[opensuse] root login via graphic console
On a 12.1 system, I cannot log in as root via KDM/XDM. I remember this change from a while back and have made these changes in /etc/sysconfog/displaymanager: DISPLAYMANAGER_ROOT_LOGIN_REMOTE="yes" DISPLAYMANAGER_ROOT_LOGIN_LOCAL="yes" DISPLAYMANAGER_SHUTDOWN="all" In addition, in /etc/sysconfig/security, I have: PERMISSION_SECURITY="easy local" Nonetheless, I get a popup that root logins are not allowed. Did I miss a setting? The system is up-to-date, running KDE 4.9.4 Yours sincerely, Roger Oberholtzer Ramböll RST / Systems Office: Int +46 10-615 60 20 Mobile: Int +46 70-815 1696 roger.oberholtzer@ramboll.se ________________________________________ Ramböll Sverige AB Krukmakargatan 21 P.O. Box 17009 SE-104 62 Stockholm, Sweden www.rambollrst.se -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2012-12-14 12:05, Roger Oberholtzer wrote:
Nonetheless, I get a popup that root logins are not allowed. Did I miss a setting? The system is up-to-date, running KDE 4.9.4
Try another desktop, to see if kde is the problem. - -- Cheers / Saludos, Carlos E. R. (from 12.1 x86_64 "Asparagus" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlDLCZMACgkQIvFNjefEBxqbBwCgy0kLZZlzfM0kflXFZNMRecTo wSIAn2/w12sCFPD7j6fa+s1piq0Us4/k =jgrv -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Fri, 2012-12-14 at 12:12 +0100, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2012-12-14 12:05, Roger Oberholtzer wrote:
Nonetheless, I get a popup that root logins are not allowed. Did I miss a setting? The system is up-to-date, running KDE 4.9.4
Try another desktop, to see if kde is the problem.
All desktops (ICE, MWM, Metcity) give the same denial. The problem is that a user has done a new 12.1 install and did not create a user at that time. Resulting in no chance of a GUI login. Period. Character login on a VT or ssh as root works. So I have made a user that he can log in as and then su to root for the remaining system maintenance. But this is an issue I need to solve so it can be handled 'properly'. I am fairly certain this will be a common problem as more users update to 12.1 (and presumably 12.2.) Yours sincerely, Roger Oberholtzer Ramböll RST / Systems Office: Int +46 10-615 60 20 Mobile: Int +46 70-815 1696 roger.oberholtzer@ramboll.se ________________________________________ Ramböll Sverige AB Krukmakargatan 21 P.O. Box 17009 SE-104 62 Stockholm, Sweden www.rambollrst.se -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/14/2012 06:42 AM, Roger Oberholtzer pecked at the keyboard and wrote:
On Fri, 2012-12-14 at 12:12 +0100, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2012-12-14 12:05, Roger Oberholtzer wrote:
Nonetheless, I get a popup that root logins are not allowed. Did I miss a setting? The system is up-to-date, running KDE 4.9.4
Try another desktop, to see if kde is the problem.
All desktops (ICE, MWM, Metcity) give the same denial.
The problem is that a user has done a new 12.1 install and did not create a user at that time. Resulting in no chance of a GUI login. Period.
Character login on a VT or ssh as root works. So I have made a user that he can log in as and then su to root for the remaining system maintenance.
But this is an issue I need to solve so it can be handled 'properly'. I am fairly certain this will be a common problem as more users update to 12.1 (and presumably 12.2.)
I have no problems logging in as root on 12.1 or 12.2 using the KDM login window. It would appear to be a problem with a setting on that machine. -- Ken Schneider SuSe since Version 5.2, June 1998 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Op 14-12-12 14:29, Ken Schneider - openSUSE schreef:
On 12/14/2012 06:42 AM, Roger Oberholtzer pecked at the keyboard and wrote:
On Fri, 2012-12-14 at 12:12 +0100, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2012-12-14 12:05, Roger Oberholtzer wrote:
Nonetheless, I get a popup that root logins are not allowed. Did I miss a setting? The system is up-to-date, running KDE 4.9.4
Try another desktop, to see if kde is the problem.
All desktops (ICE, MWM, Metcity) give the same denial.
The problem is that a user has done a new 12.1 install and did not create a user at that time. Resulting in no chance of a GUI login. Period.
Character login on a VT or ssh as root works. So I have made a user that he can log in as and then su to root for the remaining system maintenance.
But this is an issue I need to solve so it can be handled 'properly'. I am fairly certain this will be a common problem as more users update to 12.1 (and presumably 12.2.)
I have no problems logging in as root on 12.1 or 12.2 using the KDM login window. It would appear to be a problem with a setting on that machine.
I had the same problem some time ago. It was unsolvable. Due to many reasons i reinstalled, and reformatted, throwing lvm away, using the expert partition set-up. After reinstalling, the problem was gone. In my case i am absolutely sure it was lvm, that was the cause, because no partitioner supported it, not Gparted live, and even Knoppix most recent version, and the KDE-Live 122 could not see/mount the partitions in that lvm set-up. Install was oS122. -- Have a nice day.. Oddball. OS: Linux 3.7.0-rc8-4-desktop i686 Huidige gebruiker: odd@Eeepc-seashell4c Systeem: openSUSE 12.2 (i586) KDE: 4.9.4 "release 4" -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Fri, 2012-12-14 at 08:29 -0500, Ken Schneider - openSUSE wrote:
On 12/14/2012 06:42 AM, Roger Oberholtzer pecked at the keyboard and wrote:
On Fri, 2012-12-14 at 12:12 +0100, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2012-12-14 12:05, Roger Oberholtzer wrote:
Nonetheless, I get a popup that root logins are not allowed. Did I miss a setting? The system is up-to-date, running KDE 4.9.4
Try another desktop, to see if kde is the problem.
All desktops (ICE, MWM, Metcity) give the same denial.
The problem is that a user has done a new 12.1 install and did not create a user at that time. Resulting in no chance of a GUI login. Period.
Character login on a VT or ssh as root works. So I have made a user that he can log in as and then su to root for the remaining system maintenance.
But this is an issue I need to solve so it can be handled 'properly'. I am fairly certain this will be a common problem as more users update to 12.1 (and presumably 12.2.)
I have no problems logging in as root on 12.1 or 12.2 using the KDM login window. It would appear to be a problem with a setting on that machine.
I have two 12.1 machines and they both do this. One is an install from the original openSUSE 12.1 image that has been kept up-to-date (not factory). In fact, I only discovered this was the case on that machine when the other (second) 12.1 install demonstrated the issue and I tried it. The second machine is a new install from a KIWI OEM image. The OEM image was built from the original openSUSE12.1, with updated and a move to KDE 4.9.4. So one has has a commonly used update path and the other has jumped to the current update. But both have the same issue. Could it be that whatever RPM contains the stuff to deal with this is not the one it should be? Yours sincerely, Roger Oberholtzer Ramböll RST / Systems Office: Int +46 10-615 60 20 Mobile: Int +46 70-815 1696 roger.oberholtzer@ramboll.se ________________________________________ Ramböll Sverige AB Krukmakargatan 21 P.O. Box 17009 SE-104 62 Stockholm, Sweden www.rambollrst.se -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/14/2012 12:42 PM, Roger Oberholtzer wrote:
The problem is that a user has done a new 12.1 install and did not create a user at that time. Resulting in no chance of a GUI login. Period.
sorry, but i wonder how to do that? would it be that during the install, when on slide #8 of this preview http://doc.opensuse.org/documentation/html/openSUSE/opensuse-startup/art.osu... the person making the install just clicks "Next" leaving blank user name and password blocks??? is that possible? will the script allow that? (should that be changed??) if it is possible then wouldn't the primary user's name be "" (blank or maybe carriage return??) and password the same ""?? in other words wouldn't there be a /home//Desktop and etc.. and, if that page were untouched but clicked "Next" it would be set to auto log-in as "" and the machine book up user "" using password "" ?? and, root would share the "" password.. finally, if all of that is possible (and what happened) there would be no need to log into the GUI as root, instead just ssh in as root, launch ncurses YaST, nav to the security and users section and change the name and password of the user with UID of 1000, previously named "" to Tom or (whatever)...and give Tom a password longer than "". sorry, i don't have a VM handy to try all of that....and i wonder what i missed...? dd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Fri, 2012-12-14 at 15:56 +0100, DenverD wrote:
On 12/14/2012 12:42 PM, Roger Oberholtzer wrote:
The problem is that a user has done a new 12.1 install and did not create a user at that time. Resulting in no chance of a GUI login. Period.
sorry, but i wonder how to do that?
would it be that during the install, when on slide #8 of this preview http://doc.opensuse.org/documentation/html/openSUSE/opensuse-startup/art.osu... the person making the install just clicks "Next" leaving blank user name and password blocks???
is that possible? will the script allow that? (should that be changed??)
It is possible. You don't have to do anything funny for this to happen. Just select not to make a user. Just do not expect to be able to do a GUI login directly.
if it is possible then wouldn't the primary user's name be "" (blank or maybe carriage return??) and password the same ""??
in other words wouldn't there be a /home//Desktop and etc..
No. the step can simple be skipped during install.
and, if that page were untouched but clicked "Next" it would be set to auto log-in as "" and the machine book up user "" using password "" ??
and, root would share the "" password..
finally, if all of that is possible (and what happened) there would be no need to log into the GUI as root, instead just ssh in as root, launch ncurses YaST, nav to the security and users section and change the name and password of the user with UID of 1000, previously named "" to Tom or (whatever)...and give Tom a password longer than "".
On a single computer in a garage (these are going in to vehicles), there may not be a network to ssh from. Better to switch to a virtual terminal on the console and make a user there. Just to clarify: we do not run as root. But we do run in KDE. If you do not make a non-root user during the install, you cannot do this until you somehow make a non-root user. On new systems, we usually like to make users after we install our software (as root as it installs in /opt) as we add things to /etc/skel that we expect users to start with. Yours sincerely, Roger Oberholtzer Ramböll RST / Systems Office: Int +46 10-615 60 20 Mobile: Int +46 70-815 1696 roger.oberholtzer@ramboll.se ________________________________________ Ramböll Sverige AB Krukmakargatan 21 P.O. Box 17009 SE-104 62 Stockholm, Sweden www.rambollrst.se -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/14/2012 11:34 AM, Roger Oberholtzer pecked at the keyboard and wrote:
On Fri, 2012-12-14 at 15:56 +0100, DenverD wrote:
On 12/14/2012 12:42 PM, Roger Oberholtzer wrote:
The problem is that a user has done a new 12.1 install and did not create a user at that time. Resulting in no chance of a GUI login. Period.
edit /etc/sysconfig/displaymanager and search for root. Change the setting for DISPLAYMANAGER_ROOT_LOGIN_LOCAL to yes. After this run SuSEconfig for the changes to take place and you should then be able to login to the displaymanager as root.
HTH -- Ken Schneider SuSe since Version 5.2, June 1998 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Fri, 2012-12-14 at 11:52 -0500, Ken Schneider - openSUSE wrote:
On 12/14/2012 11:34 AM, Roger Oberholtzer pecked at the keyboard and wrote:
On Fri, 2012-12-14 at 15:56 +0100, DenverD wrote:
On 12/14/2012 12:42 PM, Roger Oberholtzer wrote:
The problem is that a user has done a new 12.1 install and did not create a user at that time. Resulting in no chance of a GUI login. Period.
edit /etc/sysconfig/displaymanager and search for root. Change the setting for DISPLAYMANAGER_ROOT_LOGIN_LOCAL to yes. After this run SuSEconfig for the changes to take place and you should then be able to login to the displaymanager as root.
/etc/sysconfog/displaymanager: DISPLAYMANAGER_ROOT_LOGIN_REMOTE="yes" DISPLAYMANAGER_ROOT_LOGIN_LOCAL="yes" DISPLAYMANAGER_SHUTDOWN="all" /etc/sysconfig/security: PERMISSION_SECURITY="easy local" Nonetheless, I get a popup that "root logins are not allowed". Did I miss a setting? The system is up-to-date, running KDE 4.9.4. It makes no difference which desktop I choose.
HTH -- Ken Schneider SuSe since Version 5.2, June 1998
Yours sincerely, Roger Oberholtzer Ramböll RST / Systems Office: Int +46 10-615 60 20 Mobile: Int +46 70-815 1696 roger.oberholtzer@ramboll.se ________________________________________ Ramböll Sverige AB Krukmakargatan 21 P.O. Box 17009 SE-104 62 Stockholm, Sweden www.rambollrst.se -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2012-12-14 18:04 (GMT+0100) Roger Oberholtzer composed:
/etc/sysconfog/displaymanager:
DISPLAYMANAGER_ROOT_LOGIN_REMOTE="yes" DISPLAYMANAGER_ROOT_LOGIN_LOCAL="yes" DISPLAYMANAGER_SHUTDOWN="all"
/etc/sysconfig/security:
PERMISSION_SECURITY="easy local"
Nonetheless, I get a popup that "root logins are not allowed". Did I miss a setting? The system is up-to-date, running KDE 4.9.4.
It makes no difference which desktop I choose.
I wouldn't know about other desktops, but I don't recall any of the above actually enabling root login in kdm, tdm or kdm4. 90+% of the time I create only the root user during installation and use a script to create groups and users later. Root login I enable in kdmrc, which I aways need to edit anyway for a bunch of other reasons. -- "The wise are known for their understanding, and pleasant words are persuasive." Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/14/2012 06:04 PM, Roger Oberholtzer wrote:
Nonetheless, I get a popup that "root logins are not allowed". Did I miss a setting?
after SuSEconfig, restart X, e.g. via init 3 and (after a few secs) init 5. Have a nice day, Berny -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Fri, 2012-12-14 at 18:27 +0100, Bernhard Voelker wrote:
On 12/14/2012 06:04 PM, Roger Oberholtzer wrote:
Nonetheless, I get a popup that "root logins are not allowed". Did I Rather miss a setting?
after SuSEconfig, restart X, e.g. via init 3 and (after a few secs) init 5.
I took the brute force approach and rebooted. Just so there is no discussion about a setting net being used. Makes no difference. Root login is denied in the GUI.
Have a nice day,
Thx. It usually is. -- Yours sincerely, Roger Oberholtzer OPQ Systems / Ramböll RST Office: Int +46 10-615 60 20 Mobile: Int +46 70-815 1696 roger.oberholtzer@ramboll.se ________________________________________ Ramböll Sverige AB Krukmakargatan 21 P.O. Box 17009 SE-104 62 Stockholm, Sweden www.rambollrst.se -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2012-12-14 11:52 (GMT-0500) Ken Schneider - openSUSE composed:
run SuSEconfig for the changes to take place
This may work through 12.2, but that should be the last release it could work in. SuSEconfig is on the chopping block: https://bugzilla.novell.com/show_bug.cgi?id=782122 -- "The wise are known for their understanding, and pleasant words are persuasive." Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/14/2012 12:05 PM, Roger Oberholtzer wrote:
On a 12.1 system, I cannot log in as root via KDM/XDM.
Nobody said this before, so I'll do it (for novice readers): Logging in as root via KDM/XDM is a security risk. Many programs which are run during that which may or may not be designed to be run as root. So you 99.999% simply won't even want to even think about that you want to do such a thing. If you need root privileges in a GUI session, e.g. for Yast2, then login as a normal user, then "su root -" in a terminal and then start that program. In your case, it seems overkill to change the login manager's settings in order to login as root, just in order to create a new user account (even if it is the first one). Go to tty1 by pressing CTRL-ALT-F1, and login as root there; yast2 has a nice curses-based mode there. Have a nice day, Berny -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Fri, 2012-12-14 at 18:09 +0100, Bernhard Voelker wrote:
On 12/14/2012 12:05 PM, Roger Oberholtzer wrote:
On a 12.1 system, I cannot log in as root via KDM/XDM.
Nobody said this before, so I'll do it (for novice readers):
Logging in as root via KDM/XDM is a security risk. Many programs which are run during that which may or may not be designed to be run as root.
So you 99.999% simply won't even want to even think about that you want to do such a thing.
If you need root privileges in a GUI session, e.g. for Yast2, then login as a normal user, then "su root -" in a terminal and then start that program.
In your case, it seems overkill to change the login manager's settings in order to login as root, just in order to create a new user account (even if it is the first one). Go to tty1 by pressing CTRL-ALT-F1, and login as root there; yast2 has a nice curses-based mode there.
So perhaps the openSUSE install should not allow one to do an install without creating a non-root user. We do not use the root GUI login very often. I am sure I could convince the users that they do not need to bother with it. But if they forget to make a non-root user during install additional recovery steps are needed just to be able to log in via the GUI.
Have a nice day, Berny
Yours sincerely, Roger Oberholtzer Ramböll RST / Systems Office: Int +46 10-615 60 20 Mobile: Int +46 70-815 1696 roger.oberholtzer@ramboll.se ________________________________________ Ramböll Sverige AB Krukmakargatan 21 P.O. Box 17009 SE-104 62 Stockholm, Sweden www.rambollrst.se -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2012-12-14 18:15 (GMT+0100) Roger Oberholtzer composed:
So perhaps the openSUSE install should not allow one to do an install without creating a non-root user.
Please do not change it. This is an annoying misfeature of Mandriva/Mageia's and some other Linux installers that I have to create user nosuchuser/###(#) during installation then delete it afterwards so that my choice of users, userids and groupids are all there are. -- "The wise are known for their understanding, and pleasant words are persuasive." Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Fri, Dec 14, 2012 at 12:05:47PM +0100, Roger Oberholtzer wrote:
On a 12.1 system, I cannot log in as root via KDM/XDM. I remember this change from a while back and have made these changes in /etc/sysconfog/displaymanager:
DISPLAYMANAGER_ROOT_LOGIN_REMOTE="yes" DISPLAYMANAGER_ROOT_LOGIN_LOCAL="yes" DISPLAYMANAGER_SHUTDOWN="all"
In addition, in /etc/sysconfig/security, I have:
PERMISSION_SECURITY="easy local"
Nonetheless, I get a popup that root logins are not allowed. Did I miss a setting? The system is up-to-date, running KDE 4.9.4
Please test this with KDE 4.8.5 as included with openSUSE 12.2 and check if it works there or not. Independent: file a defect report and reference this thread from the list archive in the bug report and later report the bug ID back to this thread. Cheers, Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team + SUSE Labs SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany
On Fri, 2012-12-14 at 19:05 +0100, Lars Müller wrote:
On Fri, Dec 14, 2012 at 12:05:47PM +0100, Roger Oberholtzer wrote:
On a 12.1 system, I cannot log in as root via KDM/XDM. I remember this change from a while back and have made these changes in /etc/sysconfog/displaymanager:
DISPLAYMANAGER_ROOT_LOGIN_REMOTE="yes" DISPLAYMANAGER_ROOT_LOGIN_LOCAL="yes" DISPLAYMANAGER_SHUTDOWN="all"
In addition, in /etc/sysconfig/security, I have:
PERMISSION_SECURITY="easy local"
Nonetheless, I get a popup that root logins are not allowed. Did I miss a setting? The system is up-to-date, running KDE 4.9.4
Please test this with KDE 4.8.5 as included with openSUSE 12.2 and check if it works there or not.
It did work there. We had a KIWI image based on that and the user was able to do the expected root login. When I updated the KIWI OEM image to 4.9.4 the behavior changed. And my laptop had 4.9.4 via a more traditional route and it fails. So I think a defect report is in order. Some time this weekend.
Independent: file a defect report and reference this thread from the list archive in the bug report and later report the bug ID back to this thread.
Cheers,
Lars
-- Yours sincerely, Roger Oberholtzer OPQ Systems / Ramböll RST Office: Int +46 10-615 60 20 Mobile: Int +46 70-815 1696 roger.oberholtzer@ramboll.se ________________________________________ Ramböll Sverige AB Krukmakargatan 21 P.O. Box 17009 SE-104 62 Stockholm, Sweden www.rambollrst.se -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (8)
-
Bernhard Voelker -
Carlos E. R. -
DenverD -
Felix Miata -
Ken Schneider - openSUSE -
Lars Müller -
Oddball -
Roger Oberholtzer