Root Access

Smith, Herb herb.smith at boeing.com
Mon Jun 15 20:27:19 UTC 2009 

 

> -----Original Message-----
> From: Phil Meyer [mailto:pmeyer at themeyerfarm.com] 
> Sent: Monday, June 15, 2009 2:15 PM
> To: Community assistance, encouragement,and advice for using Fedora.
> Subject: Re: Root Access
> 
> Mike Dwiggins wrote:
> > I installed Fedora 11 on a dual-boot machine.  When I 
> booted up on the 
> > Fedora partition I went straight to /etc/pam.d/gdm and deleted the 
> > line which keeps out root as a login.
> > I still cannot login as root!  Did this version hide a 
> block on root 
> > somewhere else?
> >
> 
> Many have answered properly here, but it may not be common 
> knowledge how it is done professionally in large shops.
> 
> In most big data centers, the root password is not known to 
> anyone, but is kept in a sealed envelope in a locked drawer 
> at the operations center, which is manned 24x7.  It takes 
> manager approval to open the desk, lock-box, envelope, and 
> get the root password.
> 
> Consider that, next time you 'think' you need to log in as 
> root.  I personally have administered UNIX/Linux systems for 
> years at a time without ever typing the root password, or 
> logging in as root.
> 
> During automated installs, and all large shops do/should be 
> doing automated installs, the root password is set.
> 
> Management, and the operations staff can set the root 
> passwords across all systems at once, and without notice to 
> me or any other administrator.
> 
> In fact, normal users cannot log into most systems, and 
> administrators can only log in remotely with ssh keys (no 
> passwords) to the systems that they administer.
> 
> Just a thought.  It was never intended that casual users ever 
> log in as root on any UNIX based system, and should have been 
> less prevalent on Linux for many years.
> 
> I myself, felt it necessary to log in as root on Linux 
> systems for one post install session, up until about Fedora 
> 2.  But not since then.
> 
> Good Luck!
> 

I'm sure that all of the warnings about logging on as root are correct,
and while danger lurks, there seems to be an issue here that could have
a better solution.  A while back there was a big discussion about
whether the application names should be listed on the menus for various
things such as the "document viewer".  It seems that the problem is
that, yes, there are always ways to accomplish what you need to do at
the command line through an su to root, but folks that aren't steeped in
Linux are often unaware of what the necessary commands are.  When you
run into the problem of requiring root access many are tempted to figure
that they need to log on as root.  A new user gets caught in a sort of
Catch 22.  You need root access, but you can't log on as root, and you
have no idea of how to accomplish that at the command line, or in some
cases, if it's even possible to do it at the command line.

I think that if Windoze users had to go to the command line every time
they needed administrator privledges most people would not have a
clue...

I know that the ultimate solution is an education process, but it would
seem that there could be a way to facilitate that short of buying
"Running Linux" from O'Reilly.  "Running Linux" is a fine book, but
isn't this kind of thing one of the issues that you always hear about
Linux not being a suitable OS for a non-expert user?

Herb

More information about the fedora-list mailing list