root user and any GUI
Darrin Chandler
dwchandler at stilyagin.com
Tue Nov 28 06:58:18 MST 2006
On Mon, Nov 27, 2006 at 09:55:10PM -0700, Dazed_75 wrote:
> I remember from my professional time many good reasons for the root user to
> be set up to boot into a text mode. I do not remember any good reasons for
> root to be prevented from using GUI applications (even though xterm was the
> one most used then).
>
> 1) Can anyone tell me why distros prevent root from using GUI applications (
> e.g. display not defined)?
Common security wisdom says you should not be doing anything logged in
as root, except certain, specific administrative and recovery
operations. Using su or sudo is much preferred. Of course, you should
use your noodle to know when it's worth actually logging in as root. I
will log in as root when almost everything I'm going to do needs root
access. Putting sudo before *every* command gets tedious.
However, I can't think of a reason to run GUI stuff as root. Firstly, X
doesn't have the best security record and can leak info. Maybe not as
much of an issue if you have no other local users, since that's where a
lot of the leakage tends to happen.
The big thing they're trying to stop is people logging in as root
always, and surfing the web, reading email attachments, etc. I've seen
people do this as their normal way of life! This is BAD!
If you have some specific task you want to do in a GUI as root, you may
be able to do it from your normal login. Open a shell and start the app
from the command line with sudo. Some apps have an "administration mode"
button or menu item that will su/sudo for you.
--
Darrin Chandler | Phoenix BSD Users Group
dwchandler at stilyagin.com | http://bsd.phoenix.az.us/
http://www.stilyagin.com/ |
More information about the PLUG-discuss
mailing list