Jump to content

Why are root logins not allowed? [solved]


dan in Jersey
 Share

Recommended Posts

anything you need to do as root can be run on an instance basis via the terminal. This is why you do not need to be able to login into a desktop as root. You do not want to do this because vulnerabilities in programs that are running as root can be exploited to gain immediate root access to the system you are using. When running a full desktop instead of running programs on an instance basis the number of programs with possible vulnerabilities that could be exploited increases dramatically, when running this programs as a user if they are exploited the level of access the hacker gains is very limited - as root, it's not limited at all (rm -rf / would succeed). I'm not saying this to criticize anyone, but because it's simply a fact, and people need to be aware of it to keep their system safe.

 

As you can see, I have made few posts, yet most seem to get moved
Do not take the fact that your posts get moved personally. I was a mod and later an admin on this forum for several years, and I can assure you that the reason posts are moved is so that they receive more attention from the people who have the knowledge to help. It is to your advantage to let the mods/admins here do their job, as it will ultimately result in better and more accurate responses. It can also help in the future when someone may be searching for an answer to a similar question and they want to narrow their search to a specific topic. Ultimately, moving your topic causes no harm and likely increases your chances of getting your problem resolved. Edited by tyme
Link to comment
Share on other sites

  • Replies 30
  • Created
  • Last Reply

Top Posters In This Topic

I have been absolutely enamoured by Mandriva since I started using it and I still am, but isn't it always the case that whenever something really good comes along in life, sooner or later you find something bad to offset it?

 

It shows you how often I log in as root that since starting to use Mandriva I have never even noticed that you can't log in as root until I read this thread and then tried it. I must say that this type of attitude annoys the living crap out of me. Are we not told that Linux is about choice?? So supposing I want to exercise that choice and log in as root. Who the hell has the right to think they can stop me? This is my life and this is my computer and if I want to use it in a way that you think is foolish then that is my right too - butt out!!

 

I guess all I can say is that at least you dont stop people from having a root account as per Ubuntu. But really can't the people that make these decisions see that they have no right to do this?

 

After having got that heartfelt rant off my chest I would now like to advise you how to correct this situation. I will use the example of Ubuntu and Linux Mint in order to do this. Ubuntu just says "no root account" end of story (unless you know how to get round it) Linux Mint on the other hand says "would you like to install a root account?" If you choose 'yes' then they load another window telling you why they think this is a bad idea but part of that window has the option to "continue anyway" or something similar. This is choice, this is what Linux is about, ignore this principle and you are no better than Microsoft - and I can't think of a worse insult than that!

Link to comment
Share on other sites

Are we not told that Linux is about choice?? So supposing I want to exercise that choice and log in as root.
If you want to do it, you can, you simply have to change an option.

 

Who the hell has the right to think they can stop me? This is my life and this is my computer and if I want to use it in a way that you think is foolish then that is my right too - butt out!!
So learn how to setup it up the way you want and do it (Linux is also about learning - and this change takes maybe 5 seconds and a text editor). They have to choose a default setting (either you can or you can't), and personally I'm glad that they choose the more secure option. It keeps people who don't understand the importance of not running a desktop environment as root from doing so, which keeps their computer (and the internet in general, as their system could be compromised and used for further attacks) safer.

 

But really can't the people that make these decisions see that they have no right to do this?
Actually, they have every right to do this. It's their product. They decide what software to put on it, they decide how the install process goes, they decide every last detail of the distribution they create, as they should - and you are, of course, free to choose to change the default settings, to contact Mandriva directly and suggest changes, or to (gasp) try a distribution that is more inline with your preferences. However, You have a root account. You can access it via su, sudo, kdesu and various other mechanisms. You are only blocked from logging into a desktop as root because it is a security risk. Would you rather them distribute a system with insecure defaults? You know, like Windows?

 

I didn't think so.

Edited by tyme
Link to comment
Share on other sites

Ok.....once again....thank you all for the input and suggestions.....I mean that sincerely.

 

As for my whiny demeaor....I'll admit, you MIGHT have a point. I was frustrated that something as simple as editing a menu (which I have done with minimum effort in a few other distros) could be so time consuming, and frankly, I was stumped. So....I come to the forum, and I have participated in many forums of various interests over the years. I post my question, and the "moderator" moves it within five minutes of posting it, but didn't bother to take an extra 30 seconds to help me out. I'm assuming the "moderator" of the forum would have experience, and knowledge of Mandriva, so I'm also assuming he/she could have helped.

 

If my assumptions are incorrect...I apologize.........if not, I stand by what I wrote.

 

EDIT: NEWSFLASH!!....I just noticed under the Admin's avatar: "not a Mandriva guru"........ If that isn't sarcasm, then I guess I do owe an apology. You can all feel free to call me a jacka$$. I can take it.( I would have deleted this post, but I don't believe in deleting things once they've been posted)

 

I would not have thought to post my question on the security thread, for my question was about how to edit my Kmenu. I am fairly new to Linux, and people like me are the ones who rely on these forums. My suggestion for a General Questions thread, was just a thought to help those like myself, that still have ALOT to learn.

 

I will not deabte this any further, I am what I am (Edit: see EDIT: NEWSFLASH!!). I do however want to ,again, sincerely thank those who offered help.

Edited by dan in Jersey
Link to comment
Share on other sites

If you want to run the program with GUI "foo" as root, then simply (speaking about KDE) "kdesu foo".

Or, "gksu foo" if using Gnome.

Or, you can run "visudo" in a root console (requires basic vi knowledge), and grant permissions for running some apps as root by "sudo foo".

Or, if you are fool enough, you can (using visudo) uncomment the line

%wheel ALL=(ALL) NOPASSWD: ALL

so that ANY user belonging to the "wheel" group can run ANY command as root, by a simple "sudo foo".

Of course this is absolutely stupid, but anyway MUCH more clever than running your desktop as root!

 

The above apply for Linux in general- not just Mandriva...

Edited by scarecrow
Link to comment
Share on other sites

If that isn't sarcasm, then I guess I do owe an apology. You can all feel free to call me a jacka$$. I can take it.

 

OK, you're a jackass :)

 

Just kidding :D. Sometimes people will read a post and may at that time not be able to help, and they may even try to see if they can help you by testing what you are trying to do on their system. Sometimes they'll even google for you to help find the answer. Sometimes it just takes a little time to get the answer to your question.

Link to comment
Share on other sites

If you want to do it, you can, you simply have to change an option.

Ok I apologise, I wasn't aware that you could enable it, so long as you can I am cool with that even though I don't know how to do it and don't really feel the need to do so. Although I don't quite agree with the argument that a machine without a root login is any more secure than one that has one, and there are times when a root login is very useful. I rescued a system once using a root login when it was impossible to login any other way (user accounts inoperative) now maybe I could have done the same thing with a 'live cd' or something similar but it was a hell of a lot easier to use the root account which was the only one operating.

 

Also there is the fact that it is pretty basic psychology that the more you tell someone not to do something "for their own good" the more they are likely to want to do it.

Link to comment
Share on other sites

Ok I apologise, I wasn't aware that you could enable it, so long as you can I am cool with that even though I don't know how to do it and don't really feel the need to do so. Although I don't quite agree with the argument that a machine without a root login is any more secure than one that has one, and there are times when a root login is very useful. I rescued a system once using a root login when it was impossible to login any other way (user accounts inoperative) now maybe I could have done the same thing with a 'live cd' or something similar but it was a hell of a lot easier to use the root account which was the only one operating.

 

Also there is the fact that it is pretty basic psychology that the more you tell someone not to do something "for their own good" the more they are likely to want to do it.

 

Yes, rescue is a time when you'd have to login as root, else you'd not be able to rescue the system.

 

What we meant was it's a bad idea to login as root every day like you do in every version of Windows. All Linux systems have a root account, including Ubuntu! I don't know of any that don't have one, in fact, I doubt it's possible considering that's how Linux/Unix is set up in general. And there is definitely no need to login to root under Gnome/KDE/X or whatever desktop environment.

Link to comment
Share on other sites

Although I don't quite agree with the argument that a machine without a root login is any more secure than one that has one, and there are times when a root login is very useful.
I'm not saying there should be no root (in fact, there can't be no root, simply disabled root), just that you shouldn't log into a Desktop Environment (KDE, GNOME, etc.) as root. You should only access root via mechanisms like su, kdesu and sudo. Root is most certainly a necessary account, and I don't personally like when distributions (like Ubuntu) try to completely disable it (on these systems the first thing I do is re-enable it - I did the same thing on my OS X box).
Link to comment
Share on other sites

Yes, rescue is a time when you'd have to login as root, else you'd not be able to rescue the system.

 

Couldn't this also be accomplished by chroot from a live cd or another linux distro? I have broken things several times in Gentoo to the point where my system was unbootable and it was nothing I couldn't fix from within a chroot environment. Just a thought. I profess to being a command line geek. :P

Link to comment
Share on other sites

Couldn't this also be accomplished by chroot from a live cd or another linux distro?
Yes, but when you chroot you are essentially logging in as root on the install you are chrooting to.
Link to comment
Share on other sites

Yes, but when you chroot you are essentially logging in as root on the install you are chrooting to.

 

I realize that but in order to make the repairs you need, you have to be root. You simply do what you do and then logout. I don't see the difference between that and doing su because in both cases you are working in a terminal with no gui interface. Not trying to argue, just make a point that there are alternatives. :)

Link to comment
Share on other sites

I don't see the difference between that and doing su because in both cases you are working in a terminal with no gui interface.
I was simply clarifying that chroot makes you root, not saying there's anything wrong with using it.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share


×
×
  • Create New...