Re: text-only login is root?
Hi, postid:
On Thursday 21 October 2010 23:49:03 post id wrote:
> I've set up a minimal system on one of my machines and used no login
> manager
Of course you do. If you weren't using one, you wouldn't be able to log into
the system.
> -- I login at the prompt
See? What you don't use is a *graphical* login manager.
> and type startx to start the graphical
> session. Now I read a claim that if one didn't use a login manager to log
> in and start X, then one was logging in with root privileges. That doesn't
> appear to be true since I don't seem to have root privileges,
Not.
You log into the system as whatever user and thereafter you run programs under
that user, being the X-Window manager (the graphical session) one of them.
Maybe you were misguided by the fact that the X system needs, no matter how it
is run, some high privileges (it needs some low lever access to your system,
graphic memory, for instance) and it's a so called "setuid program" (which
means the program itself runs under the "root" effective user... always, even
if a graphical login manager is involved). Anyway, that seems to be
something a bit more technical than you need to know now: for all your
practical purposes, the graphical environment will still give you just the
privileges you already got when you started your session from the command
prompt.
> although when
> I do ctrl-alt-f1 I get a list of messages such as "Restore TV PLL," etc.
> rather than a command prompt.
By means of "startx" you started a command basically as any other else.
Try this:
Once you start your command session, execute the command 'ls -lR /' (this will
recursively list all the files in your system). You will see it takes quite
long to run and that you won't be returned to a command prompt till it's
finished. That's the usual way for all commands, startx included. Since
startx didn't finish while you still have your GUI at AltGr-7 terminal, no
command prompt is returned.
But unix-like systems seem to have a solution for everything: foreground
long-running commands (like startx) can be "sent to background" by means of
the ampersand operator, like this: 'startx &'. By doing this, you
temporarily dettach the command from its controlling terminal and because of
that a command prompt is returned.
> I don't get that on my other machines running
> graphical login managers.
A graphical login manager is a "daemon": a kind of program specifically
developed not to need a controlling terminal to be launched (and usually
meant to be automatically started at boot up).
Again, try this:
Once you start your non-graphical session, execute the command 'ps -efH'. You
will see quite a long list of already running programs: all of them are
daemons. On your machines using a graphical login manager you will see it
somewhere in the output of ps (xdm, gdm, kdm... whatever you happen to be
using).
> Do I have a security problem here?
I hope you understand now by yourself that, no, you don't have any security
problem because of this. That's the way things are expected to work.
> If so, will
> just installing a lightweight login manager (xdm?) cure it or do I need to
> change some settings somewhere? I'd be thankful for advice. Please cc me
> since I'm not currently subscribed to the list.
The question is: if all you do from command prompt is login, then startx, then
start working from within the GUI, why do you take the extra hassle? Install
your graphical login manager of choice and get done with it. Even if most of
what you do on your desktop is non-graphical, the X-Window manager is an
effective way to be able to launch multiple terminals and work from them. I
for one hasn't owned a text-only desktop/laptop for ages.
Cheers.
Reply to: