Re: root login

To: Christopher Taylor <christopher@ezln23.com>
Cc: debian-gtk-gnome@lists.debian.org
Subject: Re: root login
From: Thomas E Jenkins <mort@cavtel.net>
Date: 01 May 2003 16:35:17 -0400
Message-id: <[🔎] 1051821316.10967.16.camel@localhost>
In-reply-to: <[🔎] 2203.192.168.0.106.1051814191.squirrel@sol.ezln23.com>
References: <1051291323.3ea96ebb18853@mail.dominicanrepublic.com> <20030426043435.GF494@lazarus> <3EAAF3B3.1020303@ocf.berkeley.edu> <20030427025246.GB4889@lazarus> <b8jtq0$7um$1@main.gmane.org> <20030429041734.GH24149@lazarus> <3EAEC591.1090700@ocf.berkeley.edu> <20030430080013.GB29199@hadesian.co.uk> <1051697351.15822.8.camel@bip.localdomain.fake> <1051701265.7685.21.camel@twoflower> <20030430154149.GA10162@hubinternet.com> <b8p69h$qf$1@main.gmane.org> <[🔎] 2203.192.168.0.106.1051814191.squirrel@sol.ezln23.com>

On Thu, 2003-05-01 at 14:36, Christopher Taylor wrote:
> > Walter Reed wrote:
> >> laziness or incompetence. This entire thread is full of a bunch of
> >> crap about baseless DESIRE but there has yet to be any real concrete
> >> reasons as to the NEED for GDM level root login. The answer is obvious
> >> - there ARE no reasons. They don't exist. All that exists is a
> >> juvenile urge to
> >
> > Of course users never *need* to log into gdm as root -- you don't
> > *need*  GDM in the first place -- but it makes things easier in some
> > cases.  On  the opposite end, nobody has given a convincing argument
> > for why you  *need* to keep root logins away from gdm!
> 
> There are some applications out there that a) must be installed as root
> and b) can only be installed from a graphical UI installer. Since the
> default Debian configuration also does not permit root to use a user's X
> Windows display, this only leaves the option of disbling some of the
> Debian default "security" measures.
> Secondly, and related to the above, some applications (e.g. Mozilla and
> Eclipse) support plugins that can be installed after the main application
> has been installed. By default, it is usually not possible to install
> these plugins as any user other than root. I usually add my user to group
> "staff" and make sure to set perms to g+w and group ownership to "staff"
> for any directories that will have plugins. Of course, I'm sure this is
> creating other security wholes.
> The root/user separation is important, but it isn't the end of the
> security question. There are many things that the root/user separation
> does not handle well.

Root can use a user's X display if you don't grab root's env by not
passing the "-" argument to "su".  You can also run X apps using sudo. I
have done both of these with Debian's default security settings.  I have
never found a need to run X as root.


--
Lisp Users: Due to the holiday next Monday, there will be no garbage
collection.

Thomas E Jenkins <mort@cavtel.net>

Reply to:

References:
- Re: root login
  - From: "Christopher Taylor" <christopher@ezln23.com>

Prev by Date: Section for GTK+ engines
Next by Date: Re: Gnome 2 & libfreetype6 package
Previous by thread: Re: root login
Next by thread: Re: root login
Index(es):
- Date
- Thread