On Tue, 2004-10-19 at 20:19 +0200, Kyrre Ness Sjobak wrote: > And to sombody who said that "computers are designed to be usefull not > secure" is the same as "computers are not meant to be secure" - i > interprited that as "computers are made to be both usefull and secure". > Anyway, how much is a computer that the user cant use because it is to > tigthly locked up, worth? Why dont we remove tcp/ip altogether? Or > simply the kernel? If the user cant boot it, then it is *really* secure. > And make it forget all data that is saved to disk, just to make sure > that it cant be read later by somebody evil? Disabling root login in GDM *does not stop the computer from doing anything useful* !! There are far more secure and far more convenient ways to perform any administration/configuration task or running any "requires root" program than logging in as root at GDM. I'm completely for axing the root account altogether. And you know what? It isn't going to stop a single thing I want to do with my computer, or a single thing *you* want to do with your computer. All it's going to do is make you have to do things using a better, albeit different, method than you used before. Removing root logins from GDM will *not* cause any application to stop working or any task to become impossible. It just stops root logins from GDM. Quit confusing the problem (how to run tasks that require root) with one solution (logging in as root at GDM). There are other solutions that are safer *and* more convenient. Fedora already employs them. They're called "consolehelper", "su", and "sudo". Graphical versions of su and sudo also exist, for users that want a graphical "runas" mechanism. > > Security can go to far. I do not think security is a bad thing - i just > think that it should not get in the way when it is not nesessary. Just like root should not get in the way when it's not necessary. It isn't necessary to log into root as GDM spawning an entire root desktop session when all you need to do is run some particular tools with elevated privileges. You can run those same tools with the same elevated privileges after logging into a user account or switching to a text console. > > Kyrre > -- Sean Middleditch <elanthis@xxxxxxxxxxxxxxx> AwesomePlay Productions, Inc.
