LinuxQuestions.org - How do I enable root in 2011?

- Mandriva (https://www.linuxquestions.org/questions/mandriva-30/)

- - How do I enable root in 2011? (https://www.linuxquestions.org/questions/mandriva-30/how-do-i-enable-root-in-2011-a-912228/)

How do I enable root in 2011?

Hello to all!
I am using Mandriva 2011 and I am wanting to enable root GUI logon.
I do understand the risks of using root.
Thanks!

If you understood the risks, you wouldn't be asking the question. Login as a user and su or sudo to execute what you need to with root authority.

Quote:

Originally Posted by macemoneta (Post 4517607)

If you understood the risks, you wouldn't be asking the question. Login as a user and su or sudo to execute what you need to with root authority.

Well, that's why I want to know how: I find it annoying having to continuously type "(kde)su" all the time to make system changes.
I do appreciate your concern.

Hi, you should be able to find the setting in msec (mandriva security).

From the MCC (Mandriva control center).

There are other ways...

Regards Glenn

Quote:

Well, that's why I want to know how: I find it annoying having to continuously type "(kde)su" all the time to make system changes.
I do appreciate your concern.

then i guess you also run MS Windows as an Administrator and have the system turned into a zombie or a bot for a bot herder .

Linux IS SAFER than windows if YOU - the USER, is NOT THE PROBLEM .

the OS developers turned the gui root login OFF for GOOD security reasons
X window is NOT SAFE TO RUN AS ROOT !!!

I thought I'd seen this before...

I agree totally with the warnings above, and I no longer use this method,

but in the name of freedom, see my tute here...

http://glennwaller.blogspot.com/2010...-and-sudo.html

Quote:

Originally Posted by GlennsPref (Post 4520158)

but in the name of freedom, see my tute here...

The freedom of what? Annoying other users with spam sent from such a machine? Or being DDoS attacked by zombie computers? Or brute-forced? ...

Quote:

Originally Posted by Spartacus1 (Post 4517611)

Well, that's why I want to know how: I find it annoying having to continuously type "(kde)su" all the time to make system changes.

Then perhaps you've chosen the wrong operating system. Convenience and security never mix, one gets boosted at the expense of the other.

Not trying to start any war or anything, but is there any website that explains in a technical way why graphical root login is bad?

Again, purely in the interests of knowledge. I know it's the right thing not to log in as root, but after years of Linux experience, I must confess that I hadn't investigated this very thoroughly.

(BTW. I always log in as a user except in my early days with Linux)

Being root is bad

here is a taste of what others have written about being root, as apposed to using sudo.
the last article goes on to explain sudo and "granular delegation".

"Liberty comes with responsibility"

Quote:

Let's try an analogy, and just for maximal irritation let's make it a
car analogy, which I know everyone loves:

You drive your 12 year old son to school every day. In this sense, he is
a user of the car. You fill the tank at the same gas station every day.

Would you give the keys of your car to your 12 year old son, and ask him
to drive to the gas station, simply because your son is an authorised
"user" of your car, and because you trust the quality of the fuel from
that gas station?

Users are not, and should never be, administrators.

ref. http://www.spinics.net/lists/fedora-...msg126543.html

Quote:

If you're logged in as root, you can easily wipe directories or do something that in retrospect is really dumb on the system with the flip of a finger, while as a user you normally have to put a few extra mental cycles into what you're typing before doing something that is dangerous.

Also any program you run as root as root privileges, meaning if someone or something gets you to run/compile/browse a website that is dangerous and wants to damage your system, such as a trojan or other malware, it has full access to your system and can do what it wants, including access to TCP ports below 1024 (so it can turn your system into a remailer without your knowledge, for example).

Basically you're kind of asking for trouble that logging in as yourself may prevent. I've known many people that ended up being glad they had that safety net in a moment of carelessness.

EDIT: There is also the issue of root being the most well known, thus an easy target, for scripts and hacks. Systems that disable the account and instead force users to use sudo means that any attempt to crack root from ssh or a local exploit to the account are banging their heads against a wall. They'd have to guess/crack a password and username. It's security through obscurity to a degree but it's hard to argue that it doesn't foil most script kiddie attacks.

ref. http://www.dummies.com/how-to/conten...-linux-93.html

Quote:

There are several reasons why this is so:
Eavesdroppers
Although the whole point of SSH is to make eavesdropping unfeasible, if not impossible, there have been a couple of nearly feasible man-in-the-middle attacks over the years. Never assume you're invincible: if some day someone finds some subtle flaw in the SSH protocol or software you're using and successfully reconstructs one of your sessions, you'll feel pretty stupid if in that session you logged in as root and unknowingly exposing your superuser password, simply in order to do something trivial like browsing apache logs.
Operator error
In the hyperabbreviated world of Unix, typing errors can be deadly. The less time you spend logged in as root, the less likely you'll accidentally erase an entire volume by typing one too many forward slashes in an rm command.
Local attackers
This book is about bastion hosts, which tend to not have very many local user accounts. Still, if a system cracker compromises an unprivileged account, they will probably use it as a foothold to try to compromise root too, which may be harder for them to do if you seldom log in as root.

ref. http://etutorials.org/Linux+systems/...r+Handy+Tools/

Cheers and regards Glenn

ps. Personally, if someone got into my house, they could do whatever they wanted and screw-up my system for me (If I was logged in as root).

How often does someone need to modify their system anyway? Every couple of days I type in my root password to download updates. Other than that, you're probably using your computer for tasks, not for administering your system - and tasks are done just fine as a user.

The real problem I think is that if you're running as root all the time and you get exploited, you're screwed - the intruder has full access to everything. Running as a user, the intruder's access is more limited.

I believe once your system is set up and running you'll have little need for running as root.

I posted my response like I have because

when I started with linux, (the knoppix live-cd was the first gui I had "seen working")

Most of my peripheral hardware, (printer, camera, 802.11, graphics card, and sata chip) was not recognised.

But I was excited to finally get away from paying for buggy software.

I'd been using FOSS on M$ and liked it a lot.

While I was configuring linux I constantly had to look for info from the web, which meant reboot and use M$ to get online (28k dialup)

By the way,
I didn't even know what I needed to look for.
I didn't know how to extract the info from my linux system to copy paste a reference note to myself.

I remember spending a lot of time offline.

I remember learning. I am still learning.

But like a child, the teach them all you can and let them go. Hopefully they make the "right" decisions.

Regards Glenn

It's best to not log in as root, but if you must, simply select "other" instead of the regular user name, and then type in "root".

Wayne Sallee
Wayne@WayneSallee.com