Hi, absolutely agree about that entering the system as root to do everyday routine works is not exactly reasonable behaviour.

Entering the system in this way is something like destroying the firewall of your own castle just because you are the legal owner of the castle and you have the authorities to do that. Well, I am not going even to comment this.

Regards, Christo Petkov

--- On Wed, 12/9/09, fedora-desktop-list-request@redhat.com fedora-desktop-list-request@redhat.com wrote:

From: fedora-desktop-list-request@redhat.com fedora-desktop-list-request@redhat.com Subject: Fedora-desktop-list Digest, Vol 70, Issue 6 To: fedora-desktop-list@redhat.com Date: Wednesday, December 9, 2009, 5:00 PM

Send Fedora-desktop-list mailing list submissions to     fedora-desktop-list@redhat.com

To subscribe or unsubscribe via the World Wide Web, visit     https://www.redhat.com/mailman/listinfo/fedora-desktop-list or, via email, send a message with subject or body 'help' to     fedora-desktop-list-request@redhat.com

You can reach the person managing the list at     fedora-desktop-list-owner@redhat.com

When replying, please edit your Subject line so it is more specific than "Re: Contents of Fedora-desktop-list digest..."

Today's Topics:

1. Logging into GNOME as root (David Zeuthen)    2. Re: F13 sightings (M?ir?n Duffy)    3. Re: Logging into GNOME as root (Nicu Buculei)    4. Re: F13 sightings (Richard Hughes)    5. HAL removal Feature page (Bastien Nocera)

----------------------------------------------------------------------

Message: 1 Date: Tue, 08 Dec 2009 15:42:43 -0500 From: David Zeuthen davidz@redhat.com Subject: Logging into GNOME as root To: fedora-desktop-list@redhat.com Message-ID: 1260304963.1877.7.camel@localhost.localdomain Content-Type: text/plain; charset="UTF-8"

Hey,

Despite our efforts, I still see a lot (or at least, more than I want) of bugs where users log into GNOME as root - typically through stuff like x11vnc or other sysadmin tools that bypasses gdm. Logging into GNOME as root is not really the best of ideas - I won't go into details here - I will just take it as a given that everyone agrees about about this.

Anyway, one interesting side-effect is that polkit (now) says root is authorized for anything - so we get interesting bugs like all user-visible filesystems being automounted - normally this wouldn't happen because of our current policy is to only allow automounting of non-system-internal (which currently means only usb, firewire- and sdio-connected devices + optical discs) without interrupting the user to ask for his root password.

For example, a typical case is that some person installs Fedora on a machine connected to a SAN and logs into GNOME as root. Now all the, say, 5,000 partitions visible from the SAN is automounted. This is typically not what the person logging in expected - in fact, such behavior may easily cause data-loss as another initiator on the SAN may have mounted one or more devices already.

Actually, of course, the real bug GVfs fix is to be less cavalier about automounting - and that fix is already committed to GVfs and submitted as an GVfs update for F-12 (only ever automount usb, firewire, sdio, optical discs). Actually, the astute reader may note that this bugfix will become important for F-13 as we want users created in the default desktop OS to have more privileges cf. the "Roles and Policy" mail that I sent to this list in August 2009.

So there's a couple of things here

1. Users will still log into GNOME as root no matter how loudly or     how many times they are told not to do that.

2. I'm pretty sure the GVfs automounting bug is not unique here - there     may be other things not working as expected. We should probably     think about auditing the distro - e.g. we don't want to cause     data loss even if people do things the OS is not designed for.

3. We probably need to do an even better job of discouraging     people logging in as root - I'm thinking we should show     a dialog explaining why this is bad and also show a red     background or something. Or maybe refuse to start gnome-session     altogether.

Currently (rawhide) I don't get any warnings whatsoever if I log     into VT1 as root on a machine in run level 3 and type 'startx'. I     just get a stock GNOME desktop.

Of course we could just say "don't use startx" but that's not how     things work (since we still ship startx) and I don't see that     changing. I don't regard "remove / neuter startx" as a fight worth     fighting either.

Thanks, David

------------------------------

Message: 2 Date: Tue, 08 Dec 2009 13:22:07 -0500 From: M?ir?n Duffy duffy@fedoraproject.org Subject: Re: F13 sightings To: Discussions about development for the Fedora desktop     fedora-desktop-list@redhat.com Message-ID: 1260296527.2139.4.camel@localhost.localdomain Content-Type: text/plain; charset="UTF-8"

Hi Richard,

On Tue, 2009-12-08 at 09:42 +0000, Richard Hughes wrote:

Yup, I've not yet been deluged with bugreports, so it's looking pretty stable, even with the "first release" label. If you do find a bug, there's a mailing list http://mail.gnome.org/mailman/listinfo/gnome-color-manager-list which might be interesting to you. Bug reports (and patches if possible) are most welcome.

I was wondering - are the vendor-provided color profiles packageable? Do you know what the legalities are around that? Do they have licenses? Are they considered software?

(I was thinking it would be sweet to install the color profiles via package kit rather than scour the web for them)

Thanks, ~m

------------------------------

Message: 3 Date: Wed, 09 Dec 2009 09:19:59 +0200 From: Nicu Buculei nicu_fedora@nicubunu.ro Subject: Re: Logging into GNOME as root To: Discussions about development for the Fedora desktop     fedora-desktop-list@redhat.com Message-ID: 4B1F4F9F.5030309@nicubunu.ro Content-Type: text/plain; charset=UTF-8; format=flowed

On 12/08/2009 10:42 PM, David Zeuthen wrote:

3. We probably need to do an even better job of discouraging       people logging in as root - I'm thinking we should show       a dialog explaining why this is bad and also show a red       background or something. Or maybe refuse to start gnome-session       altogether.

I think the key here is warning but without getting too annoying. Refusing to start gnome-session will most likely make the person use another DE instead, Xfce or something.

I think doing something like Windows XP is safe mode is OK: display a warning dialog after login (maybe go the extra mile and provide a checkbox "I uderstand I am doing, do not show it again") and a text (a watermark?) over the background with "you are running as root".

Currently (rawhide) I don't get any warnings whatsoever if I log       into VT1 as root on a machine in run level 3 and type 'startx'. I       just get a stock GNOME desktop.

If someone goes to the steps of switching to run level 3 and running 'startx' by hand, you can assume he has a good understanding of what he's doing and will be able to bypass any blockers.

Of course we could just say "don't use startx" but that's not how       things work (since we still ship startx) and I don't see that       changing. I don't regard "remove / neuter startx" as a fight worth       fighting either.

I agree, there are still legit uses for startx.