Jump to content
edwardp

Root logins not allowed (MDV2007)

Recommended Posts

Apparently, MDV2007 does not allow root logins from the main login screen. Is there any particular reason for this? I am able to open a Konsole window (using KDE) and su into root from there with the password.

 

When MDV2007 was installed, I set the security level to Standard.

 

 

[moved from Software by spinynorman]

Share this post


Link to post
Share on other sites

Is there any particular reason for this?

It depends if you want a long or short answer ......

 

Usually if you have to ask the question then its there to protect you.... and on the whole noone who understands why its there would want to run the GUI as root or anyone who wants to run the GUI as root is prevented doing so until they work out how to do it... usually by the time anyone works out how they no longer want ot run the GUI as root...

 

Its trivial to change but there is no need, there is nothing you need a GUI running as root for...

 

( with the exception of perhaps some realtime permissions for music mixing... ) but then you need to disconnect from the internet or run a good firewall and know what your doing...

 

Also if you want to run the GUI as root then just stop the dm and start the GUI from a console as root... but again there is nothing in the GUI that needs to be run as root that cannot be opened specifically as root...

 

Many programs will not even run as root... anyway because the program designers have kept to good practice so progs like gtk-gnutella and most irc chat clients will refuse to even start as root.

Share this post


Link to post
Share on other sites

The intent was to check permissions for a CD-ROM device, because KsCD would not play any CD's as I reported in another thread.

 

cwhobbes: Thank you. I checked the file you mentioned and that line was set to false, but it also mentioned true was the default. I guess that it must have to do with my setting the security to Standard when I installed it.

Share this post


Link to post
Share on other sites

You certainly do not need a graphical login as root to fix a permissions thing.

You can do it with a simple "kdesu krusader", or from a root console with

chmod/chown command for /dev/hdc or whatever your CD-ROM's device node is.

Share this post


Link to post
Share on other sites

To check permissions you don't even need root access...obviously you do to chnage them in which case the kdesu krusador or even kdesu konqueror works fine...

Share this post


Link to post
Share on other sites

i think it's a whole much easier to be able to run the gui as root, and allmost all apps work as root. That warning that shows up when u start the gui should be enough, and who ever is still a newbie who doesn't know what he is doing, the warning screen should be enough. Who ever ignores it, is going on his own responsability. I tryed doing stuff from a normal user, but it's a pain in the A**. For me is crucial that i can run the gui as root, so they should reenable it.

Share this post


Link to post
Share on other sites

When I first started with linux I ran as root a lot to find out WHAT NOT TO DO! That will teach you fast. I didn't mind the reinstalls and all the crap...doing it all over and over helped me remember things.

 

Anyway, I like root login too when I have a lot I want to do as root. I start a new session as root and make system wide changes or whatever and I agree entering a password every 30 seconds sucks. Root GUI saves me a lot of hassle. It stinks where they have hidden the settings for this. Something else to remember, that is untill next version when they MOVE IT!

Share this post


Link to post
Share on other sites

I don't think it's crucial to have the gui run as root. In fact, it would be stupid. This is why Windows is so bad because it's done by default. Luckily they are realising this too, I've seen from recent Microsoft training I've done.

 

So, soon, if you use Windows, you'll have to do the same. They're taking automatic root/administrator access away for your own good. But if you're happy running as root, go for it, but the default won't change.

Share this post


Link to post
Share on other sites

i too hate those password challenges since they break my rhythm. what i do is launch a terminal, change to root, and launch everything i need by backgrounding them:

 

# mcc &
# urpmi something

 

i get the benefit of both worlds since i am restricting root access to the things where i need them. the rest of my applications run on my account. this just involved figuring out the cli equivalent of my applications but the properties of each item will reveal that.

 

ciao!

Share this post


Link to post
Share on other sites
i think it's a whole much easier to be able to run the gui as root, and allmost all apps work as root.

Yep that's just sloppy programming because the programmers rely on the fact people wouln't be so crazy as to run the apps as root. Its a function of misplaced faith in human intellegence.

 

What linux needs is the same warning you find on lighter fluid or drain cleaner etc.

AFAIK, there is nothing on a lighter refill that physically prevents me trying to microwave it or stick it in an oven. There is nothing on the drain cleaner that stops me pouring it into a glass and drinking it.

There are different nozzles on different fuel types... I guess this just takes away my freedom to fill my gasoline car with deisel, which of course is my right since its my car (although the forecourt is not my property so I should perhaps arrange for a tow truck before I do this).

 

That warning that shows up when u start the gui should be enough, and who ever is still a newbie who doesn't know what he is doing, the warning screen should be enough. Who ever ignores it, is going on his own responsability. I tryed doing stuff from a normal user, but it's a pain in the A**. For me is crucial that i can run the gui as root, so they should reenable it.

Why should they?

Why don't you start taking responsibility for your own actions and you enable it?

Meanwhile why not campaign for universal gas pumps and see if you can't get all gas pump nozzels to be the same so anyone can screw up their car without meaning to?

 

While you are at it I have a list of packages not installed by DEFAULT.... this imposes on my freedom ... I want my packages to be installed and no others... ?? While we are at it why doesn't the window manager revert to fvwm by default? I use this so everyone else should presumably.

 

I also want all the ports setting open by default its a pain to have to open them up manually so people can try and hack me.

 

What you find convenient matters not one iota to me.

What noobies do to their systems however does or at least should mean something to mandriva....

What people say in the reviews should matter to mandriva.

 

What I recommend is making your own distro ... call it insecurenux or something

Here is the kernel

http://kernel.org

Here is a suggested compiler, feel free to use whatever you like

http://www.gnu.org/software/gcc/gcc.html

 

 

meanwhile you need to find the source code for all the apps that will not run as root and recompile them after editing out the safeguards.

 

edits:

Incidentally here is what KDE have to say

http://docs.kde.org/userguide/root.html

Using KDE as Root

 

Francis Giannaros

 

For UNIX® operating systems there are often different users, which in turn might have different privileges. The conventional method is to have an ordinary user account, whose files are generally stored in /home/username, and then to also have a root account. The root, or Super User, account has system-wide privileges, being able to modify any file on the system.

 

Although this means that it is easy to perform administrative tasks without hassle, it also means that there are no security restrictions imposed upon it. Thus, a small typographical error or other mistake can result in irrevocable damage.

 

Some of the operating systems that run KDE come with a graphical root login enabled. Despite this, you should never log in to KDE as root, and you should never need to. Your system is far more open to attack, particularly if you are browsing the Internet as root, and you dramatically increase your chances of damaging your system.

 

Its all possible when you take responsibility for your actions and stop expecting a distro should do every default the way YOU want it and force that on others.

 

So why exactly should Mandriva follow your advice and not that of the programmers who wrote KDM and KDE?

Edited by Gowator

Share this post


Link to post
Share on other sites

I think the point here has been missed. Some of the new users don't know all of the commands to do things and a GUI as root makes it easier. Granted, it is also easier to trash your system but as they say, live and learn. The root user can be hidden and with a good password you should be protected. Anyone who wants to hack into your system surly knows how to elable root login. We didn't say Mandriva should enable it by default, but that it should not be hidden so deep in a file.

 

As I said, when I first started with linux I used the root login to the GUI to poke around everywhere. It made it much easier to find files like /etc/kde/kdm/kdmrc and learn for myself without asking someone where a setting was. I was also able to figure out some of the file system and where programs are installed.

 

Most people don't need NASA strength security because who cares what you have? ANd as I said, a good password (something other than your dogs name) should protect most people from someone sitting down at their computer and logging in as root and using their desktop like a video game!

 

KDE also said this:

 

Although this means that it is easy to perform administrative tasks without hassle, it also means that there are no security restrictions imposed upon it. Thus, a small typographical error or other mistake can result in irrevocable damage.

 

Key words being "easy to perform administrative tasks without hassle" and "can result in irrevocable damage". Easy to administer and cause irrevocable damage. Well you have been warned.

Share this post


Link to post
Share on other sites

maybe i didn't expressed my self clearly. What i wanted to say is that they should as yankee sayd to keep root hidden, but to allow logins in graph mode from login manager. I never ment to use the root for web browsing, video games etc. It is just A LOT easyer to config ur computer. The warning that comes up SHOULD BE ENOUGH. If u ignore it, and dono what u are doing and IF also u plan to use root as default user, than u are on ur own. Microsoft's problem with default admin is THEYR problem. Never sayd to set root as default user. Just sayd that they should REENABLE root login as graph from loggin menu.

Share this post


Link to post
Share on other sites
I think the point here has been missed. Some of the new users don't know all of the commands to do things and a GUI as root makes it easier.
Noone has yet come up with any task that is..there is nothing that needs a root login into X... and nothing it can do that cannot be done using the correct tool.

Even if you want to copy files etc. then you just start a filemanger as root... add it to your menu and it will always be there... same for a editor etc. and if this is just for a one off then why go through ksm/gsm/xdm at all? Just run startx from a root console???

 

Granted, it is also easier to trash your system but as they say, live and learn. The root user can be hidden and with a good password you should be protected. Anyone who wants to hack into your system surly knows how to elable root login. We didn't say Mandriva should enable it by default, but that it should not be hidden so deep in a file.

So you want mandriva to completely rewrite the login managers so that someone doesn't need to find a single file that anyone who knows what they are doing knows exactly where it is anyway???

The file is where the file is meant to be ...

 

As I said, when I first started with linux I used the root login to the GUI to poke around everywhere. It made it much easier to find files like /etc/kde/kdm/kdmrc and learn for myself without asking someone where a setting was. I was also able to figure out some of the file system and where programs are installed.

How is this easier than starting konqueror as root or running kommander and switching to root mode?

(The best way to figure out where something is installed btw is looking in the package info for that package. )

 

 

Most people don't need NASA strength security because who cares what you have? ANd as I said, a good password (something other than your dogs name) should protect most people from someone sitting down at their computer and logging in as root and using their desktop like a video game!

 

Who needs a password? That is the whole point of seperate accounts. If you use a browser then I don't need a password because you already opened the connection. This is the whole reason for having seperate accounts .... if X is running as root then X can start any other process as root. If firefox is running as root the same... the can also see and manipulate your whole filesystem... try for yourself, go to a webmail client and attach file ... the http:// server you are browsing has the same privlidges as the user running the browser ... the point being they don't need a password.

 

If you try something like webmin and use it as root you can add/delete install packages etc. etc. with abandon and NO PASSWORD required .... any website can do exactly the same. (or IRC bot or 100 other things) Im not saying this to criticise webmin Im saying it because this is what can be done from a web browser running with root privilidges.

Share this post


Link to post
Share on other sites

(This is basically sort of a distallation of a couple of posts I made a while back on mandrivausers.org)

 

That one chooses the wrong way to do something does not mean it's the right way, even for them. I've seen endless discussions about running the desktop as root and never heard a single convincing reason to do it. NOT ONE. No one's given one here either. Knowing how to log in to a GUI desktop is not a "solution" to any problem. Jeeze, why would anyone ever even want to risk it?

 

Look, in nearly 6 years of using Linux I've never needed to do anything I couldn't do quickly and easily when logged in as a user, using either text-based tools or GUI, including any file-editing chores or whatever. Logging in as root doesn't save any time. I haven't logged into my desktop as root since the 1st day I used Linux. I was coming over from Win98 and knew nothing of permissions, etc. I immediately learned not to ever do it again and why it was pointless to do so anyway.

 

Besides, if you get used to doing root chores logged into a GUI and using only GUI tools, what would you do if X gets trashed? Working exclusively with GUI tools is OK as far as it goes, but doesn't teach you know how to work from a console or with Midnight Commander if X is not available. For those new to Linux I can't recommend learning to be comfortable with Midnight Commander highly enough. Every Linux user, especially those who don't want to learn the command line or vim, should learn the basics of using MC.

 

Again, I want to make this perfectly clear for any n00bs who may be reading this thread and are tempted to do the familiar Windoze kinda thing and run their desktop as root: There is absolutely NO reason or need, not for ease, not speed or any other reason I have ever heard, to EVER log into your desktop as root. Running as root is just a VERY BAD IDEA - period. You are only learning NOT to use some of the best advantages of Linux.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...