|
Enabling GUI root login. Please instruct, please refrain from dissuasion attempts.
Firstly, I've read all the disclaimers regarding proper security practice in Linux and why GUI root login is a bad idea. Many of them I didn't even need to read - I'm studying InfoSec at university and have taken many courses in security theory, administration, policy, etc.
So... Can anyone tell me how to enable graphical root login in Ubuntu 7.10 "Gutsy Gibbon?" I'm adept (no pun intended) at using sudo and "su -(insert option here)" I know how to enable root in a terminal via "sudo passwd root." I'm asking about enabling root login in GDM to enable a full graphical desktop with root access across the board. Now, a few disclaimers of my own: Why I want to do this: Well, mostly because I can. Also, because the system in question is not a mission-critical system and because there is no sensitive data whatsoever at stake. Because I consider it a learning experience. Because, and I swear I'm not trying to flame here, a distro telling me what I ought and ought not to do on my own computer seems a very Microsoft thing to do - I switched to Linux to get away from that mentality, I want my computer to obey me, not vice-versa. "But it's to protect inexperienced users:" I'm an experienced user. I've used just about every distro out there. RedHat "old-school," RHEL, Fedora, Mandr(ake|iva), Gentoo (stage3 and put up a fight with stage1), Slackware (my favourite after Ubuntu), Knoppix, DSL, SuSE, and some obscure ones like JAMD and LainOS. I've seen the ugly bits already. I've reconfigured my kernel, via "make menuconfig" and "make xconfig." I've installed software from packages (.rpm and .tgz), via apt-get and portage, and by compiling from source. About the only thing I haven't done yet is an LFS build. Preventing me logging in as root isn't protecting me from anything I don't already know about. "If you have the experience, why not use a more advanced distro?" Because I like Ubuntu. It's the only one so far that has seen all of my hardware out-of-the-box, the only one that plays nice from the get-go with my video card and wireless adapter, and with the one exception of trying to get a straight answer on this very issue, it has a good support community behind it. I'm kinda tired of fighting with configurations and recompiling/reconfiguring my kernel and wrestling with free, semi-free, non-free, and free-on-prime-numbered-days repositories to get my hardware working. Please, I defend my distro choice enough as it is against the distro-diehards, I'm not interested in arguing the merits of using Ubuntu. I just like it. "But if we post how to do it.." (insert can-of-worms, cat-out-of-bag, horse-out-of-barn, genie-out-of-bottle, Pandora's-Box analogy of choice here): I'd be more than willing to accept a PM or an E-mail of how to do it if you don't want to publish the solution free-and-clear for inexperienced users to stumble across. I'm not interested in causing anybody else any grief. I just want this information for my own personal use. If I screw up my system, well, experience is the best teacher and I won't do that again. Plus, like I said, it's a test-dummy box, so no real data is at stake. If you want me to promise never to use the procedure on a server or other production system, I have no problems giving you my word that I will use my great power with great responsibility. I'm truly very sorry if this comes across as harsh or overly forceful in any way. It's just that I've searched the Ubuntu forums, this forum, and various reference pages on Google, and I've turned up only "You really shouldn't do that, I'm not going to tell you how" or articles on configuring Ubuntu Warty to do something similar. I recall enabling root login in the Warty/Hoary days, but the procedure seems to have changed. I'm grateful for any help you can give, as long as that help is the kind I'm asking for. I know that I'm asking people to defy what seems to have become an established convention by requesting this solution be provided, but on the other hand, I also know what I'm asking. If you wish to E-mail me the solution, my E-mail address is my LinuxQuestions forum username @gmail.com Thank you, all of you, very much for understanding and for any help you can provide. And for hopefully ending my frustration. |
|
Ok, a few comments:
I've been administering Unix and Linux systems for over 12 years and I don't think I've logged into a GUI as root in over 5, and trust me, the systems obey what I tell them to do (they just ask for my password first if I haven't done sudo in a while). The distro isn't telling you what you ought and ought not do, almost 40 years of systems admin experience times the millions of admins on the planet is telling you what you ought not do. If your system gets compromised, it isn't just the data that is on that system that is vulnerable. Any system that access that system or that is accessed by that system is vulnerable (i.e. if you are going to stay logged in as root, stay off the network). Should you know how to reenable root logins? Certainly. Should you log in to a GUI as root? Only under extreme circumstances, for limited amounts of time, and being VERY careful. HTH Forrest |
A fool and his money are soon parted ...
A man who logs into a *nix system as root should be banished to the darkside. The primary thing which makes *nix secure, vs. the darkside (MickeySoft) being unsecure, is the true multiuser system and non-root login. |
I wasn't trying to imply he was a fool. There but just that it isn't something that should be done with any amount of frequency and that extreme care should be used. I'll give him the benefit of the fact that he will use his powers wisely.
|
Quote:
|
Quote:
I admin some servers for a big university here. They contain doctoral thesis, research, etc. They all login via PuTTy from Windows boxen as root, with 6 numbers as the password to server1. Then they rsh into the other servers using PAM, rather than setting up (one time only) ssh accounts for the students. They also had RAID0 on an array. I told them the dangers of both ill-advised operations. Earlier this year they lost a RAID array with over 500GB of data. Guess what? When I installed the new SCSI card, we setup RAID5. I didn't have to "sell them" on if after the old card failed on the RAID0. I suspect the same thing will have to happen with the root login situation. Hey, guys, these are PCs, right? Personal Ccomputers ... and my opinion still stands, no matter how much experience the OP has ... |
A few comments on the comments:
First of all, thanks to pljvaldez for the solution. I do appreciate it. forestt: I know. Perhaps it was a poor choice of words on my part; let me put it this way - "I don't like that Ubuntu, despite having the technical capability to login as root, presumes to know better than me what I should do with a system." Now, maybe it really does know better than me. If so, and if I make a mistake as a result of my bravado, then in all likelihood that mistake will be humbling and, more importantly, educational. Until such a mistake is made, though, I would rather my OS acknowledge that yes, for some reason it can't have predicted, I do want to perform a GUI root login and do as it is told. Also, with regard to networks, the system in question is a home computer and not a work one, and it is also plugged into a switch sitting right within arm's reach, so it's easy to sequester it if I think something's gone sour. Thanks, though, for your concern for the safety of my network. I will be certain to keep a close eye on that test system and be ready to pop the cable. I've been meaning to setup a VLAN (something else I want to get some experience doing) and I think my router/firewall supports it. I might create a VLAN for that test box to isolate it from more sensitive and actively-used systems. Bruce: I know. But at the same time, another thing that I consider a significant separator is the fact that if you want to do something potentially boneheaded, Linux will stand aside and let you reap what you sow as opposed to throwing up a million warnings saying "You are about to prove you don't know how to think. Cancel or allow?" Linux, in my past experience, lets you learn things the hard way...but at least you do learn. pljvaldez: Hmmm...where to start... Blaster maybe? Or maybe I should go retro with Nimda. Decisions, decisions... Thanks, everyone. I appreciate the help. |
I have a hard time believing you have that much experience with Linux and cannot figure out how to enable a graphical root login in Ubuntu. Are you creating this thread just to provoke some kind of reaction?
|
Ubuntu is the first distro I've used that has disabled GUI root logins by default. My experience has been with either CLI-only installations (e.g. servers I've configured at my place of work) or with graphical environments that don't impose any restrictions not explicitly put in place by me. At least, that is to the best of my ability to recall.
|
[LINK REMOVED BY MODERATOR]
|
http://ubuntuforums.org/showthread.php?p=3810200 is apparently not a public page -- it demands I log in to view it. Kind of pointless link to post.
|
Fedora 10 and Root
I agree with CelticWhisper. Many other users (forestt, Bruce) had valid points, but the one thing I hate about Microsoft is that they think for me. And now Fedora 10 is doing the same-it htinks for me, protects me against myself with disabling root. I know the dangers, and in a production I will use sudo etc. But in a testing environment (yes, where I can format and reinstall if need be), I do need and want to use root.
Don't think for me. On another post (http://www.linuxquestions.org/questi...ora-10-692315/) mk 27 made this very valid remark: "This is a very very very stupid "security feature". Eventually fedora should just send a team of people over to pick up your computer since you are not responsible enough to use it" Pleae, tell us how to enable root in a graphical environment!@!!! |
FOUND IT: Enabling GUI. Instruct, no dissuasion attempt
Found the resolution on fedoraforum.org. Comment out the line
Code:
auth required pam_succeeded_if.so user !" root quietYou can do this with 1 command Quote:
|
| All times are GMT -5. The time now is 05:11 PM. |