[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Lock screen does not work for root in gnome



On Tue, 2004-10-19 at 20:19 +0200, Kyrre Ness Sjobak wrote:
> And to sombody who said that "computers are designed to be usefull not
> secure" is the same as "computers are not meant to be secure" - i
> interprited that as "computers are made to be both usefull and secure".
> Anyway, how much is a computer that the user cant use because it is to
> tigthly locked up, worth? Why dont we remove tcp/ip altogether? Or
> simply the kernel? If the user cant boot it, then it is *really* secure.
> And make it forget all data that is saved to disk, just to make sure
> that it cant be read later by somebody evil?

Disabling root login in GDM *does not stop the computer from doing
anything useful* !!  There are far more secure and far more convenient
ways to perform any administration/configuration task or running any
"requires root" program than logging in as root at GDM.

I'm completely for axing the root account altogether.  And you know
what?  It isn't going to stop a single thing I want to do with my
computer, or a single thing *you* want to do with your computer.  All
it's going to do is make you have to do things using a better, albeit
different, method than you used before.

Removing root logins from GDM will *not* cause any application to stop
working or any task to become impossible.  It just stops root logins
from GDM.  Quit confusing the problem (how to run tasks that require
root) with one solution (logging in as root at GDM).

There are other solutions that are safer *and* more convenient.  Fedora
already employs them.  They're called "consolehelper", "su", and "sudo".
Graphical versions of su and sudo also exist, for users that want a
graphical "runas" mechanism.

> 
> Security can go to far. I do not think security is a bad thing - i just
> think that it should not get in the way when it is not nesessary.

Just like root should not get in the way when it's not necessary.  It
isn't necessary to log into root as GDM spawning an entire root desktop
session when all you need to do is run some particular tools with
elevated privileges.  You can run those same tools with the same
elevated privileges after logging into a user account or switching to a
text console.

> 
> Kyrre
> 
-- 
Sean Middleditch <elanthis awesomeplay com>
AwesomePlay Productions, Inc.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]