> >>Disable root graphical logins. > >> > >>Period. > >> > >>make it so gdm or kdm or xdm just exit. > >> > >>hell, you could make the xinitrc script handle it: > >> > >>if your uid is 0 then you throw up a hate-filled messaged and exit. > >> > >>EOD. > >> > >>If you can't flip to a console and take care of the problem there as > >>root, then you REALLY don't need to be logged into a graphical client to > >>do it. > >> > >> > >Bite me ! No... as others have said disabling a feature by *default* does not in and of itself make it impossible for an OP to edit /etc/whatever.conf to enable root's logging into a graphical environment. It *does* impose a sensible default (for most people), which in turn should encourage the teeming_masses(tm) to avoid high risk behavior w/o at least thinking it through first. Note that there are already some linux distros out there, not naming names, where the whole pesky user stuff has been eliminated altogether. Those simply default to root. IMHO we don't want to go there either, the windows 98/XP/2000 style admin / power user defaults have caused enough damage already. Given the choice & sensible defaults most users / OPs will do the right thing. The trick is leading them towards that especially where windows refugees are concerned. Like it or not a significant portion of linix users are, in fact, coming from a predominantly windows background. Either way default behaviors should reflect best practices whether defined as the most intuitive (e.g. nautilus bringing up a burn window when blank CD media is inserted) or most secure (ftp is not installed/enabled by default, right). People who have other preferences / special needs can & *should* alter the defaults accordingly to suit their needs. -- Bests, JS
