You are not logged in.

#1 2018-11-08 22:00:00

NorPhi
Member
From: North rhine-Westphalia
Registered: 2015-08-26
Posts: 10

Disable graphical session for root

Hi,

I read that starting a graphical session as root is a phenomenal bad idea. Dunno if that is true or not but personally I do not like using root outside of a terminal. So I am looking for a way to disable the login into a graphical session (calling startx after login via login shell) for the root user. While NOT disabling root completely or disabling starting things like a file manager as root via sudo. I believe this seems to be the standard for some distros, so searching for this leaves me with lots and lots of hits for the exact opposite or instructions to disable root completely.

I probably could just edit startx to check if the current user is root and then let it go "NOPE!" but this feels like monkey patching it. I look for a more elegant way to just politely refuse root a graphical user interface or redirect it to a different user account or something on that line...

I am currently playing around with btrfs and use a snapshot of a fresh (yesterday) minimal install. The old (and hideously bloated) system I just booted into for asking has Xorg, XFCE and pretty much everything that's considered optimal or goodies for those.

Thanks in advance!
N.

Offline

#2 2018-11-08 22:12:18

/dev/zero
Member
From: Melbourne, Australia
Registered: 2011-10-20
Posts: 1,247

Re: Disable graphical session for root

I want to be a bit annoying here, and not immediately answer your question, because I think logging into the root account at all is an anti-pattern. Meaning: sure, lots of people do it, but it's almost always can be avoided in favour of more elegant approaches.

In fact, if anything (once you have sudo set up) you might consider the option of disabling the root account altogether. A google search will show you how to do that.

Do you have any reason to not simply use sudo for everything that requires administrative privileges?

Offline

#3 2018-11-08 23:10:39

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,449
Website

Re: Disable graphical session for root

Or even more annoying perhaps, are there other untrusted people who are able to login as root on your system?  If so, you have far bigger issues, and anything you do to prevent startx from running could be trivially undone by those other people.

If it's just you, it's very easy to not type 'startx' when logged in to a tty as root: simply don't type s-t-a-r-t-x while logged in to a tty as root!


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#4 2018-11-08 23:57:18

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 19,740

Re: Disable graphical session for root

Or alias it to something else.  But trilby is right; root holds the keys to the kingdom.


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#5 2018-11-09 00:00:36

Slithery
Administrator
From: Norfolk, UK
Registered: 2013-12-01
Posts: 5,776

Re: Disable graphical session for root

ewaller wrote:

But trilby is right

This really isn't surprising at all. Trilby's the most sensible person here smile


No, it didn't "fix" anything. It just shifted the brokeness one space to the right. - jasonwryan
Closing -- for deletion; Banning -- for muppetry. - jasonwryan

aur - dotfiles

Offline

#6 2018-11-09 00:16:19

NorPhi
Member
From: North rhine-Westphalia
Registered: 2015-08-26
Posts: 10

Re: Disable graphical session for root

Reasons why one might log into root temporarily instead of using sudo:

  • Long and typo prone commands that wreak havoc if mistyped are shortened as aliases for root are inaccessible (sudo ignores target users alias)[\*]

  • It also seems like sudo cannot be set up to ask for a different password as what would be defined by targetpw, rootpw or runaspw (eg. creating a group similar to wheel and ask for the group password)

  • One needs root's environment for some reason.

Disabling root is something that is necessary for technologically inept people who brick their system by looking at it or systems who are shared between groups of people, like coworkers. Servers are also a good candidate for having root disabled, but on a home PC, used by only a handful of trusted people, and that is shutdown if it is not in use. I would say it's fine to have root and use it sometime. I read a few threads at stackexchange, even took a look into one of my magic linux tomes and the overwhelming consensus regarding su/root vs sudo seems to be that sudo comes with the think before you leap mantra while using su/root is: once you're in you are in. sudo can be set up to log everything, so it is quite handy for sysadmins but nobody really provided a good example why using su/root is that much more dangerous than using sudo. Some people simply prefer to use su - or switching terminals and logging into root for the 10 minutes it takes to do system maintenance. Less annoying and more convenient than constantly having to retype in a long a weird password spiked with the beautifully weird stuff found on European keyboards. If root would not have been intended to be used, it wouldn't be available for login in the first place. I am sorry if this comes rude but I am really not into discussing principles. This is btw. where we draw the full circle and i need to have any command for launching a graphical interface politely refuse if it is called by root. Spacing out for a moment or getting distracted is very much a thing, so simply not typing startx is not a helpful answer, sorry. I am less concerned of strangers touching my PC than I am concerned about some program or service damaging my system of it is accidentally started by a graphical session with full root privileges.

Redirect by alias sounds good. If there is no intended way to do it I'll go with defining an alias. Ugly but functional. Tank you, ewaller.

Cheers
N.

Offline

#7 2018-11-09 00:22:10

Slithery
Administrator
From: Norfolk, UK
Registered: 2013-12-01
Posts: 5,776

Re: Disable graphical session for root

NorPhi wrote:

This is btw. where we draw the full circle and i need to have any command for launching a graphical interface politely refuse if it is called by root.

NorPhi wrote:

While NOT disabling root completely or disabling starting things like a file manager as root via sudo.

These two statements are mutually exclusive.

Please try and pick a sensible argument and then stick to it when posting to the forums.


No, it didn't "fix" anything. It just shifted the brokeness one space to the right. - jasonwryan
Closing -- for deletion; Banning -- for muppetry. - jasonwryan

aur - dotfiles

Offline

#8 2018-11-09 00:46:55

/dev/zero
Member
From: Melbourne, Australia
Registered: 2011-10-20
Posts: 1,247

Re: Disable graphical session for root

NorPhi wrote:
  • Long and typo prone commands that wreak havoc if mistyped are shortened as aliases for root are inaccessible (sudo ignores target users alias)

Use a shell script smile

You are looking for reasons to use the root account, which is around the wrong way wink Your default should be to prefer not to use the root account, where possible, and only go back to it as a last resort if there is something really impossible to do any other way.

NorPhi wrote:
  • It also seems like sudo cannot be set up to ask for a different password as what would be defined by targetpw, rootpw or runaspw (eg. creating a group similar to wheel and ask for the group password)

I'm not sure I understand the use case here. Why would the group (wheel) password be asked for? What does this offer that sudo doesn't offer?


NorPhi wrote:
  • One needs root's environment for some reason.

Such as?

Again, I'm not sure why you're so strongly defending the idea that switching to the root account is such a good idea. Were you totally oblivious to what I wrote about it being an anti-pattern?

NorPhi wrote:

Disabling root is something that is necessary for technologically inept people who brick their system by looking at it or systems who are shared between groups of people, like coworkers.

No, disabling root is something is necessary for people interested in the security and manageability of their system.

Switching to root for every bloody thing is exactly the sign of an amateur.

It's okay, we've all been there wink

NorPhi wrote:

Servers are also a good candidate for having root disabled, but on a home PC, used by only a handful of trusted people, and that is shutdown if it is not in use.

My experience has been the opposite. When operating cloud infrastructure, it is surprisingly common for all the hosts and control plane nodes to accept root logins from certain subnets containing the admin workstations; whereas when sharing machines with people at home there is no need not to show a little decorum.

If someone you live with is so trustworthy, put them in wheel.

NorPhi wrote:

I would say it's fine to have root and use it sometime.

Yes, I can tell you would say that. You're missing the point: I am suggesting that you reconsider the error of your ways smile

NorPhi wrote:

I read a few threads at stackexchange, even took a look into one of my magic linux tomes and the overwhelming consensus regarding su/root vs sudo seems to be that sudo comes with the think before you leap mantra while using su/root is: once you're in you are in. sudo can be set up to log everything, so it is quite handy for sysadmins but nobody really provided a good example why using su/root is that much more dangerous than using sudo. Some people simply prefer to use su - or switching terminals and logging into root for the 10 minutes it takes to do system maintenance. Less annoying and more convenient than constantly having to retype in a long a weird password spiked with the beautifully weird stuff found on European keyboards. If root would not have been intended to be used, it wouldn't be available for login in the first place.

You read one thing at stackexchange, now you're reading something else here.


NorPhi wrote:

I am sorry if this comes rude but I am really not into discussing principles.

That seems a little unprincipled.

NorPhi wrote:

I am less concerned of strangers touching my PC than I am concerned about some program or service damaging my system of it is accidentally started by a graphical session with full root privileges.

Frankly, I am starting to think that whether you start a graphical session with root privileges might actually be the least of your concerns.

If you're worried about security then absolutely you might put a little concern into whether strangers touch your PC; and your concern about graphical root would stop being an issue if you just stopped using root for everything.

I mean, sure, do what you want with your own machine. Shoot yourself in the foot as much as you want. Go ahead and ignore what I told you, that using the root account is an anti-pattern.

Offline

#9 2018-11-09 00:56:12

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,449
Website

Re: Disable graphical session for root

I see nothing wrong with loging in as root.  But I'm still not sure I understand the use case for preventing startx here.  You have a reasonable point that typing 'startx' could be a bit of mussle-memory and could be done when in a root tty.  But if you are someone who would be prone to do this, I gather you'd also generally be running an X session already.  If you su to root in a terminal emulator under X, then type startx, it will not start X.  In contrast, if you are more frequently using actually ttys (where root could successfully run startx) then you'd not likely be one prone to just blindly type 'startx' at the sight of a text tty.

---

Slithery wrote:

This really isn't surprising at all. Trilby's the most sensible person here smile

Surely you have confused the definitions of sensible and irritable.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#10 2018-11-09 01:38:40

NorPhi
Member
From: North rhine-Westphalia
Registered: 2015-08-26
Posts: 10

Re: Disable graphical session for root

I am not trying to defend the use of the root account. I am just pointing out that there are situations where logging into root is more convenient than sudo---which I use, too. It pretty much depends on how much administrative stuff I have to do. Writing scripts sure is an option but scripts need to be maintained, too. If a task isn't done the same way frequently It just adds to the workload. It is not like root being logged in nonstop.

Uhm..., Trilby. If I type su - and then startx or sudo startx in a terminal emulator running on my unprivileged users graphical session I end up with a graphical session for root. If I type su (remark the missing dash, thus unprivileged users environment) and then startx I end up with a flickering mess of error messages and loading screens until it finally fails with a black screen and I need to kill it from a different terminal. So making X go "Oh you are root? No session for you then!" would make sense here.

Offline

#11 2018-11-09 01:44:25

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,449
Website

Re: Disable graphical session for root

NorPhi wrote:

Trilby. If I type su - and then startx or sudo startx in a terminal emulator running on my unprivileged users graphical session I end up with a graphical session for root.

Are you sure?  This should definitely not be the case.  You cannot start X from within X (i.e. this should fail on a normal arch system due to not being able to get the controlling vt).

Last edited by Trilby (2018-11-09 01:45:33)


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#12 2018-11-09 07:58:39

seth
Member
Registered: 2012-09-03
Posts: 49,992

Re: Disable graphical session for root

This is a misconception - and probably an XY-problem.

The X11 server will in many cases still run with root privilegues anyway (thus the wrapper to decide whether it's required and invoke a suid wrapper) and has done so for decades unconditionally.
What is an especially bad idea is to run graphical *clients* as root, no matter whether elevated from a root shell or via sudo - or because you're starting a GUI session as root. (Because they're complex, rely on complex libs and are in many cases of poor code quality)

So "starting things like a file manager as root via sudo" is what you *ACTUALLY* want to avoid and I'm afraid the only way to avoid that is by not doing it.
You cannot reliably lock  out the root user from doing things™. You can rely on wrappers or a userspace audit system, but a process that already has root privs can always and easily underrun whatever you throw at it.

Offline

Board footer

Powered by FluxBB