[K12OSN] when running ltsp-server-tweaks
Jim Kinney
jim.kinney at gmail.com
Wed Aug 31 12:23:05 UTC 2011
Bear in mind that blocking direct root login to X and gdm was implemented
because of the huge security issues exposed. X already runs with many root
privileges due to how X interacts with the hardware layer. Opening pam to
allow root login from terminals is flat out dangerous as the security of the
password process over the network is an exposure that's not balanced by the
convenience. With the exception of gconf editing now requiring an active X
session to work, there is no reason for root to ever login anywhere except
the actual console of the server and only at the command line.
Current Linux distros basically should never have a need for direct root
login unless the system is being put into single user mode for repairs.
On Aug 31, 2011 8:03 AM, "Gianugo Altieri" <gianugo.altieri at gmail.com>
wrote:
> On 08/31/2011 01:43 PM, Jim Kinney wrote:
>>
>> Hmm. I tried direct login as root and was blocked. Thus the startx
>> process.
>>
>> On Aug 30, 2011 10:45 PM, "Burke Almquist" <burke at thealmquists.net
>> <mailto:burke at thealmquists.net>> wrote:
>> >
>> > On Aug 29, 2011, at 4:49 PM, Jim Kinney wrote:
>> >
>> >> gconftool-2 requires that the gconfd be runing. But as a non-root
>> user, you can't edit the /etc/gconf file space. So....
>> >>
>> >> boot the server but DON'T login at the gui screen.
>> > You CAN log in as root at the GUI screen, you just need to enter the
>> username and password manually.
>> >
>> >
>> >
>> >> Instead, hit ctl-alt-f2 and get a normal terminal shell instead.
>> Login as root.
>> >>
>> >> now run: telinit 3
>> >>
>> >> This will stop the X login process
>> >>
>> >> now run startx
>> >>
>> >
>> >
>> >
>> >
>> > _______________________________________________
>> > K12OSN mailing list
>> > K12OSN at redhat.com <mailto:K12OSN at redhat.com>
>> > https://www.redhat.com/mailman/listinfo/k12osn
>> > For more info see <http://www.k12os.org>
>>
>>
>> _______________________________________________
>> K12OSN mailing list
>> K12OSN at redhat.com
>> https://www.redhat.com/mailman/listinfo/k12osn
>> For more info see<http://www.k12os.org>
>
> When I need a graphical login as root, I edit this file:
> /etc/pam.d/gdm
> and I comment (#) this line:
> # auth required pam_succeed_if.so user != root quiet
>
> then I edit this file:
> /etc/pam.d/gdm-password
> and I comment (#) this line:
> # auth required pam_succeed_if.so user != root quiet
>
> Then I can graphically login as root both from server and from terminals
>
> Best
> Gianugo Altieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20110831/30f6c909/attachment.htm>
More information about the K12OSN
mailing list