Re: Root login in graphical enviroment

To: debian-user <debian-user@lists.debian.org>
Subject: Re: Root login in graphical enviroment
From: Chris Kenrick <chrisk@aurema.com>
Date: Thu, 1 Aug 2002 17:13:03 +1000
Message-id: <[🔎] 20020801171302.C6048@chrisk.sw.oz.au>
Mail-followup-to: debian-user <debian-user@lists.debian.org>
In-reply-to: <[🔎] 3D48D943.3010104@thewoodpecker.ca>; from leo@thewoodpecker.ca on Wed, Jul 31, 2002 at 11:46:27PM -0700
References: <1028104890.90741c0nezos_debian@myrealbox.com> <1028106415.926.51.camel@void> <20020731141316.GE5039@fishbowl.madduck.net> <1028129930.1062.26.camel@void> <20020731230328.GA12631@fishbowl.madduck.net> <20020731232536.GA19031@optimalco.com> <3D <[🔎] 3D48D943.3010104@thewoodpecker.ca>

On Wed, Jul 31, 2002 at 11:46:27PM -0700, Leo Spalteholz wrote:
> 
> 
> >Security is one aspect, but if you run as root all day every day, sooner
> >or later you'll do something accidentally that will do a lot of damage.
> >Eg, you might do rm -Rf * from the root directory (thinking you were in
> >/tmp).  No big drama if you do it as a user[1].  As root, your system is
> >hosed.
> >
> Has anyone really ever done this?  Seems like a pretty dumb thing to 
> do..  But I guess it could happen.
>

It doesn't happen often, but better safe than sorry IMHO...

> >Alternatively, keep a root login on one of your
> >virtual consoles, and switch to it whenever you need to do admin stuff.
> >
> Ah!  Now there's a good idea.  Now what if..    nope, cant run another 
> copy of X in a differnet virtual console.  Damn. :)
> 

I think you can actually run multiple "copies" of X.  Probably overkill
in this case.  What sort of stuff do you need to do as root in X?

> >Incidentally, it is more dangerous running as root on Unix than on
> >Windows.  With the Unix root user, anything goes.  There is nothing it
> >can't delete/ruin/whatever.  On the more multi-user flavours of Windows,
> >even the Adminstrator user can't do certain things.  
> >
> Really?  I didn't know that.  Now that I think of it I guess thats 
> true..  I can't kill system processes in WinXP even as admin..
>

Yep, root can kill every process, every file (including device files),
etc.  Thinking about that is usually enough to scare most people into
using a non root user primarily :)

> >In other words,
> >being able to run Windows as Administrator all the time without 
> >consequence doesn't follow on to running as root under Unix all the
> >time.
> >
> So my problem remains...   Maybe I should just change my root password 
> to something a bit shorter...  12 letters takes too long to type 50 
> times a day..

A well chosen password doesn't necessarily have to be long.  Pick
something fairly non predictable (not dictionary word, includes
numbers/punctuation etc), and you shouldn't need 12 characters worth.
Once you've got one that you think will fly, apt-get install john and
run it against your shadow password file.  I left mine running overnight
against my standard password, and it hadn't got it 24 hours later.

As mentioned before, what X apps do you need to run as root?  Perhaps if
you can find console alternatives to them that can be fired off via a
quick sudo (or similar) then that might help too...

- Chris

Reply to:

References:
- Re: Root login in graphical enviroment
  - From: Leo Spalteholz <leo@thewoodpecker.ca>

Prev by Date: Re: Root login in graphical enviroment
Next by Date: multiple kdm
Previous by thread: Re: Root login in graphical enviroment
Next by thread: Re: Root login in graphical enviroment
Index(es):
- Date
- Thread