Lock screen does not work for root in gnome

[Matthew Miller]

On Tue, Oct 19, 2004 at 08:19:10PM +0200, Kyrre Ness Sjobak wrote:
> If the user does that, that is indeed the users problem. If the user
> wants to kill his/her box with a shotgun (i heard sombody did that to an
> old (not then, but...) mac when it didn't do as she told it to...), they
> are in their full right to do so.

Yeah, but I'm concerned that this doesn't _seem_ like taking a shotgun to
the box to an uninformed user. It'll just seem like one of those nuisance
dialog boxes web browsers give you like "Warning! You are connecting to a
secure site! All of your traffic will be encrypted! [ ] Never show this
message again."

> Anyway, how much is a computer that the user cant use because it is to
> tigthly locked up, worth? Why dont we remove tcp/ip altogether? Or
> simply the kernel? If the user cant boot it, then it is *really* secure.
> And make it forget all data that is saved to disk, just to make sure
> that it cant be read later by somebody evil?

This reduction can go the other way. Why set a root password during the
install? Why not just have all of the services preconfigured and running
wide open to the internet? Why not make everything mode 777?

> Security can go to far. I do not think security is a bad thing - i just
> think that it should not get in the way when it is not nesessary.

In this case, it's not getting in the way. There's no reason to need to log
in to X as root. (The need to run the authconfig X gui is a special case,
and can be resolved by either using the text-mode tools, or by getting a
proper fix to <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=55193>.)
(If you're really concerned about this in an enterprise environment, having
a non-root local account with a UID < 100 may be a good idea. But it's not
necessary in the general case.)


-- 
Matthew Miller           mattdm at mattdm.org        <http://www.mattdm.org/>
Boston University Linux      ------>                <http://linux.bu.edu/>