login, it shouldn't be there if Im not allowed to login as root but I didn't mean to anyway, I just clicked the wrong user"

This is somewhat different to actually editing kdmrc (which needs a root password)

The bottom line is that people don't on the whole understand the security implications. The reason not to run as root is not only because you can destroy your filesystem but that you are giving the whole world root privelidges to your box without the need for a password.


Again I don't see how its easier.... still noone has given a single thing that cannot be done from a user login that can be done from a root GUI login.

What would be more constructive is people actually saying what they think is easier or even impossible without a ROOT login.
Im sorry to say but until someone does then it sounds like "Im too lazy to look for the proper way to do this".

meanwhile
Is complete FUD. Its not hidden, any google search for KDE login root will find this .... as I said the file is where the file is meant to be according to the designers and programmers at KDE.

or

"there is a lot you can't do from the CLI that can be done as a root login in X"
Is complete and utter FUD. There is quite a bit that can't be done without the CLI, mostly advanced stuff but quite a bit all the same (creating obscure filesysytems with non standard defaults etc.) but there is absolutely nothing that can't be achived from a CLI that can be achived any other way. Just saying this shows a complete misunderstanding of linux.
ABSOLUTELY everything that you do in the GUI generates a CLI command, whether you see it or not.

Given the warning is not enough then the bottom line is no linux experts want to use a root GUI, most advanced users don't and most n00bs probably don't realise. So we are left with a minority of people who for some reason want a root login for the GUI because the last version did?
This indicates to me that they did not find the correct way of doing things... why.. as crash damage says the last time he logged in as root was the first time he used linux.

I have run X as root a long long time ago...when just getting X installed was a major hassle but we are talking RH5 or Slackware 2 here where X was an optional add on, not a modern distro and after wading through files and docments .. I finally got X to work and started it as root...
I still occaisionally do it for a second .. if I startX from a CLI when messing about with something deep in the OS but I immediately kill it.

Those who feel some deep need for this as a login are missing something....and that something is the correct way to do X,Y,Z and time would be better spent working out the way to do X,Y,Z than berating Mandriva for doing something that is actually in the interests of 99% of its users.

I'm just guessing but I think the most common problem is probably configuring X with the closed source graphics drivers. Do I think Mandriva should do this ..? Yes (and it doesn't affect me since I only run mandriva in a vmware session) but this would help lots of n00bs get up and running. The excuses for this are equally FUD, mandriva says its not possible for liscense reasons but do so on the powerpack edition.
In reality its to get people to buy the powerpack (IMHO) ....

Please berate Mandriva over this.... berate mandriva for hacking the KDE CC so that many of the tasks to do as root are harder or require a different method and even for hacking KDE to make it difficult to get rid of that stupid Start Star and backgrounds ... but don't berate them for doing something reponsible nor sticking the kdmrc file where it is meant to be.

Well, i have to say sorry cause, i'm the one who started all of this. Actually i only wanted to sort the gl pb, cause i couldn' activate, but i solved from the normal user. Sorry about all of this, i don't use the root at all.
Sorry once again. Dono, but until now i wasn't using su, but wih it it is easyer. . Anyway, i'm still having problem installing some software, i can't compile berkeley db so without it i can't install kdevelop. i'm still trying.

• Newbies should never login as root in a GUI. You should use root sparingly, only when absolutely necessary, and only when you know exactly what you're doing.
• Anyone who disagrees with the above quite simply doesn't understand the consequences, or has not experienced them first-hand.
• This argument will never end, because of the above.

Why is logging in to root with the GUI bad? It makes it extremely easy for an intruder to gain root access. If there is a remotely exploitable flaw in any of the programs you're running (including all of the ones you don't know you're running, because they are all part of the DE) - none or not - they can immediately gain root access by exploiting it. No need for privilidge escalation. And, if by some chance you run a rogue program that you thought was legit, it'd have root right away and could kill your own system in a flash. Lastly, it's much easier to do something stupid as root.

yadda yadda yadda yadda...i don't know why i revived an old thread, i just had to. Whenever I say people who think logging into a DE as root is a good idea, I loose a couple brain cells.

I've done it twice, the first time was 45 minuttes after I installed Mandrake 10.0 (my first linux dist.) 10 minutter later I startet to reinstall.
The second time was last spring/early summer to show a friend how mouch more I/he could do when logged in as root, and the only reason that I did it the last time, was because I was going to give Fedora 5 a shot.

Let the new Mandriva users try to log in as root one time shortly after they have installed Mandriva for the first time, and let them learn their first linux leason

And now a little of topic does anyone now a site with a lot of commands for the konsole?

here's a good one

Thanks, just what I was looking for

BRAVO !!!
As the Judge said "" If you know ""
BR>Pete