[opensuse] Logging in as root an Leap
Hi, Is it possible to log in as root just after booting ? I only get my non-root user as a possible user. On OS13.2 and before there was a possibility to type the username. Now it seems you can only graphically select users, and root is not available (that I know of). Thanks, Koenraad. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, 1 Dec 2015, Koenraad Lelong wrote:
Is it possible to log in as root just after booting ? I only get my non-root user as a possible user.
To my surprise, ssh -X -Y root@<Leap-box> from some other box works. Roger -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 01/12/2015 11:42, Roger Price a écrit :
On Tue, 1 Dec 2015, Koenraad Lelong wrote:
Is it possible to log in as root just after booting ? I only get my non-root user as a possible user.
To my surprise, ssh -X -Y root@<Leap-box> from some other box works.
Roger you can su from any konsole
you can also manage the displayed users in kde config (root is not there to prevent people from logging a graphical root, which is really unsecure jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, Dec 1, 2015 at 12:42 PM, jdd
Le 01/12/2015 11:42, Roger Price a écrit :
On Tue, 1 Dec 2015, Koenraad Lelong wrote:
Is it possible to log in as root just after booting ? I only get my non-root user as a possible user.
To my surprise, ssh -X -Y root@<Leap-box> from some other box works.
Roger
you can su from any konsole
you can also manage the displayed users in kde config (root is not there to prevent people from logging a graphical root, which is really unsecure
Don't want to start a religious war here, but... I always see this claimed. Why? What can you do in the GUI that you cannot just as easily do from the command line? Being a command line orientated user, I think I can easily and accidentally do more damage there than in the GUI. I guess the idea is that the root user can delete things easier from the GUI (not 100% sure I agree) than from the command line. But then again, the GUI has a trash where I can potentially get things back. Not so from the command line. And the GUI can ask for confirmation. Not so the command line. And speaking of insecure, root login via ssh, which is enabled, must be more insecure than via the GUI. Maybe I am sensitive to this because of a recent ssh-based Trojan I had to eradicate from an openSUSE server here. I don't see how that Trojan would have made it in to the system via the GUI login. If the users know the root password, not allowing GUI login of root is, I think, a false sense of security. If they do not know the password, then what difference is there if root is in the GUI login? -- Roger Oberholtzer -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/01/2015 09:58 AM, Roger Oberholtzer wrote:
And speaking of insecure, root login via ssh, which is enabled, must be more insecure than via the GUI.
+1 yes that rates in the top 5 of egregious Bad Practices -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/01/2015 06:58 AM, Roger Oberholtzer wrote:
On Tue, Dec 1, 2015 at 12:42 PM, jdd
wrote: Le 01/12/2015 11:42, Roger Price a écrit :
On Tue, 1 Dec 2015, Koenraad Lelong wrote:
Is it possible to log in as root just after booting ? I only get my non-root user as a possible user.
To my surprise, ssh -X -Y root@<Leap-box> from some other box works.
Roger
you can su from any konsole
you can also manage the displayed users in kde config (root is not there to prevent people from logging a graphical root, which is really unsecure
Don't want to start a religious war here, but...
I always see this claimed. Why? What can you do in the GUI that you cannot just as easily do from the command line? Being a command line orientated user, I think I can easily and accidentally do more damage there than in the GUI.
I guess the idea is that the root user can delete things easier from the GUI (not 100% sure I agree) than from the command line. But then again, the GUI has a trash where I can potentially get things back. Not so from the command line. And the GUI can ask for confirmation. Not so the command line.
And speaking of insecure, root login via ssh, which is enabled, must be more insecure than via the GUI. Maybe I am sensitive to this because of a recent ssh-based Trojan I had to eradicate from an openSUSE server here. I don't see how that Trojan would have made it in to the system via the GUI login.
If the users know the root password, not allowing GUI login of root is, I think, a false sense of security. If they do not know the password, then what difference is there if root is in the GUI login?
In my opinion (uneducated as it may be) I tend to agree with Roger, that the danger of logging in to root with a DE/GUI is largely overblown. There was a time when X11 was horribly insecure, but this is 2015 and that problem should not be with us any more. As Roger pointed out Dolphin does have a trash for recovery of inadvertent deletes, (however one might accidentally delete the software needed to restore (dolphin). But many similar accidents have happened at the command line, and Dolphin super user mode is available to any user with root's password). So that leaves one danger area: Launching a web browser as root. (I'm not sure this isn't already trapped out in this day and age, but it should be, even when every web browser is running "sandboxed". (There is no such thing as a sandbox for root). Other than those two areas, WHAT SPECIFICALLY is the RISK of using a GUI/DE as root? I've received the lectures over the years that amounted to "you have no idea what you are doing", but nothing specific. I virtually never run as root, but every 13 year old linux newbie I've ever met does, because they think its cool and leet or whatever. But I will confess to using Dolphin and Konsole Super User mode from time to time. And I also confess to once using rm -rf * while sitting in the wrong directory. -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/01/2015 10:54 PM, John Andersen wrote:
[...] WHAT SPECIFICALLY is the RISK of using a GUI/DE as root?
IMO this is the time for the security team to jump in and explain a few principles of their daily work. I'm far from being a member of this team, but as far as I know, they're regularly doing in-depth code reviews on programs which are supposed to be run as root. The point is that those programs designed to possibly run as root have to be bullet proof regarding races of any kind, have to prevent injection of malicious environment variables etc. Normal code is not designed for things like that. I think it's not the regular functionality you should be afraid of, but what an attacker, the environment or plain bad luck could do to trigger some side effects in the code. Many well-written servers still drop their root-privileges as early as they can to avoid possible damage, and then some guys would circumvent all the security in the design of UNIX/Linux and run *all* as root?!? I'd call this ignorant and disrespectful. It's like walking with a lighted candle in a building storing gas bottles; it may work, but you never know if one of the bottles is leaking gas (not to mention if some funny jerk has opened the valve of one on purpose). Therefore, I belief there's only one rule to remember: don't do it. Have a nice day, Berny -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, Dec 1, 2015 at 5:29 PM, Bernhard Voelker
Many well-written servers still drop their root-privileges as early as they can to avoid possible damage, and then some guys would circumvent all the security in the design of UNIX/Linux and run *all* as root?!? I'd call this ignorant and disrespectful.
It's like walking with a lighted candle in a building storing gas bottles; it may work, but you never know if one of the bottles is leaking gas (not to mention if some funny jerk has opened the valve of one on purpose).
Therefore, I belief there's only one rule to remember: don't do it.
That is certainly one of the reasons Microsoft went to a restricted user model in Windows 7 (or Vista I assume) even when people log in as an "administrator" level account. Even if malware gets executed on the machine it will typically not have admin rights. On the other hand when I boot from a openSUSE DVD I typically do log in as root. At some point you have to trust the environment. (I use a susestudio built openSUSE DVD routinely, but I maintain it and know what is on it.) Greg -- Greg Freemyer www.IntelligentAvatar.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Op 01-12-15 om 11:42 schreef Roger Price:
On Tue, 1 Dec 2015, Koenraad Lelong wrote:
Is it possible to log in as root just after booting ? I only get my non-root user as a possible user.
To my surprise, ssh -X -Y root@<Leap-box> from some other box works.
Roger Roger,
I'm sorry, I have not been clear enough. I'm asking about the graphical login (of the KDE desktop, if it matters). Koenraad. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Op dinsdag 1 december 2015 12:42:46 schreef Koenraad Lelong:
Op 01-12-15 om 11:42 schreef Roger Price:
On Tue, 1 Dec 2015, Koenraad Lelong wrote:
Is it possible to log in as root just after booting ? I only get my non-root user as a possible user.
To my surprise, ssh -X -Y root@<Leap-box> from some other box works.
Roger
Roger,
I'm sorry, I have not been clear enough. I'm asking about the graphical login (of the KDE desktop, if it matters).
Koenraad.
When configuring the login screen in System Settings you can choose another Theme that offers to enter the name of the user. The standard theme Breeze only offers users with ID from 1000 upwards. You can change that too from 0 for root, but then you have to exclude a lot of these system accounts. -- fr.gr. member openSUSE Freek de Kruijf -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/01/2015 03:53 AM, Koenraad Lelong wrote:
Hi,
Is it possible to log in as root just after booting ? I only get my non-root user as a possible user. On OS13.2 and before there was a possibility to type the username. Now it seems you can only graphically select users, and root is not available (that I know of).
Although you fail to say so, I presume you mean that the GUI login is not displaying a root account option in the list of possible users. This is as it should be by default. The root account DOES exist. The GUI does not offer it - by default. Like everything else about Linux, this is a configuration option. If you hot key to a virtual terminal you can log in as root :-) Alternatively systemsetting -> system administration -> login screen gives many options, and displaying root in the list is one of them. Alternatively you can go into the appropriate config file and hand edit the text. As for entering the user by typing a name, well that depends on the GUI that you use. I use kdm for the KDE desktop and hence configure it with 'systemsettings'. YMMV. That, too, is configurable :-) Personally I think that making root too easily accessible introduces a security risk. I'm not against using root but I do think that its use should be carefully administered. Making it as easy to access and use as any other account can lead to carelessness and mistakes. That's why the default is not to include it in the graphical login. If you want to change that, you can, but be aware of the risks. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, 1 Dec 2015 07:53:53 -0500 Anton Aylward wrote:
On 12/01/2015 03:53 AM, Koenraad Lelong wrote:
Hi,
Is it possible to log in as root just after booting ? I only get my non-root user as a possible user. On OS13.2 and before there was a possibility to type the username. Now it seems you can only graphically select users, and root is not available (that I know of).
Although you fail to say so, I presume you mean that the GUI login is not displaying a root account option in the list of possible users.
This is as it should be by default.
The root account DOES exist. The GUI does not offer it - by default.
Like everything else about Linux, this is a configuration option.
If you hot key to a virtual terminal you can log in as root :-)
Alternatively systemsetting -> system administration -> login screen gives many options, and displaying root in the list is one of them.
Alternatively you can go into the appropriate config file and hand edit the text.
As for entering the user by typing a name, well that depends on the GUI that you use. I use kdm for the KDE desktop and hence configure it with 'systemsettings'. YMMV. That, too, is configurable :-)
Personally I think that making root too easily accessible introduces a security risk. I'm not against using root but I do think that its use should be carefully administered. Making it as easy to access and use as any other account can lead to carelessness and mistakes. That's why the default is not to include it in the graphical login. If you want to change that, you can, but be aware of the risks.
I think you're being way too subtle here, Anton. Running a DE as root is strongly discouraged because any simple error, human or otherwise, has the potential to completely destroy an installation. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/01/2015 08:29 AM, Carl Hartung wrote:
I think you're being way too subtle here, Anton. Running a DE as root is strongly discouraged because any simple error, human or otherwise, has the potential to completely destroy an installation.
Yes, you are right, but I did not think that screaming ! ! ! ! DON'T LOG IN AS ROOT ! ! ! ! would be particularly helpful. Neither, I'm sad to say, is using sudo since it takes too much specific configuring. People *will* end up using a toot shell, either by login or by running su. They just need to destroy their system a couple of times or do other catastrophic and potentially unrecoverable things so as to make themselves aware of the consequence and taking more care next time. Is that un-subtle enough for you? -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Agreed !!!! Does anybody now a correct way to empty the wastebin of root ? On 01-12-15 14:51, Anton Aylward wrote:
On 12/01/2015 08:29 AM, Carl Hartung wrote:
I think you're being way too subtle here, Anton. Running a DE as root is strongly discouraged because any simple error, human or otherwise, has the potential to completely destroy an installation. Yes, you are right, but I did not think that screaming
! ! ! ! DON'T LOG IN AS ROOT ! ! ! !
would be particularly helpful. Neither, I'm sad to say, is using sudo since it takes too much specific configuring. People *will* end up using a toot shell, either by login or by running su. They just need to destroy their system a couple of times or do other catastrophic and potentially unrecoverable things so as to make themselves aware of the consequence and taking more care next time.
Is that un-subtle enough for you?
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Simply, if I use dolphin as root and put something in the wastebin. On 01-12-15 15:22, jdd wrote:
Le 01/12/2015 15:17, Hans de Faber a écrit :
Agreed !!!! Does anybody now a correct way to empty the wastebin of root ?
how can it be not empty at first??
jdd
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 01/12/2015 15:24, Hans de Faber a écrit :
Simply, if I use dolphin as root and put something in the wastebin.
if you use dolphin as root (may be with the link given in every user menu), you can use the pastebin entry in the dolphin folder pannel jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Thanks, it is in the places panel, i never used. On 01-12-15 15:30, jdd wrote:
Le 01/12/2015 15:24, Hans de Faber a écrit :
Simply, if I use dolphin as root and put something in the wastebin.
if you use dolphin as root (may be with the link given in every user menu), you can use the pastebin entry in the dolphin folder pannel
jdd
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Anton Aylward composed on 2015-12-01 07:53 (UTC-0500):
Is it possible to log in as root just after booting ? I only get my non-root user as a possible user. On OS13.2 and before there was a possibility to type the username. Now it seems you can only graphically select users, and root is not available (that I know of).
Although you fail to say so, I presume you mean that the GUI login is not displaying a root account option in the list of possible users.
This is as it should be by default.
The root account DOES exist. The GUI does not offer it - by default.
Like everything else about Linux, this is a configuration option.
Not necessarily with every DM, at least, not using every greeter theme.
If you hot key to a virtual terminal you can log in as root :-)
Alternatively systemsetting -> system administration -> login screen gives many options, and displaying root in the list is one of them.
Again, not necessarily possible with every DM.
Alternatively you can go into the appropriate config file and hand edit the text.
If it and complete competent documentation can be found.
As for entering the user by typing a name, well that depends on the GUI that you use. I use kdm for the KDE desktop and hence configure it with 'systemsettings'. YMMV. That, too, is configurable :-)
This is why I keep KDM. It's ostensible replacement requires all users in /etc/passwd be included and thus listed in order to have root available in its greeter. -- "The wise are known for their understanding, and pleasant words are persuasive." Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tuesday 01 Dec 2015 09:53:27 Koenraad Lelong wrote:
Hi,
Is it possible to log in as root just after booting ? I only get my non-root user as a possible user. On OS13.2 and before there was a possibility to type the username. Now it seems you can only graphically select users, and root is not available (that I know of).
Thanks,
Koenraad.
If you are using "kdm", you can configure it through the systems setting "system administration/Login Screen", by default its configured to be excluded. "ssdm" doesn't give you that option at all -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Op 01-12-15 om 16:00 schreef ianseeks:
On Tuesday 01 Dec 2015 09:53:27 Koenraad Lelong wrote:
Hi,
Is it possible to log in as root just after booting ? I only get my non-root user as a possible user. On OS13.2 and before there was a possibility to type the username. Now it seems you can only graphically select users, and root is not available (that I know of).
Thanks,
Koenraad.
If you are using "kdm", you can configure it through the systems setting "system administration/Login Screen", by default its configured to be excluded. "ssdm" doesn't give you that option at all
Hi, I'm sorry to have caused such a hubub ;-). The reason to log in as root is that as a regular user I lost my taskbar on the LVDS screen of my laptop. I wanted to log in as root and make another user to see what differs from the original user. In the mean time I know how to get the taskbar back. Maybe not orthodox, but it works : I attached my VGA monitor, deleted the old taksbar (fixed on the VGA-screen) and created a new one on the LVDS screen. Thanks anyway, Koenraad. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 01/12/2015 16:32, Koenraad Lelong a écrit :
I'm sorry to have caused such a hubub ;-).
no problem...
The reason to log in as root is that as a regular user I lost my taskbar on the LVDS screen of my laptop. I wanted to log in as root and make another user to see what differs from the original user.
but you don"t have to do so. Use YaST / users. If you has said this in the first place we should have given the right info :-)
In the mean time I know how to get the taskbar back. Maybe not orthodox, but it works : I attached my VGA monitor, deleted the old taksbar (fixed on the VGA-screen) and created a new one on the LVDS screen.
this external monitor problem is interesting. At least after a reboot, if the external is no more attached, the primary display should be the LCD one. the solution I wrote (remove ./local/share/kscreen) should work. No need to be root, it's the user .local that is impacted It worked last saturday :-) jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, Dec 1, 2015 at 4:32 PM, Koenraad Lelong
Op 01-12-15 om 16:00 schreef ianseeks:
On Tuesday 01 Dec 2015 09:53:27 Koenraad Lelong wrote:
Hi,
Is it possible to log in as root just after booting ? I only get my non-root user as a possible user. On OS13.2 and before there was a possibility to type the username. Now it seems you can only graphically select users, and root is not available (that I know of).
Thanks,
Koenraad.
If you are using "kdm", you can configure it through the systems setting "system administration/Login Screen", by default its configured to be excluded. "ssdm" doesn't give you that option at all
Hi,
I'm sorry to have caused such a hubub ;-). The reason to log in as root is that as a regular user I lost my taskbar on the LVDS screen of my laptop. I wanted to log in as root and make another user to see what differs from the original user. In the mean time I know how to get the taskbar back. Maybe not orthodox, but it works : I attached my VGA monitor, deleted the old taksbar (fixed on the VGA-screen) and created a new one on the LVDS screen.
Thanks anyway,
Koenraad.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
We have root as a GUI login in OEM images we make via KIWI. After the system is installed from our OEM image, our current software is added. But this is not as part of the OEM install because the OEM images are rather long-tern, while our software is more frequently updated. So we keep these two activities separate. Our software puts things in /etc/skel that we want all users to get. So we would like the user to be made after our software is added. Having our users log in non-graphically as root ("What's a virtual terminal?") and run a command line is not safer than letting them have a GUI login. At least in the GUI they have some idea what is going on. Not so the command line. Such is the state of many Linux users today. We asked for a Linux desktop. Now we have one. Most users want to forget the command line. (Not me. But I am strange in these parts...) -- Roger Oberholtzer -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 01/12/2015 16:49, Roger Oberholtzer a écrit :
We have root as a GUI login in OEM images we make via KIWI. After the system is installed from our OEM image, our current software is added. But this is not as part of the OEM install because the OEM images are rather long-tern, while our software is more frequently updated. So we keep these two activities separate. Our software puts things in /etc/skel that we want all users to get. So we would like the user to be made after our software is added. Having our users log in non-graphically as root ("What's a virtual terminal?") and run a command line is not safer than letting them have a GUI login. At least in the GUI they have some idea what is going on. Not so the command line. Such is the state of many Linux users today. We asked for a Linux desktop. Now we have one. Most users want to forget the command line. (Not me. But I am strange in these parts...)
isn't that the use of YaST? jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, Dec 1, 2015 at 5:01 PM, jdd
isn't that the use of YaST?
Adding users? Yep. But you have to be able to log in to use it. If you do not add a user when the system is installed, and root is not able to log in, I would guess that the KDM login would not be very useful. So, for the uninitiated GUI user, getting to a virtual terminal and logging in is often problematic. I know this from experience with some of our users. Could they learn to use the character login. Of course. They are not stupid. But when we say they must use the character login for something, all we hear is: why did you do all this in Linux? It is the concept that seems to irk them. Rock and a hard place, I guess. -- Roger Oberholtzer -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 01/12/2015 19:58, Roger Oberholtzer a écrit :
On Tue, Dec 1, 2015 at 5:01 PM, jdd
wrote: isn't that the use of YaST?
Adding users? Yep. But you have to be able to log in to use it. If you do not add a user when the system is installed, and root is not able to log in, I would guess that the KDM login would not be very useful.
So, for the uninitiated GUI user, getting to a virtual terminal and logging in is often problematic. I know this from experience with some of our users. Could they learn to use the character login. Of course. They are not stupid. But when we say they must use the character login for something, all we hear is: why did you do all this in Linux? It is the concept that seems to irk them.
Rock and a hard place, I guess.
I think there is something I don't understand here. To add an user on a running machine you have to log as root, even in Windows. I was thinking your user already have a GUI (kde or other) running. Then you have only to lauch yast and give the root pass, you can even launch only the user yast module. there is never any reason to log as root in kdm in openSUSE - I do not do this even once a year jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, Dec 1, 2015 at 8:06 PM, jdd
I think there is something I don't understand here. To add an user on a running machine you have to log as root, even in Windows. I was thinking your user already have a GUI (kde or other) running. Then you have only to lauch yast and give the root pass, you can even launch only the user yast module.
there is never any reason to log as root in kdm in openSUSE - I do not do this even once a year
Neither do I. Except in a brand new measurement production system to add a software package and a user. Significantly, in that order. I see in our KIWI build of OEM images, we do the following: baseUpdateSysConfig /etc/sysconfig/displaymanager DISPLAYMANAGER kdm4 baseUpdateSysConfig /etc/sysconfig/displaymanager DISPLAYMANAGER_REMOTE_ACCESS yes baseUpdateSysConfig /etc/sysconfig/displaymanager DISPLAYMANAGER_ROOT_LOGIN_REMOTE yes baseUpdateSysConfig /etc/sysconfig/displaymanager DISPLAYMANAGER_ROOT_LOGIN_LOCAL yes baseUpdateSysConfig /etc/sysconfig/displaymanager KDM_GREETSTRING "Look_busy._They_are_watching." So our OEM images are as we want. I will have to ensure that these are the correct values for Leap. -- Roger Oberholtzer -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tuesday 01 Dec 2015 20:06:59 jdd wrote:
Le 01/12/2015 19:58, Roger Oberholtzer a écrit :
On Tue, Dec 1, 2015 at 5:01 PM, jdd
wrote: isn't that the use of YaST?
Adding users? Yep. But you have to be able to log in to use it. If you do not add a user when the system is installed, and root is not able to log in, I would guess that the KDM login would not be very useful.
So, for the uninitiated GUI user, getting to a virtual terminal and logging in is often problematic. I know this from experience with some of our users. Could they learn to use the character login. Of course. They are not stupid. But when we say they must use the character login for something, all we hear is: why did you do all this in Linux? It is the concept that seems to irk them.
Rock and a hard place, I guess.
I think there is something I don't understand here. To add an user on a running machine you have to log as root, even in Windows. I was thinking your user already have a GUI (kde or other) running. Then you have only to lauch yast and give the root pass, you can even launch only the user yast module.
there is never any reason to log as root in kdm in openSUSE - I do not do this even once a year
I occasionally do it after an install/update if something either doesn't work or stops working, i just login as root to check if it works as root. But day to say stuff, i don't use it at all.
jdd
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/01/2015 01:58 PM, Roger Oberholtzer wrote:
So, for the uninitiated GUI user, getting to a virtual terminal and logging in is often problematic. I know this from experience with some of our users. Could they learn to use the character login. Of course. They are not stupid. But when we say they must use the character login for something, all we hear is: why did you do all this in Linux? It is the concept that seems to irk them.
Rock and a hard place, I guess.
It sounds like they have been brainwashed (aka "acquired deficiency syndrome") by the forces of Microsoft and Apple. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/01/2015 10:49 AM, Roger Oberholtzer wrote:
Most users want to forget the command line. (Not me. But I am strange in these parts...)
I think that there is enough of us "dinosaurs" here to constitute a herd. Or is it a flock? -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/01/2015 11:11 AM, Anton Aylward wrote:
On 12/01/2015 10:49 AM, Roger Oberholtzer wrote:
Most users want to forget the command line. (Not me. But I am strange in these parts...)
I think that there is enough of us "dinosaurs" here to constitute a herd. Or is it a flock?
Pretty sure this group qualifies as a rabble. -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/01/2015 04:58 PM, John Andersen wrote:
On 12/01/2015 11:11 AM, Anton Aylward wrote:
On 12/01/2015 10:49 AM, Roger Oberholtzer wrote:
Most users want to forget the command line. (Not me. But I am strange in these parts...)
I think that there is enough of us "dinosaurs" here to constitute a herd. Or is it a flock?
Pretty sure this group qualifies as a rabble.
As a whole, inarguably! But there's the subsets of .... * curmudgeons * command line dinosaurs * cat fanciers I'll leave it at that as drawing a Venn diagram of that is complex enough :-) -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/01/2015 02:11 PM, Anton Aylward wrote:
On 12/01/2015 10:49 AM, Roger Oberholtzer wrote:
Most users want to forget the command line. (Not me. But I am strange in these parts...)
I think that there is enough of us "dinosaurs" here to constitute a herd. Or is it a flock?
I think we would be a herd unless you consider yourself a Pterodactyl. :-) -- Ken linux since 1994 S.u.S.E./openSUSE since 1996 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/02/2015 08:56 AM, Ken Schneider wrote:
On 12/01/2015 02:11 PM, Anton Aylward wrote:
On 12/01/2015 10:49 AM, Roger Oberholtzer wrote:
Most users want to forget the command line. (Not me. But I am strange in these parts...)
I think that there is enough of us "dinosaurs" here to constitute a herd. Or is it a flock?
I think we would be a herd unless you consider yourself a Pterodactyl. :-)
Aren't dinosaurs the ancestors of birds? -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/02/2015 09:05 AM, Anton Aylward wrote:
On 12/02/2015 08:56 AM, Ken Schneider wrote:
On 12/01/2015 02:11 PM, Anton Aylward wrote:
On 12/01/2015 10:49 AM, Roger Oberholtzer wrote:
Most users want to forget the command line. (Not me. But I am strange in these parts...)
I think that there is enough of us "dinosaurs" here to constitute a herd. Or is it a flock?
I think we would be a herd unless you consider yourself a Pterodactyl. :-)
Aren't dinosaurs the ancestors of birds?
I'm not sure, I can't remember that far back (memory is starting to fade). -- Ken linux since 1994 S.u.S.E./openSUSE since 1996 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/02/2015 09:05 AM, Anton Aylward wrote:
On 12/02/2015 08:56 AM, Ken Schneider wrote:
On 12/01/2015 02:11 PM, Anton Aylward wrote:
On 12/01/2015 10:49 AM, Roger Oberholtzer wrote:
Most users want to forget the command line. (Not me. But I am strange in these parts...)
I think that there is enough of us "dinosaurs" here to constitute a herd. Or is it a flock?
I think we would be a herd unless you consider yourself a Pterodactyl. :-)
Aren't dinosaurs the ancestors of birds?
Also, along that line of thinking aren't we all ancestors of fish? That would make it a school. :-) -- Ken linux since 1994 S.u.S.E./openSUSE since 1996 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Dne St 2. prosince 2015 09:15:28, Ken Schneider napsal(a):
On 12/02/2015 09:05 AM, Anton Aylward wrote:
On 12/02/2015 08:56 AM, Ken Schneider wrote:
On 12/01/2015 02:11 PM, Anton Aylward wrote:
On 12/01/2015 10:49 AM, Roger Oberholtzer wrote:
Most users want to forget the command line. (Not me. But I am strange in these parts...)
I think that there is enough of us "dinosaurs" here to constitute a herd. Or is it a flock?
When talking about ground living tetrapods, keep the term „herd“.
I think we would be a herd unless you consider yourself a Pterodactyl. :-)
Aren't dinosaurs the ancestors of birds?
Yes (one particular group, „dinosaurs“ is very wide term), but not the lineage leading to Pterodactyl - that lineage ended up.
Also, along that line of thinking aren't we all ancestors of fish? That would make it a school. :-)
Well, again, all tetrapods are ancestors of one particular fish lineage. The only living „uncle“ is Latimeria. All other fish are more like cousins, not like grant parents... What a nice off-topic discussion. Shouldn't it be moved to appropriate ML? :-) -- Vojtěch Zeisek Komunita openSUSE GNU/Linuxu Community of the openSUSE GNU/Linux http://www.opensuse.org/ http://trapa.cz/
On Tuesday 01 Dec 2015 16:32:27 Koenraad Lelong wrote:
Op 01-12-15 om 16:00 schreef ianseeks:
On Tuesday 01 Dec 2015 09:53:27 Koenraad Lelong wrote:
Hi,
Is it possible to log in as root just after booting ? I only get my non-root user as a possible user. On OS13.2 and before there was a possibility to type the username. Now it seems you can only graphically select users, and root is not available (that I know of).
Thanks,
Koenraad.
If you are using "kdm", you can configure it through the systems setting "system administration/Login Screen", by default its configured to be excluded. "ssdm" doesn't give you that option at all
Hi,
I'm sorry to have caused such a hubub ;-). The reason to log in as root is that as a regular user I lost my taskbar on the LVDS screen of my laptop. I wanted to log in as root and make another user to see what differs from the original user. In the mean time I know how to get the taskbar back. Maybe not orthodox, but it works : I attached my VGA monitor, deleted the old taksbar (fixed on the VGA-screen) and created a new one on the LVDS screen.
Thanks anyway,
Koenraad.
Thats ok but if you want to include a root user on your graphical login, kdm is probably better to use -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Koenraad Lelong wrote:
Hi,
Is it possible to log in as root just after booting ? I only get my non-root user as a possible user. On OS13.2 and before there was a possibility to type the username. Now it seems you can only graphically select users, and root is not available (that I know of).
Thanks,
Koenraad. Good grief, what an awful lot of noise over what is no one else's business.
If you are using SDDM as the login manager, edit /etc/sddm.conf to add the following lines: [Users] HideShells=/usr/sbin/nologin,/bin/false MinimumUid=0 MaximumUid=65000 If any system users show up in the splash screen, you will need to add a "HideUsers=" line to exclude those. Any other login manager should follow the system rules; if you can su to the root account, you should be able to log in as root to the desktop. You might need to verify that root logins are allowed in Yast/User and Group Management. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Fri, 11 Dec 2015 21:33, Darryl Gregorash
Koenraad Lelong wrote:
Hi,
Is it possible to log in as root just after booting ? I only get my non-root user as a possible user. On OS13.2 and before there was a possibility to type the username. Now it seems you can only graphically select users, and root is not available (that I know of).
Thanks,
Koenraad. Good grief, what an awful lot of noise over what is no one else's business.
If you are using SDDM as the login manager, edit /etc/sddm.conf to add the following lines:
[Users] HideShells=/usr/sbin/nologin,/bin/false MinimumUid=0 MaximumUid=65000
If any system users show up in the splash screen, you will need to add a "HideUsers=" line to exclude those.
Any other login manager should follow the system rules; if you can su to the root account, you should be able to log in as root to the desktop. You might need to verify that root logins are allowed in Yast/User and Group Management.
To exclude the usual suspects, start with two lines of: HideUsers=at,bin,daemon,ftp,games,lp,man,news,nobody,uucp HideShells=/bin/false,/sbin/nologin,/usr/sbin/nologin - Yamaban -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Yamaban wrote:
To exclude the usual suspects, start with two lines of:
HideUsers=at,bin,daemon,ftp,games,lp,man,news,nobody,uucp HideShells=/bin/false,/sbin/nologin,/usr/sbin/nologin
Is that a complete list of system accounts that use bash as their login shell? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sat, 12 Dec 2015 00:19, Darryl Gregorash wrote:
Yamaban wrote:
To exclude the usual suspects, start with two lines of:
HideUsers=at,bin,daemon,ftp,games,lp,man,news,nobody,uucp HideShells=/bin/false,/sbin/nologin,/usr/sbin/nologin
Is that a complete list of system accounts that use bash as their login shell?
Yes, exactly that. So gotten from a fresh install of Leap 42.1 Command used: grep -E '/sbin/nologin|/bin/false|:x:100[0-9]:1000:|^root' /etc/passwd|awk '{print $1}' Shells gotten the same way, attn. to the 'near' double of "/sbin/nologin" and "/usr/sbin/nologin" - Yamaban. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (17)
-
Anton Aylward
-
Bernhard Voelker
-
Carl Hartung
-
Darryl Gregorash
-
Felix Miata
-
Freek de Kruijf
-
Greg Freemyer
-
Hans de Faber
-
ianseeks
-
jdd
-
John Andersen
-
Ken Schneider
-
Koenraad Lelong
-
Roger Oberholtzer
-
Roger Price
-
Vojtěch Zeisek
-
Yamaban