[Mageia-discuss] beta2 woes and no graphical root (tonyb)

Wolfgang Bornath molch.b at googlemail.com
Tue Apr 10 15:17:20 CEST 2012


2012/4/10 Kevin R. Bulgrien <kbulgrien at att.net>:
> On Sunday, April 08, 2012 06:46:37 am Morgan Leijström wrote:
>> söndagen den 8 april 2012 12.54.04 skrev  Wolfgang Bornath:
>> > maybe there is a reason to login to a gui as root - although in
>> > all my 17 years of Linux I haven't heard one. And I have never heard
>> > about any sysadmin who did it with a reason.
>>
>> Lazyness in my case. Or call it efficiency cause of scarce time.
>> I want machines to work for me, do not have all hours to learn everything.
>>
>> I can not learn everything, even less remember it.
>> A GUI session often have lots of useable tools to see what is going on, web
>> browser to read documentation of what i am trying to do, can copy to
>> virtual terminal, etc.
>>
>> That is why even my server always runs KDE (but not as root)
>>
>> Um... when i think about it i have not used GUI as root for a year or so,
>> but it was a time saver in the beginning and i might have given up on
>> Linux without it.
>>
>> This is the few sysadmin hours of an own smalll company owner and home
>> server.
>
> A quick google of "run x as root" shows up good advice that has
> existed for a very long time.  One example is:
>
> http://tldp.org/HOWTO/XWindow-User-HOWTO/xsecurity.html
>
> This kind of laziness is dangerous.  Even the discipline of not being on
> the internet at the time is a false fix.  Anything that has security issues
> can modify the security of the local network, install malware, or
> damage critical files, etc.
>
> A shell in non-root X can easily attain root for GUI applications - not just
> CLI instructions.
>
> Sure, it is less direct to look at the GUI menu to figure out how to invoke
> some of the tools, but it can be a one-time effort that has a side effect of
> increasing knowledge of the tools one uses to administer a system easily
> and safely.
>
> I am not so much in a different position as you are, and I can probably
> count on my hands how many times I ran X as root since Mandriva 7.2,
> and I think that was too many.

Since my first Mandrake in 1998 (even before with SuSE and RedHat and
Debian I did it exactly 1 time - that was after the change to a red
background and it took only a couple of seconds and involved no action
except  shutdown, I just wanted to see the red background  :)

Well (not wasting too much time on this), everybody can do what he
wants - if he has the knowledge to change the configuration to be able
to login to KDE or Gnome as root, he should have the knowledge not to
do it. This hurdle which was implemented is a good idea to prevent
less experienced people doing it all the time just because of
laziness. So I'm not too happy about broadcasting how it works.

OTOH, we are not the security admins of the user's mind. :)

-- 
wobo


More information about the Mageia-discuss mailing list