Re: root login

To: debian-gtk-gnome@lists.debian.org
Subject: Re: root login
From: Walter Reed <wreed@hubinternet.com>
Date: Thu, 1 May 2003 18:25:31 -0400
Message-id: <[🔎] 20030501222531.GA11740@hubinternet.com>
In-reply-to: <[🔎] 2203.192.168.0.106.1051814191.squirrel@sol.ezln23.com>
References: <20030427025246.GB4889@lazarus> <b8jtq0$7um$1@main.gmane.org> <20030429041734.GH24149@lazarus> <3EAEC591.1090700@ocf.berkeley.edu> <20030430080013.GB29199@hadesian.co.uk> <1051697351.15822.8.camel@bip.localdomain.fake> <1051701265.7685.21.camel@twoflower> <20030430154149.GA10162@hubinternet.com> <b8p69h$qf$1@main.gmane.org> <[🔎] 2203.192.168.0.106.1051814191.squirrel@sol.ezln23.com>

Christopher Taylor said:
> > Walter Reed wrote:
> >> laziness or incompetence. This entire thread is full of a bunch of
> >> crap about baseless DESIRE but there has yet to be any real concrete
> >> reasons as to the NEED for GDM level root login. The answer is obvious
> >> - there ARE no reasons. They don't exist. All that exists is a
> >> juvenile urge to
> >
> > Of course users never *need* to log into gdm as root -- you don't
> > *need*  GDM in the first place -- but it makes things easier in some
> > cases.  On  the opposite end, nobody has given a convincing argument
> > for why you  *need* to keep root logins away from gdm!

Oh PLEASE. Virtually Every single book and article on UNIX security
talks about why you don't login as root (gdm isn't the issue here.) Go
read one. In fact, I'll go one further. You shouldn't be able to login
as root at the console either unless booted in single-user mode.

> There are some applications out there that a) must be installed as root
> and b) can only be installed from a graphical UI installer. Since the
> default Debian configuration also does not permit root to use a user's X
> Windows display, this only leaves the option of disabling some of the
> Debian default "security" measures.

"security" measures - Pah.
man xhost
man su

It's really quite simple. Go ahead and run the installer as root after
you login as a normal user. This is NOT hard people. Yes, it's different
than Windows. So is the Mac. So is a Mainframe. And so on. Spend a
little time to learn the OS you use. Read some books and articles.

I WILL agree that some things could be a little easier in Debian or
other flavors of Linux. For example it would be nice to have a GUI
root-wrapper that could be accessed via the standard menu like the "Run
Program...", or maybe even just a checkbox option to Run Program that
does the "su" thang. It would also be nice if admin level apps would
just ASK for the root password if needed, and continue on. From a raw
security perspective this is sub-optimal due to the possibility of
userland trojans, but we seem to be focusing on user-owned desktops here
so it's not a big issue in this context.

The bottom line, though, is that it's just not that hard to do it with
the existing methods. In fact, it's MUCH faster and easier to just open
a term window and /bin/su and do your stuff than to logout, login as
root, do stuff, then logout again, and re-login as a normal user as the
"pro-root-login" camp is pushing. The "root IS my normal user" camp is
just too loopy to even address here.

The "default" in Debian should ALWAYS fall on the side of greater
security. In fact, many argue that the default is not secure enough, but
there have been some usability tradeoffs. Maybe the installation
procedure could have an optional extra "security" menu to alter some of
the default security settings to be more appropriate for single user
workstations, multiuser, and servers.

Reply to:

Follow-Ups:
- Re: root login
  - From: Randy Duran <duranr@earthlink.net>

References:
- Re: root login
  - From: "Christopher Taylor" <christopher@ezln23.com>

Prev by Date: Re: Gnome 2 & libfreetype6 package
Next by Date: Re: Gnome 2 & libfreetype6 package
Previous by thread: Re: root login
Next by thread: Re: root login
Index(es):
- Date
- Thread