Announcing Fedora 11 Alpha (blink)

John Summerfield debian at herakles.homelinux.org
Mon Feb 9 15:02:48 UTC 2009 

Patrick O'Callaghan wrote:
> On Mon, 2009-02-09 at 23:16 +0900, John Summerfield wrote:
>>  > Yes, as one fellow said on Fedora forums (about the removal of root
>>> login in GDM) "Do I hear the sound of training wheels being welded
>> into
>>> place? 
>> Oh, so it wasn't me being senile.
>>
>> So one can install a system with only a root account, and then can't 
>> logon. Absolutely brrriliant!!. And absolutely pointless when root can
>> login at a console!
> 
> The normal install process asks you to create a non-root user. And
> people who know what they're talking about strongly recommend not
> running a full desktop as root. Logging into a console as root is a
> significantly different situation.
> 
> Plus of course you can still do it if you want. In fact kdm doesn't stop
> you, just gdm.
> 
> Have you actually read the discussion about this (I mean on this list,
> not upsteam)?


No, I just thought I was going even more senile when I had the problem. 
A lot of my systems are for testing and can be discarded at will. There 
are no other users around, there are no internet-facing services, two or 
more layers of firewall and I don't use torrents or the like.

That aside, any security afforded by prohibiting root logins is minimal. 
It used to be said X was feeble and prone to falling over at the drop of 
a hat and enabling all kinds of mean and nasty things to take place. 
That really isn't so any more.

Finally, when all is said and done, security is _my_ problem. I do 
expect that any sensible operating system will include tools to manage 
security and documentation of those tools, but it should be _my_ choice 
whether root can login, whether control-alt-bs kills X and whether 
system-req+B does an instant reboot.



-- 

Cheers
John

-- spambait
1aaaaaaa at coco.merseine.nu  Z1aaaaaaa at coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

More information about the test mailing list