F10 and no root login - impossible to maintain systems!

Rahul Sundaram sundaram at fedoraproject.org
Wed Jan 21 16:29:55 UTC 2009


Jud Craft wrote:

> 
> Or, to put it bluntly, when the Linux distribution isn't smart enough
> to protect "non-technical users" (an admittedly subjective term) from
> technical problems.  Which is often.

Then let's fix that problem.

> But your critique, Mr. Sundaram, doesn't seem to imply that people
> shouldn't login as root -- merely that you disagree with allowing them
> to open a root session in X.  To be rhetorical, we must ask, why?
> After all, there's no such thing as "partial root power" -- you either
> have full root privileges in a terminal in a normal user X session, or
> full root privileges in a root X session.

There is a big difference in terms of security between a person, login 
in as a non-root user and then doing su - compared to a root X session. 
Having a root X shell makes it trivial to damage your system 
accidentally as well.

> Here's the why:  you feel that a root X session is too insecure --
> which it may indeed be.  So we believe that the "ideal" method is to
> not allow X root logins.  But keep in mind, this is not actually an
> ideal.  It's a kludge to go around the fact that X is designed rather
> horribly from a security standpoint.  The "user session only" method
> allows you to work around that.

While moving X out of root is the right decision and work is being done 
on that, it is also going to take more time. Meanwhile, it is always 
good to run programs with the least amount of privileges possible as a 
basic security principle. That isn't a kludge.

> But in the above case, user-session-X goes down.  You say login at
> runlevel 3.  But let's face it, many users comfortable with Linux
> still aren't at the "I roll my own shell-scripts" stage -- they still
> work in GUI mentalities, and odds are, even if they can roll their own
> shell-scripts, they won't understand how to fix administrative errors
> as well as if they use the actual GUI administrative tools.

If they can't fix it, then they are going to need somebody else to help 
it. If you don't know what you are doing, you shouldn't be playing 
around in a root shell.
> 
> For most users, the GUI is critical for maintaining their system.  So
> it is critical that the GUI be not allowed to fail.

I am not sure about most but no disagreement on that in principle, we 
should take steps to avoid failure.

> 
> Hence, leave the root-session-X backdoor open, (perhaps with a catch
> -- for example, network functionality is disabled in root-session-X --
> so that the only possible errors can come from user error, rather than
> security vulnerabilities.  how about that?) or come up with another
> solution.

That isn't a solution since network capabilities are how you 
troubleshoot the problem in my instances.

   "No GUI" for the sake of safety is a no-go solution for
> many people.

It isn't no GUI however. It is about minimizing the number of programs 
running with elevates privileges.

Rahul




More information about the devel mailing list