I cannot think of a single occasion in the last several years where I've needed to log in to a DE/WM or startx as root. A gui root file manager is as easy as:

(or xfe or pcmanfm or nautilus or rox-filer, etc)
If you're lazy you can even make launchers for these.

You can also launch a root terminal, though I'm not sure why anyone would want to launch a root terminal with gksu/kdesu. You still have to enter your password, you're merely saving yourself the trouble of typing 2 - 4 letters.

As someone who doesn't really use file managers much, I probably just don't get it though...

Apart from file managers, what other gui apps really need to run as root? A graphical package manager maybe? I can't think of much else.

Not many, which is unfortunate. I don't object to advising against starting a GUI as root. What passes for a security model in Linux is two-level user controls, with most users restricted and one user class completely unrestricted. Most Linux systems have only a brief period during installs when they are isolated from the network, and the GUI is as open to exploitation as a teenager to a Friday date, so it invites system confiscation to give root privileges to a GUI app.

On the other hand, it is ridiculous that the most complex task on a computer is left to the linear verbal command line. I understand it as well as anyone. I was delighted when we were able to stop ganging binary code into the registers one word at a time, but I was equally happy to see the command line displaced with graphic interfaces for most work. Try to persuade a design engineer to let go of his CAD for a command line interface to a plotter. Life is not linear and complex problems are not easily mapped down to simple verbal commands. We do it, but it is error-prone and requires much higher levels of visualization and concentration than we like to admit.

With no better security than ordinary user constraints we certainly should not be starting the user GUI as root, but we should create an admin-GUI that is specifically designed to maintain security while facilitating system configuration and management tasks.

Gary

i would have to respectively disagree, a gui is excellent in the example of a CAD, in fact in that instance a gui probably IS better, but when it comes to programs that might have literally hundreds if not THOUSANDS of individual options, a GUI would be horribly complex.
besides that you already HAVE the ability to run GUI programs as root from within a normal user's desktop, but running the entire gui as root invites running the web browser and by extension it's plugins and other programs such as messengers, as root as well, and if those programs are exploitable and get exploited while being run as root, you're screwed, and as more than one person, myself included has stated, a compromised machine has implications for the Internet as a whole, not just the individual machine, which is why root login to GUI is disabled, you don't need it.

Big disconnect in your thinking there. The complexity of the activity we manage is precisely why we need an interface that deals more easily with multi-dimensional relationships. For all the really difficult systems-management problems, we use a graphical interface. Linux management of an individual system is only perhaps halfway up that scale of complexity, but it still would profit from a more effective interface.

The rest of your note is pretty much a non sequitur. I did not suggest anyone start one of the usual Linux GUIs like Gnome or KDE as root. I merely lamented that we haven't taken time to create a properly secure GUI for Linux management work. We do know how, you know. The security issues of a Linux system are pretty low key compared to many that already have a graphic interface. We have just not bothered because the focus has been on turning Linux into a desktop operating system.

Gary

granted, however running the entire gui, security holes and all, with the root user account is considered bad practice, running an individual gui utility within a user's desktop isn't

and yes, there are still things that a command line can do more efficiently than a gui, hands down, especially when it comes to manipulating large text files, as well as being able to chain commands together to perform more complex tasks (stream piping)

but the original point of this thread was being able to log into the desktop as root, which is bad, bad, bad (yes I used to do it regularly before distributions started enforcing not being able to do so), this wasn't a gui vs command line argument initially, just about the ability to log into a desktop/wm as root, which defeats the point of having limited users.

---------- Post added 08-09-12 at 02:11 PM ----------

granted, however running the entire gui, security holes and all, with the root user account is considered bad practice, running an individual gui utility within a user's desktop isn't

and yes, there are still things that a command line can do more efficiently than a gui, hands down, especially when it comes to manipulating large text files, as well as being able to chain commands together to perform more complex tasks (stream piping)

but the original point of this thread was being able to log into the desktop as root, which is bad, bad, bad (yes I used to do it regularly before distributions started enforcing not being able to do so), this wasn't a gui vs command line argument initially, just about the ability to log into a desktop/wm as root, which defeats the point of having limited users, and even if you could, there are programs (such as vlci believe,

That's true only when you're working with a badly designed interface. Really badly designed, since doing better at such tasks than the command line is pretty basic. But this isn't a design forum, so you're right: let's leave it.

Gary

Just because you are using the gui as root does not need to mean that you are on line with it. Turning off a connection is easy, even before you get to the gui.

To assume users are silly enough to get on line as root may be, in fact, reasonable. Many people do that, or nearly that, with the most used OS out there.

I, personally, find that at times it is convinient to log into my gui as root. I do not do this to surf the web. Why would anyone do that?

Stupidity I suppose. That will not be cured by not being allowed to log in as root.

One thing I find fascinating to do is compare the desktop, unmodified, in the root account with the modifided user desktop. While it is true that when you first boot to a new install this is what you are seeing, it is interesting to look at after a couple of months or a year.

On my more experimental installs I do set up a desktop as root. So that comparison is not useful in the least on those. Using them as root is simply a lazy way of dealing with them. They are rarely on line even if logged in as a user. I do not spend much time on them and I want to do what I feel needs done, rapidly, and get out.

They are usually only on line for update/upgrade cycles and that is done from here in a chroot environment.

This install goes back to November of 2010. While it is possible that I have logged in here as root I do not think I ever have. There is a

Sid install on this drive that I have done that on. Once, recently for about 1.5 hours. There was no reason to connect, I was playing with my system. I am happy to report that the things I screwed up were fixed before coming back here. It was great FUN and I think I may have learned some things even.

I see no point, or sense, in restricting what someone does with their own computer.

actually nobody is
root login to GUI is indeed disabled by default, but can be enabled, i myself have done it, it is just disabled by default to prevent stupidity, but if you really, really, want to do so you just have to know what you're doing, actually it isn't that hard.. just editing a file, which file it is, i forget, and it isn't really that much of an edit if i recall correctly.