[K12OSN] when running ltsp-server-tweaks
Burke Almquist
burke at thealmquists.net
Wed Aug 31 18:16:38 UTC 2011
On Aug 31, 2011, at 7:23 AM, Jim Kinney wrote:
> Bear in mind that blocking direct root login to X and gdm was implemented because of the huge security issues exposed. X already runs with many root privileges due to how X interacts with the hardware layer. Opening pam to allow root login from terminals is flat out dangerous as the security of the password process over the network is an exposure that's not balanced by the convenience. With the exception of gconf editing now requiring an active X session to work, there is no reason for root to ever login anywhere except the actual console of the server and only at the command line.
> Current Linux distros basically should never have a need for direct root login unless the system is being put into single user mode for repairs.
FYI, I didn't try logging in as root on the terminals, just on the server.
More information about the K12OSN
mailing list