F10 and no root login - impossible to maintain systems!
Doug Ledford
dledford at redhat.com
Thu Feb 12 00:32:27 UTC 2009
On Fri, 2009-01-23 at 13:46 -0500, Bill Nottingham wrote:
> Kevin Kofler (kevin.kofler at chello.at) said:
> > The funny thing is, the GDM config file even used to say in a comment that
> > anybody who disables root login "should be shot".
>
> Yes, but the Queen of England has no authority here.
Authority or not, that doesn't make her wrong. Tell the nag-nannies I
said sod off. It's not that I *need* to login as root on an X session,
it's that I *want* to. If I accept the risks (of which there aren't
really any since I'm only doing this on test machines behind a firewall
that aren't used for web surfing or email, I just want the desktop real
estate that I get with lots of side by side gnome terminals instead of
flipping console vts all the time), then that's my business. Not to
mention that all my test boxes use both NFS and NIS internally, and the
only valid local account is root, and no I'm not going to create some
dumb ass account that's local only with a home in /tmp so I can actually
login and fix any NIS/NFS related problems, I don't need one, I have
root. And I'm really curious about what the difference is between
telling someone go to init 3 and then run startx instead of just logging
in as root is. I can't, for the life of me, see any benefit to telling
people not to login as root while leaving that hole open, after all, the
entire session will still be owned by root either way.
Anyway, much thanks to the person that pointed out where to go to fix
this fascist crap. I consider myself a "super user", but each person
has their areas of expertise and mucking around with pam isn't mine.
Guess I'll be adding a new sed command to my %post scripts in my
kickstarts. I would suggest you do the same Ben, the nanny state has
taken over.
--
Doug Ledford <dledford at redhat.com>
GPG KeyID: CFBFF194
http://people.redhat.com/dledford
Infiniband specific RPMs available at
http://people.redhat.com/dledford/Infiniband
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20090211/63013c03/attachment.bin
More information about the devel
mailing list