On Fri, Nov 13, 2009 at 7:24 PM, Mick <michaelkintz...@gmail.com> wrote: > On Thursday 12 November 2009 23:08:18 Iain Buchanan wrote: >> On Thu, 2009-11-12 at 22:18 +0000, Mick wrote: >> > On Thursday 12 November 2009 22:09:01 Alan McKinnon wrote: >> > > Gdm itself has a config option to disallow root logins >> > >> > Ahh, unfortunately I can only access it remotely via ssh at this stage. >> > Hopefully the pam method will work fine. >> >> You don't need anything more to configure gdm than ssh access - this is >> Linux after all & a good program has text based configurations :) >> >> Edit /etc/X11/gdm/custom.conf >> >> In the section [security] add: >> AllowRoot=false > > Thanks for this! :-) > >> You may then have to restart xdm. >> >> However, if someone has the root password to log in to X, then what's to >> stop them changing anything you do now? > > Know how? > -- > Regards, > Mick
Approach security a little more sanely and don't give untrusted users root access? If you have to take steps to restrict the root account, you need to rethink who has use of it. Preventing damage in the event that the system *does* get compromised is one thing, but trying to control someone who is *given* access to root on the software side is the wrong approach, in my incredibly non-humble opinion. -- Poison [BLX] Joshua M. Murphy
