Yankee Posted October 22, 2006 Report Share Posted October 22, 2006 I think I can end this debate pretty quick. Without using exact quotes from above I think I can sum it up. I said new users do not know all of the commands to do things and a root GUI helps them. They will learn. I just installed a nvidia driver that hosed the whole thing. My title bars disappeared, the screen went white when I tried to fix that so I clicked where I knew stuff was and it was there, and I tried to change the driver back and said screw it...and did a reinstall of the whole thing. But I have a back up because linux is known to throw curve balls at times. I was shooting in the dark and got it back but I am not going to dig through thousands of files to see what is wrong. This whole security thing about a root GUI is NULL...you know what that is don't you??? Well I forgot, when you install it gives you the option to set the administrator or ROOT users with NO password so your security just flew out the window!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! I know, anyone who knows what they're doing would never do that....BUT we were talking about new users who don't know what a CLI is....right??? I do...I used CLI since the old days as in beep-beep and that was your sound. 8 colors and half-bright gave you 16...how about the Amiga? Means friend! I guess you should fix that install (root user) with no password before you complain that someone wants to use a GUI as root. Quote Link to comment Share on other sites More sharing options...
alexpank Posted October 22, 2006 Report Share Posted October 22, 2006 Yankee, that solution might work OK for you, but I'm sure that there are many other users out there who would not be able to "click where [they] knew stuff was" and fix things up. Some might learn from the experience, reinstall and think twice about doing the same thing again (whether that's logging into the GUI as root or doing whatever it was that killed their system), but there are many people who would say 'What is this useless system? I'm going back to Windows' and abandon Linux. You might be resilient and/or patient, but not everyone is. This is especially the case with a distro like Mandriva, which prides itself on a reputation for being easy to use even for beginners. You don't like having to dig through thousands of files to find out what's wrong? That's how Linux works sometimes. I had to do the same thing to work out how to install a Japanese IME in Mandrake 10.1, and no amount of root GUI would have fixed that for me. What I'm saying is, a root GUI can be great for some things, but there are always other, safer ways of doing things. Why not do what ramfree does and launch programs you want to run as root from the CLI? It's not that hard; a lot of the time all you have to do is punch in the name of the program, hit [Enter] and there you are. Yes, there are cases where this doesn't work, and it does depend on your system being set up correctly, but it's worked well for me so far. By the way, with the whole 'no root password' thing - I had no choice but to do this when I installed MDV2007 on this computer. I'm using a USB keyboard that doesn't work in Linux without legacy USB support disabled, which meant that to install Linux, I had to do it with mouse only. No way of typing in a root password there. Of course, I set one up once I got things up and running and was able to do so, but without the option of installing with no root password, I wouldn't have been able to install at all. I agree that it is a security risk to be able to install with no root password, but is it worse than using the GUI as root? There are some cases where you need to be able to install without a root password, but are there any cases where you need to be logged in to the GUI as root? Quote Link to comment Share on other sites More sharing options...
Yankee Posted October 22, 2006 Report Share Posted October 22, 2006 I installed the new Nvidia driver and enabled the 3D desktop. MISTAKE! At least on my machine it was. First I lost my title bars and could not move things around to hit ok and apply, not even with the alt-click to grab a window anywhere. Then the desktop turned white but everything was there. So I clicked where things were and rebooted and got back in and no title bars, no sound, no network and I don't know what all. My refresh rates were hosed real bad. Told me my refresh rate could be from 50 to 59, though it was at 85 or so it said. It was a new install with not much I needed so I just reinstalled. I could've probably figured out what was up but why do all that work. It was clear that new driver was not going to work! I forget the version # but I found the link on these forums somewhere and thought cool...not so cool. I installed it as it said too but that don't mean I didn't screw something up. I believe I done it right and the driver is just screwed up. By the way, I had to be root user in a console without X running to install it. It wouldn't go anywhere but root with GUI for awhile. Quote Link to comment Share on other sites More sharing options...
Gowator Posted October 22, 2006 Report Share Posted October 22, 2006 By the way, with the whole 'no root password' thing - I had no choice but to do this when I installed MDV2007 on this computer. I'm using a USB keyboard that doesn't work in Linux without legacy USB support disabled, which meant that to install Linux, I had to do it with mouse only. No way of typing in a root password there. Of course, I set one up once I got things up and running and was able to do so, but without the option of installing with no root password, I wouldn't have been able to install at all. I agree that it is a security risk to be able to install with no root password, but is it worse than using the GUI as root? There are some cases where you need to be able to install without a root password, but are there any cases where you need to be logged in to the GUI as root? This is exactly the point and somehow Yankee is using spurious logic to say if one thing is "allowed" then the other should? Without using exact quotes from above I think I can sum it up.Well you seem to have missed the whole point. I said new users do not know all of the commands to do things and a root GUI helps them. Simply stating it doesn't make it so. So far noone has provided a single thing that is easier in a root GUI than using the MCC or a su'd file manager or editor. They will learn. I just installed a nvidia driver that hosed the whole thing. My title bars disappeared, the screen went white when I tried to fix that so I clicked where I knew stuff was and it was there, and I tried to change the driver back and said screw it...and did a reinstall of the whole thing. This exemplifies it exactly ... 1) you are unable to follow simple instructions installing the driver 2) You don't say how you installed the driver... but of you changed it while in X then of course things screwed up...I mean actually changed it not changed the xorg.conf because that is only read when it loads X. 3) Clicking where you knew these files to be (once again you avoid mentioning which files) did nothig to fix it. Nor was a root gui even necassary to "click" where these files were... a simple kdesu konqueror would have sufficed. 4) I was shooting in the dark and got it back but I am not going to dig through thousands of files to see what is wrong. ... which is the whole point.. how does having a root GUI help this??? So you just have access to a bewildering number of files most of which you have no idea what they are. All you have is the extra chance of messing something else up... .............which is exactly what you did. Had you used the GUI tools provided (although at this point you claim the GUI was all screwed so which was it? However you could have used the MCC from the console too and just changed the nvidia driver to nv, dropped out of X and installed the nvidia driver again. (or just copied the backup xorg.conf file back) which you of course made before installing the old driver? This whole security thing about a root GUI is NULL...you know what that is don't you??? Nope I know quite the opposite and anyone who understands the basis for the security model in linux does too. Unfortunately it is those who don't understand the reasons that are complaining that they are being prevented from logging into X as root. Noone is stopping anyone... its 3 letters in one file .. but you don't even need to change anything you can actually do all this at the GUI. Firstly stop the service dm in MCC. Login as root at the console it drops you to startx (or startkde) .. and there you go.. no changing anything.... ... finish what you are doig and restart dm.... What you have decided to ignore with your "Without using exact quotes from above I think I can sum it up." is the fact that root owns the desktop and every process started from the desktop. Thus every app you run is runing with root privelidges and every web server in the world has complete read/write access to your whole filesystem without needing ANY password because fundamentally firefox/konqueror etc ARE root. Well I forgot, when you install it gives you the option to set the administrator or ROOT users with NO password so your security just flew out the window!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Again totally spurious...even if the two are equally bad just because of one possibility for poor security exists is no reason to add another BY DEFAULT. Secondly, BY DEFAULT is what we are talking about. Its equally possible to disable the root password or set it to null after install ... if you know how. I know, anyone who knows what they're doing would never do that....BUT we were talking about new users who don't know what a CLI is....right??? I do...I used CLI since the old days as in beep-beep and that was your sound. 8 colors and half-bright gave you 16...how about the Amiga? Means friend! I guess you should fix that install (root user) with no password before you complain that someone wants to use a GUI as root. I am not complaining if people want to use the GUI as root. Just don't expect me to give my time up fixing the mess... What I'm "complaining" is that people are spreading dangerous FUD .. that there is somehow something you can do logged in as root which is only possible through this. This simply isn't the case and noone has yet provided a single example not only of "only possible" but actually EASIER... And secondly I'm "complaining" that these people because of their ignorance of the proper way to change something are demanding Mandriva put back a DEFAULT to a dangerous one. This very discussion indicates that many people are ignorant of the actual reasons ... (and they have a perfect right to just use the blackbox, Im not disputing that) but this is a binary option... root login in dm or not... it has to be one or the other ... Is the no root password a default in install? No.... ? Why because noobies would not realise the importance. The same goes for activating the root login.... its simple to change but the default is the safer option. Anyone who knows what they are doing can change it in seconds but the whole point is noone NEEDS to do this. Equally you could be presented with every user on your system, including mysql or apache at login.. someone has to make a choice on this... and confronting a noobie with all these options is confusing and serves no purpose, just like having a root login. Again, I want to make this perfectly clear for any n00bs who may be reading this thread and are tempted to do the familiar Windoze kinda thing and run their desktop as root: There is absolutely NO reason or need, not for ease, not speed or any other reason I have ever heard, to EVER log into your desktop as root. Running as root is just a VERY BAD IDEA - period. You are only learning NOT to use some of the best advantages of Linux. This is worth repeating.... you don't need to understand why ... like everything in linux though you can find out if you wish to but arguing for it without understanding the reasons simply confuses noobies ... So noobies should think about this... which option do you trust? The person who can't install a graphics driver without screwing stuff up and reinstalling or someone who hasn't had to reinstall in many years. (If you except trying a different distro and having to reinstall because that distro was insecure) I don't know any linux or *nix professional who knows more than I do about linux who would even consider running X as root. The only people who do are those where a little knowledge is a dangerous thing. Quote Link to comment Share on other sites More sharing options...
Crashdamage Posted October 22, 2006 Report Share Posted October 22, 2006 Sigh...people will never learn I guess... http://forum.club.mandriva.com/viewtopic.php?t=55562 Anyone want to place a bet on how long it is before the originator of that thread is back asking for advice on how to fix whatever he mucks up running as root? Quote Link to comment Share on other sites More sharing options...
G_Rammstein Posted October 22, 2006 Report Share Posted October 22, 2006 sayd nothing to be sayd to default. All i meant was that thay "false" value to be set to "true". That is just about it. Not everyone can do console stuff. If u fuind it easy, fine, but don't deny others right. It is stupidity to set no password to root and to use root as default. That is what i think. Others may not think like this, but this is me. So let's put an end to this argue. THE END. Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted October 23, 2006 Report Share Posted October 23, 2006 Just use it as root if you like. We'll be waiting when you come back with a fubar'd system Quote Link to comment Share on other sites More sharing options...
Gowator Posted October 23, 2006 Report Share Posted October 23, 2006 Sigh...people will never learn I guess... http://forum.club.mandriva.com/viewtopic.php?t=55562 Anyone want to place a bet on how long it is before the originator of that thread is back asking for advice on how to fix whatever he mucks up running as root? I like the sig in the guy on the club Tout choses sont dites deja, mais comme personne n'ecoute, il faut toujours recommencer. Everything is already said, but if someone doesn't listen it always needs to start again... The warning that comes up SHOULD BE ENOUGH. Yes it should but obviously it isn't. People are hardened to warnings like that... from "Danger the serrated edge on the hand towel dispenser are sharp and may cut you" (wow its a serated edge you don't say) to "warning do not insert toothpicks in your ear" ...or "warning boiling water may scald" ... We see these everyday on every consumer item and I don't know about you but I don't really read them. This is why microwaves have a door detector which makes sure the door is closed but this hasn't stopped various people defeating the mechanism and cooking themselves nor even trying to dry pets in the microwave. Furthermore you don't need a root login in the login manager to login as root... but perhaps most importantly you don't need to login as root at all. On the other hand Mandriva also sell the distro to companies and having dangerous defaults is a big turn off for the companies. If you are installing 200 installs then you don't want to have to correct 200 seperate kdmrc's ... sure you can automate it but just by doing this mandriva is producing a "non professional" distro. Moreover each time kdm is upgraded (and this is an importtant thing to keep currect because of the huge security implications) they would need to edit the kdmrc as well. Step back and imagine being in this company and an employee has 20 logged attempted root logins. You are in charge of IT security but the employee says "but I just pressed the wrong user on login, it shouldn't be there if Im not allowed to login as root but I didn't mean to anyway, I just clicked the wrong user" This is somewhat different to actually editing kdmrc (which needs a root password) The bottom line is that people don't on the whole understand the security implications. The reason not to run as root is not only because you can destroy your filesystem but that you are giving the whole world root privelidges to your box without the need for a password. I never ment to use the root for web browsing, video games etc. It is just A LOT easyer to config ur computer. Again I don't see how its easier.... still noone has given a single thing that cannot be done from a user login that can be done from a root GUI login. What would be more constructive is people actually saying what they think is easier or even impossible without a ROOT login. Im sorry to say but until someone does then it sounds like "Im too lazy to look for the proper way to do this". meanwhile We didn't say Mandriva should enable it by default, but that it should not be hidden so deep in a file.Is complete FUD. Its not hidden, any google search for KDE login root will find this .... as I said the file is where the file is meant to be according to the designers and programmers at KDE. or "there is a lot you can't do from the CLI that can be done as a root login in X" Is complete and utter FUD. There is quite a bit that can't be done without the CLI, mostly advanced stuff but quite a bit all the same (creating obscure filesysytems with non standard defaults etc.) but there is absolutely nothing that can't be achived from a CLI that can be achived any other way. Just saying this shows a complete misunderstanding of linux. ABSOLUTELY everything that you do in the GUI generates a CLI command, whether you see it or not. Given the warning is not enough then the bottom line is no linux experts want to use a root GUI, most advanced users don't and most n00bs probably don't realise. So we are left with a minority of people who for some reason want a root login for the GUI because the last version did? This indicates to me that they did not find the correct way of doing things... why.. as crash damage says the last time he logged in as root was the first time he used linux. I have run X as root a long long time ago...when just getting X installed was a major hassle but we are talking RH5 or Slackware 2 here where X was an optional add on, not a modern distro and after wading through files and docments .. I finally got X to work and started it as root... I still occaisionally do it for a second .. if I startX from a CLI when messing about with something deep in the OS but I immediately kill it. Those who feel some deep need for this as a login are missing something....and that something is the correct way to do X,Y,Z and time would be better spent working out the way to do X,Y,Z than berating Mandriva for doing something that is actually in the interests of 99% of its users. I'm just guessing but I think the most common problem is probably configuring X with the closed source graphics drivers. Do I think Mandriva should do this ..? Yes (and it doesn't affect me since I only run mandriva in a vmware session) but this would help lots of n00bs get up and running. The excuses for this are equally FUD, mandriva says its not possible for liscense reasons but do so on the powerpack edition. In reality its to get people to buy the powerpack (IMHO) .... Please berate Mandriva over this.... berate mandriva for hacking the KDE CC so that many of the tasks to do as root are harder or require a different method and even for hacking KDE to make it difficult to get rid of that stupid Start Star and backgrounds ... but don't berate them for doing something reponsible nor sticking the kdmrc file where it is meant to be. Quote Link to comment Share on other sites More sharing options...
G_Rammstein Posted October 24, 2006 Report Share Posted October 24, 2006 Well, i have to say sorry cause, i'm the one who started all of this. Actually i only wanted to sort the gl pb, cause i couldn' activate, but i solved from the normal user. Sorry about all of this, i don't use the root at all. :D Sorry once again. Dono, but until now i wasn't using su, but wih it it is easyer. :D . Anyway, i'm still having problem installing some software, i can't compile berkeley db so without it i can't install kdevelop. i'm still trying. Quote Link to comment Share on other sites More sharing options...
tyme Posted October 27, 2006 Report Share Posted October 27, 2006 Newbies should never login as root in a GUI. You should use root sparingly, only when absolutely necessary, and only when you know exactly what you're doing. Anyone who disagrees with the above quite simply doesn't understand the consequences, or has not experienced them first-hand. This argument will never end, because of the above. Why is logging in to root with the GUI bad? It makes it extremely easy for an intruder to gain root access. If there is a remotely exploitable flaw in any of the programs you're running (including all of the ones you don't know you're running, because they are all part of the DE) - none or not - they can immediately gain root access by exploiting it. No need for privilidge escalation. And, if by some chance you run a rogue program that you thought was legit, it'd have root right away and could kill your own system in a flash. Lastly, it's much easier to do something stupid as root. yadda yadda yadda yadda...i don't know why i revived an old thread, i just had to. Whenever I say people who think logging into a DE as root is a good idea, I loose a couple brain cells. Quote Link to comment Share on other sites More sharing options...
orts Posted October 27, 2006 Report Share Posted October 27, 2006 Newbies should never login as root in a GUI. You should use root sparingly, only when absolutely necessary, and only when you know exactly what you're doing. I've done it twice, the first time was 45 minuttes after I installed Mandrake 10.0 (my first linux dist.) 10 minutter later I startet to reinstall. The second time was last spring/early summer to show a friend how mouch more I/he could do when logged in as root, and the only reason that I did it the last time, was because I was going to give Fedora 5 a shot. Let the new Mandriva users try to log in as root one time shortly after they have installed Mandriva for the first time, and let them learn their first linux leason :P And now a little of topic does anyone now a site with a lot of commands for the konsole? Quote Link to comment Share on other sites More sharing options...
tyme Posted October 27, 2006 Report Share Posted October 27, 2006 here's a good one Quote Link to comment Share on other sites More sharing options...
orts Posted October 27, 2006 Report Share Posted October 27, 2006 here's a good one Thanks, just what I was looking for Quote Link to comment Share on other sites More sharing options...
pete@icausainc.com Posted October 29, 2006 Report Share Posted October 29, 2006 Edit /etc/kde/kdm/kdmrc file. AllowRootLogin=true. BRAVO !!! As the Judge said "" If you know "" BR>Pete Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.