Re: root login
- To: <firstname.lastname@example.org>
- Subject: Re: root login
- From: "Christopher Taylor" <email@example.com>
- Date: Thu, 1 May 2003 11:36:31 -0700 (PDT)
- Message-id: <[🔎] firstname.lastname@example.org>
- In-reply-to: <email@example.com>
- References: <firstname.lastname@example.org> <20030426043435.GF494@lazarus> <3EAAF3B3.email@example.com> <20030427025246.GB4889@lazarus> <firstname.lastname@example.org> <20030429041734.GH24149@lazarus> <3EAEC591.email@example.com> <20030430080013.GB29199@hadesian.co.uk> <firstname.lastname@example.org> <1051701265.7685.21.camel@twoflower> <20030430154149.GA10162@hubinternet.com> <email@example.com>
> Walter Reed wrote:
>> laziness or incompetence. This entire thread is full of a bunch of
>> crap about baseless DESIRE but there has yet to be any real concrete
>> reasons as to the NEED for GDM level root login. The answer is obvious
>> - there ARE no reasons. They don't exist. All that exists is a
>> juvenile urge to
> Of course users never *need* to log into gdm as root -- you don't
> *need* GDM in the first place -- but it makes things easier in some
> cases. On the opposite end, nobody has given a convincing argument
> for why you *need* to keep root logins away from gdm!
There are some applications out there that a) must be installed as root
and b) can only be installed from a graphical UI installer. Since the
default Debian configuration also does not permit root to use a user's X
Windows display, this only leaves the option of disbling some of the
Debian default "security" measures.
Secondly, and related to the above, some applications (e.g. Mozilla and
Eclipse) support plugins that can be installed after the main application
has been installed. By default, it is usually not possible to install
these plugins as any user other than root. I usually add my user to group
"staff" and make sure to set perms to g+w and group ownership to "staff"
for any directories that will have plugins. Of course, I'm sure this is
creating other security wholes.
The root/user separation is important, but it isn't the end of the
security question. There are many things that the root/user separation
does not handle well.