You are not logged in.

Pages: 1

#1 2005-10-01 21:56:14

Gullible Jones
Member
Registered: 2004-12-29
Posts: 4,863

graphical login as root [rant]

I've read several reviews of Linux distributions oriented towards new users, and I'm a bit shocked by what I've seen. Apparently a lot of them log you into a graphical environment on first boot - as root.

Now, starting as root on a command line is one thing, but root in a GUI is bloody insane. The sheer stupidity of this absolutely stuns me. X should not be run as root, and environments like KDE should definitely not be run as root. It's insecure and there is no reason for it. It's easy enough to create a default account for first login, isn't it? Well, then why don't installers for GUI-centric distros do that? It's the most basic principle of UNIX security: if it can be done as a user, don't do it as root!

[/rant]

Offline

#2 2005-10-02 00:33:08

rasat
Forum Fellow
From: Finland
Registered: 2002-12-27
Posts: 2,296
Website

Re: graphical login as root [rant]

Not easy to change an old habit when coming from Windows.

About using root on a local machine, I  use it whenever doing any types of development work (programming, buring CD, PKGBUILD, etc.) not to have restriction whatever is required. E-mail, accounting, and other office type of work I'm doing in user mode and its in a separate partition.

To keep an user account in same partition with root, I don't see why having a separate  account, except "that's not the UNIX way". Does it create a security risk without an user account when having access (sudo) at anytime and anywhere??? Not in my experience.

Markku

Offline

#3 2005-10-02 11:28:38

cmp
Member
Registered: 2005-01-03
Posts: 350

Re: graphical login as root [rant]

technicly it makes a difference, because as root you only run programms you trust. so if you run your programms as a user, a buggy version or a harmful programm doesn't fuck up you whole system.

Offline

#4 2005-10-05 03:24:10

Euphoric Nightmare
Member
From: Kentucky
Registered: 2005-05-02
Posts: 283

Re: graphical login as root [rant]

Gullible Jones wrote:

I've read several reviews of Linux distributions oriented towards new users, and I'm a bit shocked by what I've seen. Apparently a lot of them log you into a graphical environment on first boot - as root.

Now, starting as root on a command line is one thing, but root in a GUI is bloody insane. The sheer stupidity of this absolutely stuns me. X should not be run as root, and environments like KDE should definitely not be run as root. It's insecure and there is no reason for it. It's easy enough to create a default account for first login, isn't it? Well, then why don't installers for GUI-centric distros do that? It's the most basic principle of UNIX security: if it can be done as a user, don't do it as root!

[/rant]

Yeah I thought the same thing when I read about LinSpire.  Ridiculous

http://www.enightmare.net

Offline

#5 2005-10-05 21:45:34

Gullible Jones
Member
Registered: 2004-12-29
Posts: 4,863

Re: graphical login as root [rant]

rasat wrote:

To keep an user account in same partition with root, I don't see why having a separate account, except "that's not the UNIX way". Does it create a security risk without an user account when having access (sudo) at anytime and anywhere??? Not in my experience.

No, but it can protect your data. And it allows you to reinstall without destroying said data.

Offline

#6 2005-10-05 22:09:07

Deciare
Member
From: UTC -8:00
Registered: 2005-05-05
Posts: 79

Re: graphical login as root [rant]

rasat wrote:

Does it create a security risk without an user account when having access (sudo) at anytime and anywhere??? Not in my experience.

sudo's 5-minute timeout protects your system files from people who waltz into your room when you're away. It protects you from exploits that inherit current user privileges. The password prompt gives you time to think before you do something potentially stupid.

In my experience, the third point doesn't usually help, but there's always hope that it might someday. wink

Offline

#7 2005-10-06 03:42:22

Euphoric Nightmare
Member
From: Kentucky
Registered: 2005-05-02
Posts: 283

Re: graphical login as root [rant]

It protects you from accidentally doing stupid stuff...That has saved me plenty of times.

http://www.enightmare.net

Offline

#8 2005-10-06 08:15:48

Lowe
Member
Registered: 2005-07-11
Posts: 89

Re: graphical login as root [rant]

It sure has saved me from screwing up my system completely, but hey am i the only person who often types their password wrong? I usually do this because i'm trying to type fast.  lol

Offline

#9 2005-10-06 19:38:52

elasticdog
Member
From: Washington, USA
Registered: 2005-05-02
Posts: 995
Website

Re: graphical login as root [rant]

Plus with <code>sudo</code> the commands are logged, are they not?  So at least you can figure out what happened if you completely screw something up...

Offline

Pages: 1

Board footer

Powered by FluxBB