UbuntuThis forum is for the discussion of Ubuntu Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have no promblem with folks that want to log in as root. It is their box and their OS. I have had times, due mainly to idiotic "improvements" that I have made, that the only way I could get to a desktop was as root. Much easier to fix my improvements from there.
I have done it on purpose when there was really no need. Why? Because I could. It also allows me to set up a desktop that is easier for me to use as root. I also use a different wallpaper on that desktop so that if I get into it as root I absolutely know that is where I am. Sometimes I want to edit a number of config files at one time. Easy to do as root.
I cannot think of a single occasion in the last several years where I've needed to log in to a DE/WM or startx as root. A gui root file manager is as easy as:
Code:
$ kdesu dolphin &
Code:
$ gksu thunar &
(or xfe or pcmanfm or nautilus or rox-filer, etc)
If you're lazy you can even make launchers for these.
You can also launch a root terminal, though I'm not sure why anyone would want to launch a root terminal with gksu/kdesu. You still have to enter your password, you're merely saving yourself the trouble of typing 2 - 4 letters.
As someone who doesn't really use file managers much, I probably just don't get it though...
Apart from file managers, what other gui apps really need to run as root? A graphical package manager maybe? I can't think of much else.
[...] As someone who doesn't really use file managers much, I probably just don't get it though...
Apart from file managers, what other gui apps really need to run as root? A graphical package manager maybe? I can't think of much else.
Not many, which is unfortunate. I don't object to advising against starting a GUI as root. What passes for a security model in Linux is two-level user controls, with most users restricted and one user class completely unrestricted. Most Linux systems have only a brief period during installs when they are isolated from the network, and the GUI is as open to exploitation as a teenager to a Friday date, so it invites system confiscation to give root privileges to a GUI app.
On the other hand, it is ridiculous that the most complex task on a computer is left to the linear verbal command line. I understand it as well as anyone. I was delighted when we were able to stop ganging binary code into the registers one word at a time, but I was equally happy to see the command line displaced with graphic interfaces for most work. Try to persuade a design engineer to let go of his CAD for a command line interface to a plotter. Life is not linear and complex problems are not easily mapped down to simple verbal commands. We do it, but it is error-prone and requires much higher levels of visualization and concentration than we like to admit.
With no better security than ordinary user constraints we certainly should not be starting the user GUI as root, but we should create an admin-GUI that is specifically designed to maintain security while facilitating system configuration and management tasks.
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233
Rep:
Quote:
Originally Posted by simsgw
Not many, which is unfortunate. I don't object to advising against starting a GUI as root. What passes for a security model in Linux is two-level user controls, with most users restricted and one user class completely unrestricted. Most Linux systems have only a brief period during installs when they are isolated from the network, and the GUI is as open to exploitation as a teenager to a Friday date, so it invites system confiscation to give root privileges to a GUI app.
On the other hand, it is ridiculous that the most complex task on a computer is left to the linear verbal command line. I understand it as well as anyone. I was delighted when we were able to stop ganging binary code into the registers one word at a time, but I was equally happy to see the command line displaced with graphic interfaces for most work. Try to persuade a design engineer to let go of his CAD for a command line interface to a plotter. Life is not linear and complex problems are not easily mapped down to simple verbal commands. We do it, but it is error-prone and requires much higher levels of visualization and concentration than we like to admit.
With no better security than ordinary user constraints we certainly should not be starting the user GUI as root, but we should create an admin-GUI that is specifically designed to maintain security while facilitating system configuration and management tasks.
Gary
i would have to respectively disagree, a gui is excellent in the example of a CAD, in fact in that instance a gui probably IS better, but when it comes to programs that might have literally hundreds if not THOUSANDS of individual options, a GUI would be horribly complex.
besides that you already HAVE the ability to run GUI programs as root from within a normal user's desktop, but running the entire gui as root invites running the web browser and by extension it's plugins and other programs such as messengers, as root as well, and if those programs are exploitable and get exploited while being run as root, you're screwed, and as more than one person, myself included has stated, a compromised machine has implications for the Internet as a whole, not just the individual machine, which is why root login to GUI is disabled, you don't need it.
i would have to respectively disagree, a gui is excellent in the example of a CAD, in fact in that instance a gui probably IS better, but when it comes to programs that might have literally hundreds if not THOUSANDS of individual options, a GUI would be horribly complex.
Big disconnect in your thinking there. The complexity of the activity we manage is precisely why we need an interface that deals more easily with multi-dimensional relationships. For all the really difficult systems-management problems, we use a graphical interface. Linux management of an individual system is only perhaps halfway up that scale of complexity, but it still would profit from a more effective interface.
The rest of your note is pretty much a non sequitur. I did not suggest anyone start one of the usual Linux GUIs like Gnome or KDE as root. I merely lamented that we haven't taken time to create a properly secure GUI for Linux management work. We do know how, you know. The security issues of a Linux system are pretty low key compared to many that already have a graphic interface. We have just not bothered because the focus has been on turning Linux into a desktop operating system.
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233
Rep:
granted, however running the entire gui, security holes and all, with the root user account is considered bad practice, running an individual gui utility within a user's desktop isn't
and yes, there are still things that a command line can do more efficiently than a gui, hands down, especially when it comes to manipulating large text files, as well as being able to chain commands together to perform more complex tasks (stream piping)
but the original point of this thread was being able to log into the desktop as root, which is bad, bad, bad (yes I used to do it regularly before distributions started enforcing not being able to do so), this wasn't a gui vs command line argument initially, just about the ability to log into a desktop/wm as root, which defeats the point of having limited users.
---------- Post added 08-09-12 at 02:11 PM ----------
granted, however running the entire gui, security holes and all, with the root user account is considered bad practice, running an individual gui utility within a user's desktop isn't
and yes, there are still things that a command line can do more efficiently than a gui, hands down, especially when it comes to manipulating large text files, as well as being able to chain commands together to perform more complex tasks (stream piping)
but the original point of this thread was being able to log into the desktop as root, which is bad, bad, bad (yes I used to do it regularly before distributions started enforcing not being able to do so), this wasn't a gui vs command line argument initially, just about the ability to log into a desktop/wm as root, which defeats the point of having limited users, and even if you could, there are programs (such as vlci believe,
[...] and yes, there are still things that a command line can do more efficiently than a gui, hands down, especially when it comes to manipulating large text files, as well as being able to chain commands together to perform more complex tasks (stream piping)
That's true only when you're working with a badly designed interface. Really badly designed, since doing better at such tasks than the command line is pretty basic. But this isn't a design forum, so you're right: let's leave it.
Distribution: Debian Testing, Stable, Sid and Manjaro, Mageia 3, LMDE
Posts: 2,628
Rep:
Just because you are using the gui as root does not need to mean that you are on line with it. Turning off a connection is easy, even before you get to the gui.
To assume users are silly enough to get on line as root may be, in fact, reasonable. Many people do that, or nearly that, with the most used OS out there.
I, personally, find that at times it is convinient to log into my gui as root. I do not do this to surf the web. Why would anyone do that?
Stupidity I suppose. That will not be cured by not being allowed to log in as root.
One thing I find fascinating to do is compare the desktop, unmodified, in the root account with the modifided user desktop. While it is true that when you first boot to a new install this is what you are seeing, it is interesting to look at after a couple of months or a year.
On my more experimental installs I do set up a desktop as root. So that comparison is not useful in the least on those. Using them as root is simply a lazy way of dealing with them. They are rarely on line even if logged in as a user. I do not spend much time on them and I want to do what I feel needs done, rapidly, and get out.
They are usually only on line for update/upgrade cycles and that is done from here in a chroot environment.
This install goes back to November of 2010. While it is possible that I have logged in here as root I do not think I ever have. There is a
Sid install on this drive that I have done that on. Once, recently for about 1.5 hours. There was no reason to connect, I was playing with my system. I am happy to report that the things I screwed up were fixed before coming back here. It was great FUN and I think I may have learned some things even.
I see no point, or sense, in restricting what someone does with their own computer.
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233
Rep:
Quote:
Originally Posted by widget
I see no point, or sense, in restricting what someone does with their own computer.
actually nobody is
root login to GUI is indeed disabled by default, but can be enabled, i myself have done it, it is just disabled by default to prevent stupidity, but if you really, really, want to do so you just have to know what you're doing, actually it isn't that hard.. just editing a file, which file it is, i forget, and it isn't really that much of an edit if i recall correctly.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.