On Thu, 2003-05-01 at 14:36, Christopher Taylor wrote: > > Walter Reed wrote: > >> laziness or incompetence. This entire thread is full of a bunch of > >> crap about baseless DESIRE but there has yet to be any real concrete > >> reasons as to the NEED for GDM level root login. The answer is obvious > >> - there ARE no reasons. They don't exist. All that exists is a > >> juvenile urge to > > > > Of course users never *need* to log into gdm as root -- you don't > > *need* GDM in the first place -- but it makes things easier in some > > cases. On the opposite end, nobody has given a convincing argument > > for why you *need* to keep root logins away from gdm! > > There are some applications out there that a) must be installed as root > and b) can only be installed from a graphical UI installer. Since the > default Debian configuration also does not permit root to use a user's X > Windows display, this only leaves the option of disbling some of the > Debian default "security" measures. > Secondly, and related to the above, some applications (e.g. Mozilla and > Eclipse) support plugins that can be installed after the main application > has been installed. By default, it is usually not possible to install > these plugins as any user other than root. I usually add my user to group > "staff" and make sure to set perms to g+w and group ownership to "staff" > for any directories that will have plugins. Of course, I'm sure this is > creating other security wholes. > The root/user separation is important, but it isn't the end of the > security question. There are many things that the root/user separation > does not handle well.
Root can use a user's X display if you don't grab root's env by not passing the "-" argument to "su". You can also run X apps using sudo. I have done both of these with Debian's default security settings. I have never found a need to run X as root. -- Lisp Users: Due to the holiday next Monday, there will be no garbage collection. Thomas E Jenkins <[EMAIL PROTECTED]>
