Announcing Fedora 11 Alpha (blink)
John Summerfield
debian at herakles.homelinux.org
Mon Feb 9 15:02:48 UTC 2009
Patrick O'Callaghan wrote:
> On Mon, 2009-02-09 at 23:16 +0900, John Summerfield wrote:
>> > Yes, as one fellow said on Fedora forums (about the removal of root
>>> login in GDM) "Do I hear the sound of training wheels being welded
>> into
>>> place?
>> Oh, so it wasn't me being senile.
>>
>> So one can install a system with only a root account, and then can't
>> logon. Absolutely brrriliant!!. And absolutely pointless when root can
>> login at a console!
>
> The normal install process asks you to create a non-root user. And
> people who know what they're talking about strongly recommend not
> running a full desktop as root. Logging into a console as root is a
> significantly different situation.
>
> Plus of course you can still do it if you want. In fact kdm doesn't stop
> you, just gdm.
>
> Have you actually read the discussion about this (I mean on this list,
> not upsteam)?
No, I just thought I was going even more senile when I had the problem.
A lot of my systems are for testing and can be discarded at will. There
are no other users around, there are no internet-facing services, two or
more layers of firewall and I don't use torrents or the like.
That aside, any security afforded by prohibiting root logins is minimal.
It used to be said X was feeble and prone to falling over at the drop of
a hat and enabling all kinds of mean and nasty things to take place.
That really isn't so any more.
Finally, when all is said and done, security is _my_ problem. I do
expect that any sensible operating system will include tools to manage
security and documentation of those tools, but it should be _my_ choice
whether root can login, whether control-alt-bs kills X and whether
system-req+B does an instant reboot.
--
Cheers
John
-- spambait
1aaaaaaa at coco.merseine.nu Z1aaaaaaa at coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
More information about the fedora-test-list
mailing list