On Fri, 2003-08-01 at 00:49, Bill Mullen wrote: > On Thu, 31 Jul 2003, James Sparenberg wrote: > > > On Thu, 2003-07-31 at 13:24, Bill Mullen wrote: > > > On Thu, 31 Jul 2003, Felix Miata wrote: > > > > > > > Looks like this is my only option. I can't figure out any way to > > > > tell mdkKDM I want to login as root instead of regular user. > > > > > > I hate to bring up something that's been rehashed over and over again > > > in so many forums, but I must ask, why do you feel any need at *all* > > > to log into a full-blown X session as root? I have /never/ needed to > > > do this (I'm not saying I've never done it, just that in retrospect > > > I've never *needed* to, and I haven't done so for a very long time > > > now). Frankly I just don't understand how this can ever be neccessary, > > > or even all that helpful, to anyone; the risks, OTOH, are considerable > > > and, to my way of thinking, are entirely and easily avoidable merely > > > by never doing that. > > > > > > Enlighten me, would you? :) > > > > It's his box... he want's to. That is all the reason in the world. > > If he wants to, fine. If someone else wants to tell him how, fine. I was > merely trying to get him to examine his thinking, and perhaps come to the > realization that he is taking risks of which he may not be aware by doing > this, and that there are safer alternative ways to do what he wants done. > That seems to me to be a worthwhile effort, and experience that is worth > imparting to others whenever possible. > > I also take issue with the notion that this is Gatesian thinking; I never > said he *couldn't* do it. What I tried to get across is that IMHO it is > not a sound and justifiable systems administration practice to do so. I am > fully aware that the details of how to accomplish it are readily available > from a plethora of sources, and I was also fairly confident that someone > else would come right along and provide them for him here. My concern was > only that the inadvisability of it might not get brought up if I failed to > mention it myself. So I did. > > > I've done it a number of times. Why?... I build boxes for people and > > when I build the box it has no user. I nonetheless have to > > configure/setup the box and the only option is to log in as root. > > (much cleaner than creating / deleting a user just to su to root. and I > > rarely know who I'm building it for, only that I have to build X number > > of boxes.) > > I disagree that it is "much cleaner", as creating and then later deleting > a user is such a trivial exercise. Trivial ... probably if you only do one box... not if you have to build install and test 20 30 or more boxes at the same time. (thank god for PXE) > Moreover, I don't see how you can test > the configuration of these boxes without creating a user, because without > having done so, all you've determined is that everything works properly as > root - which essentially tells you nothing about whether or not what you > have set up will work just as you expect it to when logged in as a user. > > I see this as the central fallacy of the "I have to run X as root" mode of > thinking ... it seems to me to be far simpler, as well as far safer, to do > one's configuring while logged in as a user (from a su-ed terminal session > or a GUI tool that has been given root privileges, such as drakconf), so > that one can easily and immediately test that configuration /as a user/. > So it's not only a sounder practice, it's a quicker one as well. ;) > > Do I do it often on my home box? .... no. But I do, do it. I can't do > > any more damage that way than I can as a normal user and su/sudo. > > No, you can't do *more* damage, but you can do inadvertent damage *much* > more easily; the GUI's whole function is to make things easier,
You forget one rule of thumb here... gui's lie. They tell you you can only do say.... 5 things. When in fact from the command line editing code and config files you could do a lot more. > and that > applies to root blunders just as much as anything else. :) Also, since the > X server itself is now running as root, One of the big reasons it does I'm told is so that users can run root programs without doing the even more dangerous xhost + localhost > you are somewhat more (needlessly) > vulnerable to exploits originating from elsewhere. This becomes especially > important if among the remaining configuration tasks is the locking down > of the box. Wanna bet... 2 days ago I helped someone recover because he'd learned rm * (btw it was RH where the default isn't aliased to -i )... and did it in the wrong directory. (he'd meant to do rm core* but forgot the core) Now tell me... is there a gui equivilent to that? In a gui he would have gone to a file manager selected the core dumps and pressed delete. One reason for starting people with a gui over command line. It's easier to "see" where you are and what you are doing. It's much harder to do the rm * equivalent in a gui. In fact gui's often have more "failsafes" than the command line. What is the diff between logging in as root and running MCC or su'ing to root and running it? Nada. > > > I also do a lot of "repairs" to boxes. I often login directly as root so > > that I can do repairs because I don't have a user on the box. > > I can understand that, but I don't see where the GUI needs to be involved. > Drakconf will run just fine in a vtty, for example, as will programs like > linuxconf (*ptui!* <g>), sndconfig, XFdrake, etc. etc.; many other common > configuration and/or repair tools are CLI only, of course. How is running > an X server as root (much less an entire DE) truly *necessary* here? wish it was always MDK ... but it's not. Slack FreeBSD RH (and boy o boy do I get frustrated with RH) and more. It also allows me to have 6 or 7 term windows open at one time. A number of embedded systems I've dealt with (POS systems for example) only have root. Not all linux boxes are generic desktops. > > And after all, it *is* just my $0.02USD. It's your machine. ;)
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
