[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: root in FC 10



Fred Silsbee wrote:
> disabling root access is what the root password is for

Perhaps there's a misunderstanding here.  Root access has not been
disabled.  What is disabled by default is logging in via GDM as root.
You can still use "su -c 'command'" just fine.  That is a far better
method than logging in as root and running a full desktop session.

> I've been logging into root for 11.5 tears on Linux alone without
> problems

Yes, it is a problem.  The principle of running with the least
privilege needed is a good one.  It is one of the reasons that a *nix
system has far less security problems than a Windows system.

You are free to toss that advantage out the window if you like, but
it's not in any way a good habit to get into.

> It is dumb to make it impossible for everybody.

I strongly disagree with you.  First, it is not impossible.  It is
simply disabled by default.  I believe it is a sensible default.  You
should not need to login to a full desktop session as root.  The
graphical admin tools in Fedora should all be able to prompt you for
the root password as needed when run from a normal user account.
Command line applications can be run as root using su or sudo, as they
have been for years.

Further, those who really think they need to run as root all the time
should be perfectly able to change the default.  If they are not
capable of that, they should question whether running with superuser
privileges is a good idea.

> I understand this disablement can be removed by doing something in
> pam.d or whatever it is.

Sure, you turn the safety off on the gun and aim it at your foot if
you like.  But it is not a recommended or supported action. ;)

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I figure that if God actually does exist, He's big enough to
understand an honest difference of opinion.
    -- Isaac Asimov

Attachment: pgps9pjOkjUhx.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]