LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu
User Name
Password
Ubuntu This forum is for the discussion of Ubuntu Linux.

Notices



Reply
 
Search this Thread
Old 11-14-2007, 04:44 PM   #1
CelticWhisper
LQ Newbie
 
Registered: May 2004
Distribution: Ubuntu 7.10 i386
Posts: 22

Rep: Reputation: 0
Enabling GUI root login. Please instruct, please refrain from dissuasion attempts.


Firstly, I've read all the disclaimers regarding proper security practice in Linux and why GUI root login is a bad idea. Many of them I didn't even need to read - I'm studying InfoSec at university and have taken many courses in security theory, administration, policy, etc.

So...

Can anyone tell me how to enable graphical root login in Ubuntu 7.10 "Gutsy Gibbon?" I'm adept (no pun intended) at using sudo and "su -(insert option here)" I know how to enable root in a terminal via "sudo passwd root." I'm asking about enabling root login in GDM to enable a full graphical desktop with root access across the board.

Now, a few disclaimers of my own:

Why I want to do this:
Well, mostly because I can. Also, because the system in question is not a mission-critical system and because there is no sensitive data whatsoever at stake. Because I consider it a learning experience. Because, and I swear I'm not trying to flame here, a distro telling me what I ought and ought not to do on my own computer seems a very Microsoft thing to do - I switched to Linux to get away from that mentality, I want my computer to obey me, not vice-versa.

"But it's to protect inexperienced users:"
I'm an experienced user. I've used just about every distro out there. RedHat "old-school," RHEL, Fedora, Mandr(ake|iva), Gentoo (stage3 and put up a fight with stage1), Slackware (my favourite after Ubuntu), Knoppix, DSL, SuSE, and some obscure ones like JAMD and LainOS. I've seen the ugly bits already. I've reconfigured my kernel, via "make menuconfig" and "make xconfig." I've installed software from packages (.rpm and .tgz), via apt-get and portage, and by compiling from source. About the only thing I haven't done yet is an LFS build. Preventing me logging in as root isn't protecting me from anything I don't already know about.

"If you have the experience, why not use a more advanced distro?"
Because I like Ubuntu. It's the only one so far that has seen all of my hardware out-of-the-box, the only one that plays nice from the get-go with my video card and wireless adapter, and with the one exception of trying to get a straight answer on this very issue, it has a good support community behind it. I'm kinda tired of fighting with configurations and recompiling/reconfiguring my kernel and wrestling with free, semi-free, non-free, and free-on-prime-numbered-days repositories to get my hardware working. Please, I defend my distro choice enough as it is against the distro-diehards, I'm not interested in arguing the merits of using Ubuntu. I just like it.

"But if we post how to do it.." (insert can-of-worms, cat-out-of-bag, horse-out-of-barn, genie-out-of-bottle, Pandora's-Box analogy of choice here):
I'd be more than willing to accept a PM or an E-mail of how to do it if you don't want to publish the solution free-and-clear for inexperienced users to stumble across. I'm not interested in causing anybody else any grief. I just want this information for my own personal use. If I screw up my system, well, experience is the best teacher and I won't do that again. Plus, like I said, it's a test-dummy box, so no real data is at stake. If you want me to promise never to use the procedure on a server or other production system, I have no problems giving you my word that I will use my great power with great responsibility.

I'm truly very sorry if this comes across as harsh or overly forceful in any way. It's just that I've searched the Ubuntu forums, this forum, and various reference pages on Google, and I've turned up only "You really shouldn't do that, I'm not going to tell you how" or articles on configuring Ubuntu Warty to do something similar. I recall enabling root login in the Warty/Hoary days, but the procedure seems to have changed. I'm grateful for any help you can give, as long as that help is the kind I'm asking for. I know that I'm asking people to defy what seems to have become an established convention by requesting this solution be provided, but on the other hand, I also know what I'm asking.

If you wish to E-mail me the solution, my E-mail address is my LinuxQuestions forum username @gmail.com

Thank you, all of you, very much for understanding and for any help you can provide. And for hopefully ending my frustration.
 
Old 11-14-2007, 05:28 PM   #2
pljvaldez
Guru
 
Registered: Dec 2005
Location: Somewhere on the String
Distribution: Debian Squeeze (x86)
Posts: 6,092

Rep: Reputation: 269Reputation: 269Reputation: 269
http://ubuntuforums.org/archive/index.php/t-31053.html
 
Old 11-14-2007, 05:50 PM   #3
forrestt
Senior Member
 
Registered: Mar 2004
Location: Cary, NC, USA
Distribution: Fedora, Kubuntu, RedHat, CentOS, SuSe
Posts: 1,288

Rep: Reputation: 99
Ok, a few comments:

I've been administering Unix and Linux systems for over 12 years and I don't think I've logged into a GUI as root in over 5, and trust me, the systems obey what I tell them to do (they just ask for my password first if I haven't done sudo in a while).

The distro isn't telling you what you ought and ought not do, almost 40 years of systems admin experience times the millions of admins on the planet is telling you what you ought not do.

If your system gets compromised, it isn't just the data that is on that system that is vulnerable. Any system that access that system or that is accessed by that system is vulnerable (i.e. if you are going to stay logged in as root, stay off the network).

Should you know how to reenable root logins? Certainly. Should you log in to a GUI as root? Only under extreme circumstances, for limited amounts of time, and being VERY careful.

HTH

Forrest
 
Old 11-14-2007, 06:24 PM   #4
Bruce Hill
HCL Maintainer
 
Registered: Jun 2003
Location: Tupelo, MS
Distribution: Gentoo
Posts: 6,926

Rep: Reputation: 124Reputation: 124
A fool and his money are soon parted ...

A man who logs into a *nix system as root should be banished to the darkside.

The primary thing which makes *nix secure, vs. the darkside (MickeySoft) being unsecure, is the true multiuser system and non-root login.
 
Old 11-14-2007, 06:40 PM   #5
forrestt
Senior Member
 
Registered: Mar 2004
Location: Cary, NC, USA
Distribution: Fedora, Kubuntu, RedHat, CentOS, SuSe
Posts: 1,288

Rep: Reputation: 99
I wasn't trying to imply he was a fool. There but just that it isn't something that should be done with any amount of frequency and that extreme care should be used. I'll give him the benefit of the fact that he will use his powers wisely.
 
Old 11-14-2007, 07:20 PM   #6
pljvaldez
Guru
 
Registered: Dec 2005
Location: Somewhere on the String
Distribution: Debian Squeeze (x86)
Posts: 6,092

Rep: Reputation: 269Reputation: 269Reputation: 269
Quote:
Originally Posted by Bruce Hill View Post
A fool and his money are soon parted ...

A man who logs into a *nix system as root should be banished to the darkside.

The primary thing which makes *nix secure, vs. the darkside (MickeySoft) being unsecure, is the true multiuser system and non-root login.
I didn't have any qualms about posting the solution for him because it seems like he is aware of what he's getting into. Linux gives him the power and flexibility to make as insecure a system as he wants. Once he does set up that system, I'd be curious to see if he could get some windows viruses to run via wine...
 
Old 11-14-2007, 07:40 PM   #7
Bruce Hill
HCL Maintainer
 
Registered: Jun 2003
Location: Tupelo, MS
Distribution: Gentoo
Posts: 6,926

Rep: Reputation: 124Reputation: 124
Quote:
Originally Posted by pljvaldez View Post
I didn't have any qualms about posting the solution for him because it seems like he is aware of what he's getting into. Linux gives him the power and flexibility to make as insecure a system as he wants. Once he does set up that system, I'd be curious to see if he could get some windows viruses to run via wine...
Yeah, I shouldn't post opinions or puns in LQ. It's not for the OP, but for some duffus who passes by and says, "See, I told you it was okay to login as root."

I admin some servers for a big university here. They contain doctoral thesis, research, etc. They all login via PuTTy from Windows boxen as root, with 6 numbers as the password to server1. Then they rsh into the other servers using PAM, rather than setting up (one time only) ssh accounts for the students. They also had RAID0 on an array. I told them the dangers of both ill-advised operations. Earlier this year they lost a RAID array with over 500GB of data. Guess what? When I installed the new SCSI card, we setup RAID5. I didn't have to "sell them" on if after the old card failed on the RAID0. I suspect the same thing will have to happen with the root login situation.

Hey, guys, these are PCs, right? Personal Ccomputers ... and my opinion still stands, no matter how much experience the OP has ...
 
Old 11-14-2007, 07:45 PM   #8
CelticWhisper
LQ Newbie
 
Registered: May 2004
Distribution: Ubuntu 7.10 i386
Posts: 22

Original Poster
Rep: Reputation: 0
A few comments on the comments:

First of all, thanks to pljvaldez for the solution. I do appreciate it.

forestt: I know. Perhaps it was a poor choice of words on my part; let me put it this way - "I don't like that Ubuntu, despite having the technical capability to login as root, presumes to know better than me what I should do with a system." Now, maybe it really does know better than me. If so, and if I make a mistake as a result of my bravado, then in all likelihood that mistake will be humbling and, more importantly, educational. Until such a mistake is made, though, I would rather my OS acknowledge that yes, for some reason it can't have predicted, I do want to perform a GUI root login and do as it is told.

Also, with regard to networks, the system in question is a home computer and not a work one, and it is also plugged into a switch sitting right within arm's reach, so it's easy to sequester it if I think something's gone sour. Thanks, though, for your concern for the safety of my network. I will be certain to keep a close eye on that test system and be ready to pop the cable. I've been meaning to setup a VLAN (something else I want to get some experience doing) and I think my router/firewall supports it. I might create a VLAN for that test box to isolate it from more sensitive and actively-used systems.

Bruce: I know. But at the same time, another thing that I consider a significant separator is the fact that if you want to do something potentially boneheaded, Linux will stand aside and let you reap what you sow as opposed to throwing up a million warnings saying "You are about to prove you don't know how to think. Cancel or allow?" Linux, in my past experience, lets you learn things the hard way...but at least you do learn.

pljvaldez: Hmmm...where to start... Blaster maybe? Or maybe I should go retro with Nimda. Decisions, decisions...

Thanks, everyone. I appreciate the help.
 
Old 11-14-2007, 09:53 PM   #9
aysiu
Senior Member
 
Registered: May 2005
Distribution: Ubuntu with IceWM
Posts: 1,776

Rep: Reputation: 66
I have a hard time believing you have that much experience with Linux and cannot figure out how to enable a graphical root login in Ubuntu. Are you creating this thread just to provoke some kind of reaction?
 
Old 11-15-2007, 12:09 AM   #10
CelticWhisper
LQ Newbie
 
Registered: May 2004
Distribution: Ubuntu 7.10 i386
Posts: 22

Original Poster
Rep: Reputation: 0
Ubuntu is the first distro I've used that has disabled GUI root logins by default. My experience has been with either CLI-only installations (e.g. servers I've configured at my place of work) or with graphical environments that don't impose any restrictions not explicitly put in place by me. At least, that is to the best of my ability to recall.
 
Old 11-21-2007, 04:28 AM   #11
nthillaiarasu
Member
 
Registered: Nov 2007
Posts: 39

Rep: Reputation: 15
[LINK REMOVED BY MODERATOR]

Last edited by XavierP; 11-23-2007 at 02:28 PM.
 
Old 11-21-2007, 11:57 AM   #12
archtoad6
Senior Member
 
Registered: Oct 2004
Location: Houston, TX (usa)
Distribution: MEPIS, Debian, Knoppix,
Posts: 4,727
Blog Entries: 15

Rep: Reputation: 231Reputation: 231Reputation: 231
http://ubuntuforums.org/showthread.php?p=3810200 is apparently not a public page -- it demands I log in to view it. Kind of pointless link to post.
 
Old 03-10-2009, 02:25 PM   #13
fedix
Member
 
Registered: Oct 2005
Location: Mpumalanga, South Africa
Distribution: Fedora / CentOS 5 / Ubuntu
Posts: 100

Rep: Reputation: 17
Angry Fedora 10 and Root

I agree with CelticWhisper. Many other users (forestt, Bruce) had valid points, but the one thing I hate about Microsoft is that they think for me. And now Fedora 10 is doing the same-it htinks for me, protects me against myself with disabling root. I know the dangers, and in a production I will use sudo etc. But in a testing environment (yes, where I can format and reinstall if need be), I do need and want to use root.

Don't think for me.

On another post (http://www.linuxquestions.org/questi...ora-10-692315/) mk 27 made this very valid remark: "This is a very very very stupid "security feature". Eventually fedora should just send a team of people over to pick up your computer since you are not responsible enough to use it"

Pleae, tell us how to enable root in a graphical environment!@!!!
 
Old 03-10-2009, 03:56 PM   #14
fedix
Member
 
Registered: Oct 2005
Location: Mpumalanga, South Africa
Distribution: Fedora / CentOS 5 / Ubuntu
Posts: 100

Rep: Reputation: 17
Talking FOUND IT: Enabling GUI. Instruct, no dissuasion attempt

Found the resolution on fedoraforum.org. Comment out the line
Code:
auth required pam_succeeded_if.so user !" root quiet
in /etc/pam.d/gdm.

You can do this with 1 command
Quote:
su -
sed -e 's/^auth.\+root.\+/#&/g' -i /etc/pam.d/gdm
THanks to PoppaMurph at http://forums.fedoraforum.org/showthread.php?t=209638
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Enabling remote root login for TELNET daihard *BSD 6 06-16-2007 07:24 PM
Constant Failed SU Login Attempts in GUI mode thehuntedcat Linux - Security 4 11-21-2006 02:49 PM
Can't login as root in GUI ashutosh mehra Linux - Desktop 3 08-28-2006 07:07 PM
lock root account after 3 login attempts - RHEL AS 3 jrparker2005 Red Hat 1 05-17-2005 01:43 PM
GUI root login? LinuxSeeker Linux - General 6 02-15-2004 10:02 AM


All times are GMT -5. The time now is 02:39 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration