[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Lock Screen as root



On Fri, 2006-05-26 at 00:29 -0400, Erik Hemdal wrote:
> The "lock screen" operation in FC5 does not actually lock the screen
> when the user is logged in as root.  I'm curious about why this is not
> considered a serious bug.  When I log in as root, the Screensaver
> Preferences applet shows the "lock screen when screensaver active" box
> checked.  It informs root that the screen will lock when in fact, it
> won't.
>  
> I've found the following:
>  
> On the fedora-list, Aaron Konstam noted that locking the screen as
> root is something you don't want to do, because you should not log in
> as root.

Generally, unlike Windows, there isn't a *need* to graphically log in as
root.  I've yet to come across any graphical configuration tools that
won't let you use them as root when you're otherwise logged in as
yourself (you're prompted for the password when you start them).
Likewise, you can use "su" or "sudo" for any command line things.

Logging in a root is risky, even more so when done graphically.  Should
you fire up a web browser you expose the entire system to every flaw
that it might have, for instance.  Leaving something like a browser
running, going away and not paying attention to it, might mean that some
page that reloads with another page after a time period might get you
with a time bomb.  That's just one simple example.

Beyond the first week that I used Linux, where I just wanted to fiddle
with everything to see what it did, and not have to keep on entering a
password, I've not *had* to log on as root since, nor even felt the
need.

I suppose another aspect of leaving root logged in but locked out is
that someone might walk up, see they're locked out, and restart X,
clobbering anything that you wanted leaving running.

I do agree with you that the preferences shouldn't suggest that the root
user could lock the screen if it can't/won't.

-- 
(Currently running FC4, in case that's important to the thread)

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]