...remoulder got there first but I think what I have to contribute also addresses his contribution.
It is quite easy to reconfigure pam. In fact, a new user does not ever go through the "don't run in X" indoctrination, they simply search "log in as root" in the forum and follow the easy, laid out directions in the 20 how-to's in that forum!
In fact, my good buddy Rahul (one of the devs) will waste all his breath arguing FOR this feature then he writes his own how-to in the Fedora wiki to bypass it. And can just not recognize the hypocrisy involved.
But I digress... It has reached the point where it is like telling a ten year old kid "don't you dare do this, I will not allow it, I will lock the door so you can't get it!" then leaving the key on the table. What the heck do you think the kid is going to do? I just fail to see the point.
D'oh! :facepalm: That's a tragically hilarious state of affairs, thank you for apprising me. I haven't bothered to look lately, not needing to run X as root anyway. I agree with your analysis, by and large, it might be a futile exercise. Besides, hosing one's own install is a good education in itself, and will no doubt stick with a user much better than any number of portentous warnings from smug Linux boffins anyday
Speaking of which...
FedoraRefugee wrote:[...] threads that evolve into the "don't dare run as root" will always overstate the dangers. We have all logged in as root, the function is there for a purpose. Once we get our Linux legs we figure out we really do not need to do this, but the dangers are minimal. It is just as easy to bork something running as su in the user account. And other than root kits I have yet to hear about any serious Linux threats. I suppose you could be hacked, but...
Agreed... I've already expressed doubts about the privileges dichotomy between root and the regular user (and the ease with which a regular user substitutes root in) in a certain security related thread
. Later in that thread I also pointed to the package users solution from LFS, although I still suspect that's far too involved a solution for the time being.
I think the fact is that as a personal computer user, using it for your own business, there isn't a sufficient incentive for a cracker to go to the effort of even checking to see if you're running X as root. For those systems that count, the administrator with the root password should know better than to login as root anyway. Hopefully... Hmph.
FedoraRefugee wrote:Anyway, the point is why not just spend the time educating people on the correct way to do things?
Am I right in thinking that mod privileges are needed to sticky something in the forum? Well, here's a draft message that a wandering mod might feel like sticking someplace:
*Dangers of logging in to the GUI desktop as root*
It seems that some users of Linux Mint are logging in as root, without necessarily knowing the full implications.
While you are perfectly entitled to do this, it is not a recommended course of action, because there is a chance that it could harm both your own system and, if you use your computer to connect to the Internet, those of other computer users.
The reason for this is that, as opposed to your regular user account (the one that you created during the installation process, or another that you have created subsequently to installing), root has the ability to do almost anything, anywhere in the file system.
Note also that when logged in as root, any applications that you launch also run with this dangerously high level of privileges.
This means that if, when logged in as root, a malicious software package is executed on your system, it will have the ability to write commands, cron jobs (processes which will run at certain times), and settings to anywhere in your operating system's file hierarchy.
It also means that should there be a bug in a GUI application (such as the web browser Firefox), this could compromise your system, even though that same application is perfectly safe to run as a regular user.
Furthermore, since GUI applications (such as the web browser Firefox) are not written with being run as root in mind, there may be security issues that may allow a malicious third party to compromise your system. Even with the best security intentions in mind, there is still always the possibility of zero-day attacks (whereby a bug is exploited before the software developers have a chance to patch it) which will leave your system vulnerable.
The bottom line is to never log in the graphical interface as root.
This is simply good security practice, and an everyday part of running a GNU/Linux operating system.
There should be no need to log in to the graphical interface as root. You may always use the "sudo" and "gksudo" commands to run command line interface and graphical user interface applications in situations where you need to obtain root privileges, temporarily, to install software or change configuration settings. If you run applications which require these privileges from the main menu, they will pop up a window requiring your password. If you run applications from the command line that require these privileges, an error message to the effect of "access denied" will alert you to the need to obtain these privileges by prepending "sudo" to the command is necessary.
It is ultimately in everyone's interests that logging in to an X session as root is minimized.