[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] when running ltsp-server-tweaks



Bear in mind that blocking direct root login to X and gdm was implemented because of the huge security issues exposed. X already runs with many root privileges due to how X interacts with the hardware layer. Opening pam to allow root login from terminals is flat out dangerous as the security of the password process over the network is an exposure that's not balanced by the convenience. With the exception of gconf editing now requiring an active X session to work, there is no reason for root to ever login anywhere except the actual console of the server and only at the command line.
Current Linux distros basically should never have a need for direct root login unless the system is being put into single user mode for repairs.

On Aug 31, 2011 8:03 AM, "Gianugo Altieri" <gianugo altieri gmail com> wrote:
> On 08/31/2011 01:43 PM, Jim Kinney wrote:
>>
>> Hmm. I tried direct login as root and was blocked. Thus the startx
>> process.
>>
>> On Aug 30, 2011 10:45 PM, "Burke Almquist" <burke thealmquists net
>> <mailto:burke thealmquists net>> wrote:
>> >
>> > On Aug 29, 2011, at 4:49 PM, Jim Kinney wrote:
>> >
>> >> gconftool-2 requires that the gconfd be runing. But as a non-root
>> user, you can't edit the /etc/gconf file space. So....
>> >>
>> >> boot the server but DON'T login at the gui screen.
>> > You CAN log in as root at the GUI screen, you just need to enter the
>> username and password manually.
>> >
>> >
>> >
>> >> Instead, hit ctl-alt-f2 and get a normal terminal shell instead.
>> Login as root.
>> >>
>> >> now run: telinit 3
>> >>
>> >> This will stop the X login process
>> >>
>> >> now run startx
>> >>
>> >
>> >
>> >
>> >
>> > _______________________________________________
>> > K12OSN mailing list
>> > K12OSN redhat com <mailto:K12OSN redhat com>
>> > https://www.redhat.com/mailman/listinfo/k12osn
>> > For more info see <http://www.k12os.org>
>>
>>
>> _______________________________________________
>> K12OSN mailing list
>> K12OSN redhat com
>> https://www.redhat.com/mailman/listinfo/k12osn
>> For more info see<http://www.k12os.org>
>
> When I need a graphical login as root, I edit this file:
> /etc/pam.d/gdm
> and I comment (#) this line:
> # auth required pam_succeed_if.so user != root quiet
>
> then I edit this file:
> /etc/pam.d/gdm-password
> and I comment (#) this line:
> # auth required pam_succeed_if.so user != root quiet
>
> Then I can graphically login as root both from server and from terminals
>
> Best
> Gianugo Altieri

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]