On Monday 04 August 2003 04:13 am, Buchan Milne wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Ken Thompson wrote: > > On Sunday 03 August 2003 06:20 pm, Robert L Martin wrote: > > > > I think something along this line is what I was trying to get accross.. I > > wasn't at all emotional, just pointing out that many others don't like > > mdkkdm > > > and that I personally detest it. NO, the reason I detest it is not > > because I > > > can't log in as root automatically, I very seldom log in as root, BUT > > I want > > > the choice. > > The choice to log in as root? But you just said that was *not* the > reason you didn't like it. "Simply being able to log out of KDE and relogin as what ever user I choose, root or otherwise, is in my opinion a better way to use the ^^^^^^^^^^^^^^^^^^^^^^^^^^ flexibility of Linux.."
Logging in as root is really not the issue, being able to type the name/password pair of any user of my choice is the issue. As has been mentioned, with many users, which I don't have, the icon list is too big to be comfortable. So, what I'm saying is simply this, leave the text box for user name and password input there. Make it possible to type in the name/password pair of CHOICE and be able to log in as what ever user you choose. As it is now, the only login choice is the users shown with icons and no way to type in a username/password pair . If security is in question, then simply configure mdkkdm to not show any user icons requiring the person logging in to know the username/password pair in order to log in by default and then let the owner of the box make any changes he/she wants. > So, if root login was possible by default with mdkkdm (you can easily do > this, although root will then appear in the icon list), would you then > not detest it? No, I still feel it's an issue of choice, not of being able to log in as root. In fact, I do have the root user showing as an icon and don't really care to have it that way, it would be a bit more secure if all I needed to do was type root in the username space and then the proper password.. > > There are times when logging in as root can make things much > > simpler than trying to remember the CLI command for a given program and > > having to Ctrl-Alt-F1, log in as root, init 3 and startx is way too much > > trouble.. > > Well, maybe you should list the programs you want to be able to run as > root from a menu, and they can be fixed to run via kdesu or similar. I > assume you weren't wanting to run OpenOffice.org, Mozilla, etc etc as > root. The programs that you can run as root directly from the menu on a > default installation are: > - -konqueror > - -konsole > - -most non-desktop entries in the Configuration sub-menu, except for some > of those in Configuration->Other I agree, and 99.9% of the time this is exactly the way I do it. > If thet tool you want to run as root is not configured as such by > default, all you have to do (in KDE) is drag and drop the menu entry to > your desktop (or the quick-start bar), > right-click->properties->execute->"Run as different user"->root. I also use this. As mentioned above, the issue is not one of logging in as root, or even using root priv's, it's one of choice, to be able to log in as any user I choose at any time I choose, including root.. > > Simply being able to log out of KDE and relogin as what ever user > > I choose, root or otherwise, is in my opinion a better way to use the > > flexibility of Linux.. > > Sounds like "insecure by default", which linux cannot afford to be now > that MS is actually working very hard on security. Not at all, this is NOT what I want or need.. It took me a long time to get used to using the user account (I have been doing this for several years) and I feel uncomfortable running with full root priv's like windows. All I'm saying is this: it's my system, warn me loud and long about possible mistakes but don't try to take away my ability to either fix it or screw it up. Take a look at history, DOS, pretty powerful, you were only limited by your own knowledge. Windows 3.1, less power, you had to hunt for common utilities or revert to the command window. Windows 95, less personal usability - more wizard type stuff but still had the "Windows Explorer" (file manager). Windows 98 pretty much the same as 95. Internet Explorer 4.0 shows up with "Single Click" navigation enabled by default. Version 5.0 reverts to double click. Now along comes ME, windows explorer opens "My Documents" not the file manager. Windows 2000/XP same.. And all in the name of convenience and usability.. Phooy! I see mdk headed the same way so I make a bit of a fuss from time to time. > Until we have a "best practices for administrative accounts" or similar > document which the user will easily find (win2k3 has a document like > this) which suggests never logging in as root etc etc (win2k3 suggests > that you should never log in as Domain Admin, you should change the > default "Administrator" account username, and disable the "Schema Admin" > group on the Domain Controller), I don't think it is wise to make it > easy to log in as root. Not easy in the sense of "by default" but easy in the sense of having it available if needed ! > Regards, > Buchan > It's about time windows got some security sense <G>.. I'm not really trying to be a pain, just trying to give my feelings on this subject. I'm not an expert guru but I have been using Linux since 1996 and Mandrake since 1999 so I am aware of the security issues involved in running as root.. -- Ken Thompson -- WA7SYR Payette, Idaho
