Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Have not tried it myself but you could try. Edit the file /etc/pam.d/gdm and add the line:
auth required pam_succeed_if.so user != root quiet
But I would still ask, WHY? RH is supposedly your server and you would login to your server only for administrative tasks, complete them and logout. And you would require root for the purpose. su and sudo are there but they are more oftenly meant to be used for taking permissions for certain time and give them up. More likely on desktops.
on a server /etc/inittab should be set to level 3, so no gnome, x11, gdm, etc ...
just a login prompt, and a shell below it.
One reason is that you don't want to be running lots of processes as root. For admin purpose, a bash shell should be enough.
Another reason is that if there is a security hole in one of the processes of a gnome session, then you are exposing it a lot by logging in as root!
I do agree with both of you. But if its a server disabling root user will not solve purpose. I do not remember logging into server for web browsing or checking emails. When I log in into server, its for the administrative purposes and no more. And for those purposes, root access is necessary. And in that case X should not be running in the first place. But if it is, disabling root would not completely solve the issue as he would anyhow need to login using root in console.
It would not be true for desktop though for not all desktop users are used to it.
Logging on a server in xwindow means launching lots of processes. If just one has a security problem, and you log as root, then you can compromise the whole server.
logging on a server in text mode just launches the shell process. This way, you have less chance of compromising your server.
I know some administrators are smart enough to not browse the Internet as root, etc ... but for admin activity I've never needed to launch an xwindow session.
NB: you still have the possibility to log in as a normal user, then use su to become root, and launch the graphic application that you desperately need.