> Walter Reed wrote: >> laziness or incompetence. This entire thread is full of a bunch of >> crap about baseless DESIRE but there has yet to be any real concrete >> reasons as to the NEED for GDM level root login. The answer is obvious >> - there ARE no reasons. They don't exist. All that exists is a >> juvenile urge to > > Of course users never *need* to log into gdm as root -- you don't > *need* GDM in the first place -- but it makes things easier in some > cases. On the opposite end, nobody has given a convincing argument > for why you *need* to keep root logins away from gdm!
There are some applications out there that a) must be installed as root and b) can only be installed from a graphical UI installer. Since the default Debian configuration also does not permit root to use a user's X Windows display, this only leaves the option of disbling some of the Debian default "security" measures. Secondly, and related to the above, some applications (e.g. Mozilla and Eclipse) support plugins that can be installed after the main application has been installed. By default, it is usually not possible to install these plugins as any user other than root. I usually add my user to group "staff" and make sure to set perms to g+w and group ownership to "staff" for any directories that will have plugins. Of course, I'm sure this is creating other security wholes. The root/user separation is important, but it isn't the end of the security question. There are many things that the root/user separation does not handle well.
