[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: text-only login is root?

Hi, postid:

On Thursday 21 October 2010 23:49:03 post id wrote:
> I've set up a minimal system on one of my machines and used no login
> manager

Of course you do.  If you weren't using one, you wouldn't be able to log into 
the system.

> -- I login at the prompt

See?  What you don't use is a *graphical* login manager.

> and type startx to start the graphical  
> session. Now I read a claim that if one didn't use a login manager to log
> in and start X, then one  was logging in with root privileges. That doesn't
> appear to be true since I don't seem to have root privileges,


You log into the system as whatever user and thereafter you run programs under 
that user, being the X-Window manager (the graphical session) one of them.

Maybe you were misguided by the fact that the X system needs, no matter how it 
is run, some high privileges (it needs some low lever access to your system, 
graphic memory, for instance) and it's a so called "setuid program" (which 
means the program itself runs under the "root" effective user... always, even 
if a graphical login manager is involved).  Anyway, that seems to be 
something a bit more technical than you need to know now: for all your 
practical purposes, the graphical environment will still give you just the 
privileges you already got when you started your session from the command 

> although when 
> I do ctrl-alt-f1 I get a list of messages such as "Restore TV PLL," etc.
> rather than a command prompt.

By means of "startx" you started a command basically as any other else.

Try this:

Once you start your command session, execute the command 'ls -lR /' (this will 
recursively list all the files in your system).  You will see it takes quite 
long to run and that you won't be returned to a command prompt till it's 
finished.  That's the usual way for all commands, startx included.  Since 
startx didn't finish while you still have your GUI at AltGr-7 terminal, no 
command prompt is returned.

But unix-like systems seem to have a solution for everything: foreground 
long-running commands (like startx) can be "sent to background" by means of 
the ampersand operator, like this: 'startx &'.  By doing this, you 
temporarily dettach the command from its controlling terminal and because of 
that a command prompt is returned.

> I don't get that on my other machines running 
> graphical login managers.

A graphical login manager is a "daemon": a kind of program specifically 
developed not to need a controlling terminal to be launched (and usually 
meant to be automatically started at boot up).

Again, try this:

Once you start your non-graphical session, execute the command 'ps -efH'.  You 
will see quite a long list of already running programs: all of them are 
daemons.  On your machines using a graphical login manager you will see it 
somewhere in the output of ps (xdm, gdm, kdm... whatever you happen to be 

> Do I have a security problem here?

I hope you understand now by yourself that, no, you don't have any security 
problem because of this.  That's the way things are expected to work.

> If so, will  
> just installing a lightweight login manager (xdm?) cure it or do I need to
> change some settings somewhere? I'd be thankful for advice. Please cc me
> since I'm not currently subscribed to the list.

The question is: if all you do from command prompt is login, then startx, then 
start working from within the GUI, why do you take the extra hassle?  Install 
your graphical login manager of choice and get done with it.  Even if most of 
what you do on your desktop is non-graphical, the X-Window manager is an 
effective way to be able to launch multiple terminals and work from them. I 
for one hasn't owned a text-only desktop/laptop for ages.


Reply to: