2012/4/10 Kevin R. Bulgrien <[email protected]>: > On Sunday, April 08, 2012 06:46:37 am Morgan Leijström wrote: >> söndagen den 8 april 2012 12.54.04 skrev Wolfgang Bornath: >> > maybe there is a reason to login to a gui as root - although in >> > all my 17 years of Linux I haven't heard one. And I have never heard >> > about any sysadmin who did it with a reason. >> >> Lazyness in my case. Or call it efficiency cause of scarce time. >> I want machines to work for me, do not have all hours to learn everything. >> >> I can not learn everything, even less remember it. >> A GUI session often have lots of useable tools to see what is going on, web >> browser to read documentation of what i am trying to do, can copy to >> virtual terminal, etc. >> >> That is why even my server always runs KDE (but not as root) >> >> Um... when i think about it i have not used GUI as root for a year or so, >> but it was a time saver in the beginning and i might have given up on >> Linux without it. >> >> This is the few sysadmin hours of an own smalll company owner and home >> server. > > A quick google of "run x as root" shows up good advice that has > existed for a very long time. One example is: > > http://tldp.org/HOWTO/XWindow-User-HOWTO/xsecurity.html > > This kind of laziness is dangerous. Even the discipline of not being on > the internet at the time is a false fix. Anything that has security issues > can modify the security of the local network, install malware, or > damage critical files, etc. > > A shell in non-root X can easily attain root for GUI applications - not just > CLI instructions. > > Sure, it is less direct to look at the GUI menu to figure out how to invoke > some of the tools, but it can be a one-time effort that has a side effect of > increasing knowledge of the tools one uses to administer a system easily > and safely. > > I am not so much in a different position as you are, and I can probably > count on my hands how many times I ran X as root since Mandriva 7.2, > and I think that was too many.
Since my first Mandrake in 1998 (even before with SuSE and RedHat and Debian I did it exactly 1 time - that was after the change to a red background and it took only a couple of seconds and involved no action except shutdown, I just wanted to see the red background :) Well (not wasting too much time on this), everybody can do what he wants - if he has the knowledge to change the configuration to be able to login to KDE or Gnome as root, he should have the knowledge not to do it. This hurdle which was implemented is a good idea to prevent less experienced people doing it all the time just because of laziness. So I'm not too happy about broadcasting how it works. OTOH, we are not the security admins of the user's mind. :) -- wobo
