Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
08-05-2005, 03:47 PM
|
#1
|
Member
Registered: Jan 2002
Location: Canada
Distribution: redhat7.2
Posts: 169
Rep:
|
gdm, cannot login as root. Why
By default root cannot login in gdm ( Gnome display manager ) . The same is true with kdm.
I know how to change that so root can login.
Allowing root to login with gdm is a "security" option.
Why is it unsecure to log in as root in gdm ?
Just curious.
tia for any information.
|
|
|
08-05-2005, 05:30 PM
|
#2
|
LQ Guru
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507
Rep:
|
Logging in as root is a bad idea (tm) because it increases the risk of problems with the computer due to accidental deletion, buggy software, and all those sort of things. And yes, on the off chance you get one of the about a half-dozen linux viruses, it could wreck the whole system.
If you need to do system administration, use su. Or sudo. Or gksu. Or some similar task. No reason to check your email as root.
|
|
|
08-10-2005, 03:03 AM
|
#3
|
Senior Member
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109
Rep:
|
Oh my God! Never do X as root. This is why most distros that allow this will show a big, annoying, red background when you are logged in as root in X. Ubuntu will not even let you login as root ever! That is good security, IMO. IIRC Windows will force you to make at least ONE other administrating account besides the "Administrator", that is bad security.
|
|
|
08-10-2005, 03:14 AM
|
#4
|
Senior Member
Registered: Dec 2004
Location: Herzliyya, Israel
Distribution: SuSE 10.1; Testing Distros
Posts: 1,832
Rep:
|
Did they frighten you? Do not mind these guys, they are not bad, they just want you to avoid troubles.
If anyway you want to login as root in X
Call the console
#su
[type root pass]
#gdmsetup
Configure gdm and allow it to login as root
Again, these guys are right, Not recommended
|
|
|
08-10-2005, 08:47 AM
|
#5
|
Member
Registered: Apr 2003
Location: Netherlands
Distribution: SuSE (before: Gentoo, Slackware)
Posts: 613
Rep:
|
By using a root account for your desktop, you reduce the security of your linux box to the level of Windows 95. The root account is allowed to do virtually everything with the system. It has no limitations.
If a program (like your webbrowser) gets hit by a 'virus' or 'exploit', that virus has the same power you have: to do everything. The reverse is also true off course. A normal user account severely limits the abilities of a virus.
Last edited by yapp; 08-10-2005 at 08:49 AM.
|
|
|
08-10-2005, 01:43 PM
|
#6
|
Senior Member
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109
Rep:
|
Quote:
Originally posted by yapp
By using a root account for your desktop, you reduce the security of your linux box to the level of Windows 95.
|
Almost all Windows XP boxen runs as Administrator by default. So the Windows 95 is not correct, just "Windows" would do.
|
|
|
08-10-2005, 01:52 PM
|
#7
|
LQ Guru
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507
Rep:
|
And it's not quite that bad... but the point is taken. Of course, the most important thing on a computer is your data, which is still vulnerable even as a user.
|
|
|
08-10-2005, 02:07 PM
|
#8
|
Senior Member
Registered: Apr 2004
Location: Baton Rouge, Louisiana, USA
Distribution: Debian Stable
Posts: 2,546
|
In my experience, the main problem with running a graphical environment as root isn't security from viruses, but security from your own software.
Complex graphical software does more stuff "behind the scenes" than you can wrap your mind around. Stuff like GNOME, KDE, Konqueror, Nautilus, or Firefox access oodles of configuration files and settings, and it's really easy to accidentally mess something up which breaks the software for ALL users (not just root). Part of the reason is that this software is assumed to be run NOT as root, so it isn't tested as root much (if at all).
In contrast, when you login as root on a text console, you tend to run much simpler software with a more obviously limited scope. When you use "cd, cp, and mv" to move and copy files, the shell isn't going to mess with any files that you don't explicitely specify. When you navigate around in Konqueror, there are a bunch of temporary files and thumbnail files and .desktop files and .directory files and such which are accessed automatically.
|
|
|
08-10-2005, 02:30 PM
|
#9
|
LQ Guru
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507
Rep:
|
Quite a valid point, IsaacKuo. One that is often overlooked.
|
|
|
08-11-2005, 01:50 AM
|
#10
|
Senior Member
Registered: Dec 2004
Location: Herzliyya, Israel
Distribution: SuSE 10.1; Testing Distros
Posts: 1,832
Rep:
|
So, summing all that has been said the community recommends you not to enter root mode unless for SOME setups and emergencies.
|
|
|
09-29-2009, 04:03 PM
|
#11
|
LQ Newbie
Registered: Sep 2009
Location: Indian Harbour Beach, FL
Distribution: Ubuntu
Posts: 1
Rep:
|
Quote:
Originally Posted by SlackerLX
Did they frighten you? Do not mind these guys, they are not bad, they just want you to avoid troubles.
If anyway you want to login as root in X
Call the console
#su
[type root pass]
#gdmsetup
Configure gdm and allow it to login as root
Again, these guys are right, Not recommended
|
Thank you immensely! I needed this and used it for a few minutes and then revoked the root user login.
I totally agree with everyone though and this should only be done "carefully" and under certain circumstances.
|
|
|
All times are GMT -5. The time now is 09:24 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|