Mailinglist Archive: opensuse (911 mails)

< Previous Next >
Re: [opensuse] Logging in as root an Leap
On 12/01/2015 06:58 AM, Roger Oberholtzer wrote:
On Tue, Dec 1, 2015 at 12:42 PM, jdd <jdd@xxxxxxxxx> wrote:
Le 01/12/2015 11:42, Roger Price a écrit :

On Tue, 1 Dec 2015, Koenraad Lelong wrote:

Is it possible to log in as root just after booting ? I only get my
non-root user as a possible user.


To my surprise, ssh -X -Y root@<Leap-box> from some other box works.

Roger

you can su from any konsole

you can also manage the displayed users in kde config (root is not there to
prevent people from logging a graphical root, which is really unsecure

Don't want to start a religious war here, but...

I always see this claimed. Why? What can you do in the GUI that you
cannot just as easily do from the command line? Being a command line
orientated user, I think I can easily and accidentally do more damage
there than in the GUI.

I guess the idea is that the root user can delete things easier from
the GUI (not 100% sure I agree) than from the command line. But then
again, the GUI has a trash where I can potentially get things back.
Not so from the command line. And the GUI can ask for confirmation.
Not so the command line.

And speaking of insecure, root login via ssh, which is enabled, must
be more insecure than via the GUI. Maybe I am sensitive to this
because of a recent ssh-based Trojan I had to eradicate from an
openSUSE server here. I don't see how that Trojan would have made it
in to the system via the GUI login.

If the users know the root password, not allowing GUI login of root
is, I think, a false sense of security. If they do not know the
password, then what difference is there if root is in the GUI login?


In my opinion (uneducated as it may be) I tend to agree with Roger, that the
danger
of logging in to root with a DE/GUI is largely overblown.

There was a time when X11 was horribly insecure, but this is 2015 and that
problem should
not be with us any more.

As Roger pointed out Dolphin does have a trash for recovery of inadvertent
deletes,
(however one might accidentally delete the software needed to restore (dolphin).
But many similar accidents have happened at the command line, and Dolphin
super user mode is available to any user with root's password).

So that leaves one danger area: Launching a web browser as root. (I'm not sure
this isn't already trapped out in this day and age, but it should be, even
when every web browser is running "sandboxed". (There is no such thing as a
sandbox for root).

Other than those two areas, WHAT SPECIFICALLY is the RISK of using a GUI/DE as
root?

I've received the lectures over the years that amounted to
"you have no idea what you are doing", but nothing specific.
I virtually never run as root, but every 13 year old linux newbie I've ever met
does, because they think its cool and leet or whatever.

But I will confess to using Dolphin and Konsole Super User mode from time to
time.
And I also confess to once using rm -rf * while sitting in the wrong directory.






--
After all is said and done, more is said than done.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups