Root with GUI

Ed Greshko Ed.Greshko at greshko.com
Thu Apr 15 15:42:46 UTC 2010 

On 04/15/2010 08:58 PM, Tom Horsley wrote:
> On Thu, 15 Apr 2010 08:14:30 -0430
> Patrick O'Callaghan wrote:
>
>   
>> and we never typed or clicked on anything we didn't mean to
>>     
> Right. You can type things you don't mean to as easily as click
> things you don't mean to. I'm just looking for the actual evidence
> that GUIs are fundamentally evil when running as root, not all
> this vague handwaving "Oh, it must be horrible!" stuff that seems
> to be entirely anecdotal or possibly completely imaginary.
>   
While not a "disaster of epic proportions", I've seen non-techies login
as root for a GUI session to do some minor admin work.  Then they decide
to do a "few other things", forgetting or not knowing their actions
under root would have consequences.  Their actions would create files
and or directories in user's areas (most time their own).  They would
then stay logged in as root for an extended time since they were "happy"
to continue working.  At some point, they'd logout and later, next
day...after lunch, login as themselves and now have all sorts of
troubles they didn't have before.

Since they were non-techies they didn't know the concept of
file/directory ownership so "permission denied" was a real shocker.  So,
they'd log back in a root and try to fix things only to make them
worse...or make things insecure.  Directories which were previously 755
became 777.

Most of these folks had no concept of command line utils and did all
their "administration" after clicking on a icon.  Had they stuck to that
as a regular user and simply typed in the root password they most likely
would have done less damage to their system.

I see it as bad practice to login as root for a GUI session.  I'm
"experienced" and I've not logged in a root for GUI session in years.  I
do, however, have sudo configured to not ask for a password.  Some would
consider that unsafe.


> P.S. The simplest way to login to the gui as root is to switch
> to KDM instead of GDM as your login manager. KDM has not yet
> been taken over by the paranoid thought police :-).
>   


-- 
HERE!! Put THIS on!! I'm in CHARGE!! Guess Who! http://tinyurl.com/mc4xe7

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20100415/d50f08c0/attachment.bin

More information about the users mailing list