Do other distros have the Root Account Disabled Design
Linux - DistributionsThis forum is for Distribution specific questions.
Red Hat, Slackware, Debian, Novell, LFS, Mandriva, Ubuntu, Fedora - the list goes on and on...
Note: An (*) indicates there is no official participation from that distribution here at LQ.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
And also, attacks don't just randomly happen, information doesn't just jump off your computer onto an attacker, and viruses don't just jump on to it. You pc has to either send information to an attack or download a virus to be affected, attackers either use vulnerabilities in valid software or try to trick users into doing it themselves. Either way, by careful use, all attacks are avoidable. I run my windows machines without anti-virus or firewall and have no problems whatsoever.
SANS just released an illuminating report on "The Top Cyber Security Risks". WRT your comment, something of interest may be the HTTP client side exploitation example. It targeted Windows clients, but... lots of Linux users install and use flash, for example. If firefox (or some other client application) is being targeted instead of the OS, there may be a legitimate cause for concern among users across OSes.
Moreover, in the absence of more info, who knows what OP is using his Fedora 11 box for. If he's offering up any services to the wild 'net (wittingly or otherwise), all the more reason to not be taking additional risks by firing up a full on desktop environment as root.
-------
I'd close by saying: I don't think anyone wants to be the boss of OP. (I could be wrong.) What I see on this thread are people trying to discourage a commonly known bad practice.
and also take the hint about a link between usage/adoption and intensity of attacks. I think it is far off to consider misuse the key to all system security breaches. So called social engineering is definitely a major threat, but exposure is another. With (regular) root login you expose a system a lot more than restricted users do.
You mentioned avoiding attacks being/becoming an essential and expected user skill. Usability rules in these days. That will prevent from asking security questions regularly. And people even should have the right not to take care about security, because much can be done for them without bothering most users.
I often have tell someone, that not only his system is connected to the internet, but the internet is connected to his system. There is nothing like an oneway street with networking, no 100 % safe system, maybe an offline one, powered off inside a cage. :-)
@ repo: Ubuntu disables root at login, Linux Mint and MoonOS have followed suit, and since you have informed me that Debian does it, too ("...every good distribution disables root in GUI"), perhaps it comes from Debian, since Debian is the base of Ubuntu.
Haha, I didn't think my questions would raise so many comments. I do apologize.
I will clarify only one question: F11 means Fedora 11. Sorry I used the shortcut.
I will not respond to other comments about the good or bad of the root account problem. Everyone is entitled to their view. In my case, I am done with Linux if I cannot find another strong stable distro without this behavior. If I worked for NASA I'd still have that opinion.
And so if someone can recommend a stable distro, with an active community, I would welcome hearing your rationale for selecting it. It would be a bonus if releases were only one (or less) each year. I am really tired of surprises. (Am I getting too picky?)
And lastly.....I really need to say this...lighten up!!!.
OK, I see where the confusion is. Here is a second clarification: The disabled root login is just the tip of the iceberg. That design concept has wide impact. Try starting and stopping service with the system-config-services GUI. You must NOT be root to do something and then in the process you must give the root password. Screw that. I'm trying to solve problems and I don't have much time to do that. So I want a distro that still uses the traditional approach of many years.
What news of BSD? or is that word taboo here?
Oh, yes, great list of those that have the problem, thanks!
Haha, I didn't think my questions would raise so many comments. I do apologize.
I will clarify only one question: F11 means Fedora 11. Sorry I used the shortcut.
I will not respond to other comments about the good or bad of the root account problem. Everyone is entitled to their view. In my case, I am done with Linux if I cannot find another strong stable distro without this behavior. If I worked for NASA I'd still have that opinion.
And so if someone can recommend a stable distro, with an active community, I would welcome hearing your rationale for selecting it. It would be a bonus if releases were only one (or less) each year. I am really tired of surprises. (Am I getting too picky?)
And lastly.....I really need to say this...lighten up!!!.
I'd recommend FreeBSD (though it isn't Linux), CentOS, SuSE, Debian or simply enabling the root user (just look for "enable root user on $distro" on the search engine of your choice). I don't recall having to enable the root user on my Debian Lenny system - in fact I do believe it asked me to set the password during the install.
I am also surprised and disappointed at the response to this question. It's a simple enough question, and certainly doesn't deserve 2 pages of flamewars as a response.
I'd recommend FreeBSD (though it isn't Linux), CentOS, SuSE, Debian or simply enabling the root user (just look for "enable root user on $distro" on the search engine of your choice). I don't recall having to enable the root user on my Debian Lenny system - in fact I do believe it asked me to set the password during the install.
I am also surprised and disappointed at the response to this question. It's a simple enough question, and certainly doesn't deserve 2 pages of flamewars as a response.
I'll have to check the Debian varieties; some comments say it has the problem and some say it doesn't. But thanks for the rest of the list.
As for the replies from others; this appears to be a hot topic for more than just me. Rest assured that I am not hurt in any way, and I thank you for your concern.
So..here's the list of the distros with the root account ...err...thing, so far:
Debian
Fedora (at least 10 and 11...see, no "F".)
Ubuntu (Debian based)
Linux Mint
MoonOS
Any others?
CentOS..interesting. I recall that its has good documentation and an active community. I will check that.
zero
Of course he can. Never said that.
1st
I am root. ;-) Never needed a (direct, graphical) root login to get anything done before in Linux.
2nd
Thanks for quoting. Do you know, how to include the author of the quoted text? Use it, please.
3rd
I feel like being hitten quite hard by you. Why? I think I've not been that harsh. I fact I repeatedly asked him, LouArnold, what exactly is the problem with not working as root in his case. Still don't see much clearer by now.
1. Neither have I, I just don't like being restricted. Typing sudo all the time can be a pain, even though its only 4 letters (plus a space).
2. Yes. And I did 3/5 times.
3. Apologies. I just disagree with most people on this topic, so I go a little overboard. And because he asked a question and instead of answering you questioned his motives, which offends me. He asked a question not so you would understand what hes doing, but so that you might help him. I am just saying all this so you might understand my response, I do apologize for being harsh.
Quote:
Originally Posted by hasienda
Because a warning would be just a warning, nothing to complain about like an impossible action. He would actually be able to login, or at least get it working with one or a few configuration changes to circumvent root account protection for X logins, as was pointed out by others too.
A warning is a warning, agreed, nothing to complain about. I do not oppose warnings. I oppose messages that say "disabled".
Quote:
Originally Posted by hasienda
Matter of taste. Obviously you're not a sysadmin for 100+ people running mission critical applications. I'm less focussed on strict off-network home use. Much more often, if not regularly, computers really should limit people and stop them from doing evil to others and themselves. This is a feature. Total freedom is only for few people who know and obey strict rules without enforcement. My point of view. Discuss, please, don't flame. :-)
True, you are correct in assuming I'm not a sysadmin, all my computers are single user. I think regular user accounts should be limited, and the root account should be password protected (that should also be up to the computer owner), but not disabled. Those are features.
Quote:
Originally Posted by hasienda
And again my big question: what for? Office work, browser, gaming, huh? Tell me why do you actually need to be root in Gnome/KDE, having ssh-askpass and friends at hand.
Your big question does not help answer the original poster's question. and the answer to your question does not help answer the original poster's question. That is why I was harsh.
Just as an update:
I'll be trying CentOS V5.3. Here is some text from the centos.org web page. Let's hope their claims are real.
"CentOS is an Enterprise Linux distribution based on the freely available sources from Red Hat Enterprise Linux. Each CentOS version is supported for 7 years (by means of security updates). A new CentOS version is released every 2 years and each CentOS version is periodically updated (roughly every 6 months) to support newer hardware. This results in a secure, low-maintenance, reliable, predictable and reproducible Linux environment."
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.