Page 3 of 5 FirstFirst 12345 LastLast
Results 21 to 30 of 49

Thread: graphical root login no longer allowed after update from KDE 4.5.0 to KDE 4.5.1

  1. #21
    JosephKK NNTP User

    Default Re: graphical root login no longer allowed after update from KDE 4.5.0 to KDE 4.5.1

    On Sat, 11 Sep 2010 14:06:03 GMT, jbehre
    <jbehre@no-mx.forums.opensuse.org> wrote:

    >
    >Hello everybody,
    >
    >after updating my KDE 4.5.0 to KDE 4.5.1 (on openSUSE 11.3) the KDM no
    >longer allows to login graphically as root. But to login as user and
    >doing administrative stuff via kdesu/su/sudo + root password is
    >possible. I know that it is a security risk to fully login as root but
    >sometimes it more convient to login once instead of starting every
    >single action with su etc + password. I searched in Yast and also in the
    >KDE systemsettings for an option to switch off this behaviour but I
    >didn`t find any. Via Google I font the hint to set the variable
    >AllowRootLogin=false to AllowRootLogin=true in the file kdmrc. Since
    >I didn't know which kdmrc is the right one, I changed the variable in
    >all versions I found:
    >
    >/usr/share/kde4/config/kdm/kdmrc
    >/usr/share/kde4/config/kdm/kdmrc.rpmnew
    >/var/adm/kdm/kdmrc.sysconfig
    >
    >Nevertheless these changes are ignored and in
    >/var/adm/kdm/kdmrc.sysconfig AllowRootLogin=true is automatically set
    >back to AllowRootLogin=false.
    >
    >What do I have to get back the old behaviour?
    >
    >Thanks in advance
    >Jrn Behre


    I am going to address a horrible misconception here. Running a GUI
    such as KDE had NOTHING to do with being logged in. Loggen in is
    loggen in, running a GUI is purely optional. Only things like video
    editing, image minipulation, playing dvds, spreadsheet dataplots, and
    a few other sililar tasks require any graphics at all.

    Without graphics you can still do all the things you need and many
    more where a graphical interface does not make sense.

    You are no more logged in with a GUI than without.

    There is no possibility of success without the specter of failure.

  2. #22

    Default Re: graphical root login no longer allowed after update from KDE 4.5.0 to KDE 4.5.1

    Thanks for the tip! I looked into this a week or so ago and at the time did a downgrade by removing the new repositories and running zypper dup.

    Just wanted to add my own opinion regarding the "root" login issue:

    I for one do use GUI root loggins despite having studied 3 years programming and being fully educated regarding the risks that are involved with any operating system and any application for that matter using administrative previledges. I have over 20 years of computer experience with over 5 years in Linux. Using "root" in any circumstance does not make you a fool or stupid. My motto: Don't judge people if you don't want to be judged!

    While I do understand and appreciate the concern and also know that using "root" is not a good, default or recommended practice in the working environment etc., I have to say that people will do what is most convenient and anything less so may result in those same people looking for an alternative. Imposing "non-root" login does not make sense for somebody like myself. We are not all stupid, you know! If you think so it must be your ego talking.

    In my own situation I do a lot of testing and in doing so, have to do a lot of administration. It can become irritating very fast and in my opinion lead to more mistakes being made because you rely to heavily on the system to protect you and because you constantly have to do things you don't want to (i.e. kdesu) etc. Being irritated because you have to switch user is in my opinion even worse than having logged in as "root" (xnix), "Administrator" (In Windows) or "Supervisor" (Netware) in the 1st place. I can name example where I made mistakes because I got frustrated with this. Unless further discussion is warranted, I will rather try and keep this short.

    Fact is that if you do as much administration as I do sometimes and you are tired, frustrated etc. the last thing you want is to be bogged down by your GUI (KDE in this case). Yes, their is a risk, always. Best policy is however not to limit yourself but rather work around the risk (System Backups are the best answer). Any limitations at a moment when you are tired, frustrated etc. may just end up in a mess. Obviously this includes having to switch to "root" all the time. The whole concept of Linux is about freedom, yet their are to many individuals and entities (Corporations, Governments etc.) involved these ways looking into ways to take these freedoms away. Linux was build by hackers for hackers and the fact that corporations and other entities think they should restrict people that which to exercise their freedoms is just not right. In that sense, KDE having removed this capability is not right. If OpenSource developers don't watch out, their products will end up in the hands of corporations, governments and whatever entities doing everything in their power to take away your choice.

    I do believe KDE developers have done the right thing in disabling the feature by default, thereby protecting the innocent but I think it is massively wrong that the command was not just set to "No" or commented out. Clearly KDE is not winning any popularity in doing this.

    Example: When I am busy with a new server setup, it is common that I use GUI root setup until the system is ready to be released into production environment, at which point a change the setting. During this so called setup phase, I also do Auto Logons, even into "root" GUI. Limitations are frustrating and go against the nature of Linux. Sometimes it just does not make sense to not log in as "root" etc. Surely you don't expect me to switch user all the time while doing a new setup. The claims and accusations of stupidity, ignorance etc as seen on this thread I have seen many times on other threats.

    It should be noted that it is good practice for OS and Application developers to disable any option that can pose security risks by default while making it simple or easy enough for system administrators to change this if need be. A good example of this is when doing a OpenSUSE setup. You are forced to create a new user and are not presented with "root" privileges by default. This secures new and less educated users. This does and should not however keep you from logging on as "root" in text and yes, even GUI. By removing administration privileges by whatever form they may take, developers are taking away a choice. If one thing Linux and Opensource stands for is the ability to be able to make that choice which is a matter of freedom. As administrators are usually the ones that are affected by bugs or features like this, this is not a wise choice on the part of developers. If you want to get more Linux, KDE or whatever system acceptance, the best root to follow is first convince administrators and upper management. Disable such features makes things difficult and if people don't see this as acceptable, surely you will loose their support when a competitive products is or becomes available.

    Personally I would leave the command "DISPLAYMANAGER_ROOT_LOGIN_LOCAL="yes"" in the config file and comment it out. Also good practice would be to add a comment of alternatives to logging in to root(i.e. kdesu, su etc.) in the config file as well as a message informing administrators that it is not good practice to enable this feature unless they have considered this risks. Alternatively set "DISPLAYMANAGER_ROOT_LOGIN_LOCAL="No". Don't present such an option in the GUI configuration, the reason being that ignorant, new and even stupid users may enable such as they don't consider the consequences of their actions. It is much easier to enable an option by clicking than by keyboard. This Displaymanager option should also only be configurable by "root".

    The absence of this command in the configuration file can be seen as matter of disrespect to people like myself who do occasionally see the need for using this and who do a lot toward promoting Linux and other OpenSource technologies such as KDE.

    People throwing around accusations of stupidity in my opinion are even more so. From the beginning of this threat it was made very clear that persons were aware of the consequences and risks of enabling such a feature. Why then call them stupid etc? Just because you don't use or need a specific feature or use it in another way does not mean you are right. I can think of many more ways to trash my system and I assume many other people as well. Personally I feel people that don't have something positive to say toward resolving an issue should not say anything at all.

    It is better to indicate to somebody that what he/she is doing is bad practice and then help him/her resolve the issue if it makes sense. Example: .I think we can all agree that driving a car under the influence of alcohol is not a good thing but considering that by doing so you may in fact save somebodies live by getting them to the hospital for instance, surely the best course of action. Why the take away his/her keys if that is the only way they can get to the hospital in time. I guess what I am trying to say is that what sometimes seems as the worst option is not always so. It depends on the circumstance.

    NB: Observe the following:

    # Allow remote access of the user root to your display manager. Note
    # that root can never login if DISPLAYMANAGER_SHUTDOWN is "auto" and
    # System/Security/Permissions/PERMISSION_SECURITY is "paranoid"

    In my case DISPLAYMANAGER_SHUTDOWN is "auto" which proved to be a problem logging in from VMWARE ESXi console. Set it to "all" or root. As my setups was a server, I set mine to "root" thereby preventing anybody else from shutting down Linux.

  3. #23
    Join Date
    Jun 2008
    Location
    Earth - Denmark
    Posts
    10,730

    Default Re: graphical root login no longer allowed after update from KDE4.5.0 to KDE 4.5.1

    thank you for your opinion...

    please stick around and help the new folks who will follow your
    example...and, have strange little permissions problems pop up..

    --
    DenverD
    CAVEAT: http://is.gd/bpoMD [posted via NNTP w/openSUSE 10.3]

  4. #24

    Default Re: graphical root login no longer allowed after update from KDE4.5.0 to KDE 4.5.1

    Quote Originally Posted by DenverD View Post
    thank you for your opinion...

    please stick around and help the new folks who will follow your
    example...and, have strange little permissions problems pop up..

    --
    DenverD
    CAVEAT: C A V E A T [posted via NNTP w/openSUSE 10.3]
    I take your comment as sarcasm. Hope you have a better day tomorrow!

    NB: OpenSUSE is intended for new to highly experienced users alike. That being said, how can one gain the full experience of Linux if you always stay on the safe side. Their are things such as common sense and being paranoid. The only way to learn is to take some risks and make mistakes. True leaders are made from people that take calculated risks. Loosers are those people who always stay on the safe side. Obviously you are the paranoid parent type who screams at his child because they get to close to the fire or something like that. My approach would be to let my child learn his/her own way because only by getting scorched by the fire and being allowed to gain that experience can they truly gain wisdom and grow to be tomorrows leaders.

    In terms of sticking around: Whenever I have the time and have something positive to contribute, I do join or login on various forums like this one and try to contribute. Not just by giving opinions about what I think is right or wrong (Like my friend DenverD) but also helping out and even posting threats that might help out with resolving problems I struggle(d) with myself or think I have some insight on.

    Here are some examples:
    LCD Monitor Driver Installation Problems

    VMware Communities: upgrade sphere 4.0 to 4.1 - mouse not ... or VMware Communities: upgrade sphere 4.0 to 4.1 - mouse not ...

    Konqueror 4.4.2 (Missing KGET)

    Yes, I will help out with areas where I have gained adequate knowledge or feel I can contribute by having experienced similar or the same problem(s)

    I am not an expert in Linux but considering years of experience, I have seen what works and what does not. Their is absolutely no need to be paranoid about somebody asking why he / she cannot log into his favorite Desktop Manager (KDE) using "root" account and even takes the time to explain that he knows it is not an good idea. I think most people on this forum are grown up enough to consider the consequences of their actions. I don't think you do anybody a favor by trying that approach. Just consider what National Prohibition (1920–1933) brought to alcoholic beverages in America. It does no good telling people what they should or shouldn't do. Best is to tell them how and the consequances and don't forget to tell them to make backups and try this with their own system. If they don't want to listen, I am sure they will find out soon enough when things turn South.

  5. #25
    Carlos E. R. NNTP User

    Default Re: graphical root login no longer allowed after update from KDE4.5.0 to KDE 4.5.1

    On 2010-09-15 20:06, VolkerBause wrote:
    >
    > Thanks for the tip! I looked into this a week or so ago and at the time
    > did a downgrade by removing the new repositories and running zypper
    > dup.
    >
    > Just wanted to add my own opinion regarding the "root" login issue:
    >
    > I for one do use GUI root loggins despite having studied 3 years
    > programming and being fully educated regarding the risks that are
    > involved with any operating system and any application for that matter
    > using administrative previledges. I have over 20 years of computer
    > experience with over 5 years in Linux. Using "root" in any circumstance
    > does not make you a fool or stupid. My motto: Don't judge people if you
    > don't want to be judged!


    I also do a lot of administration work, I don't log into the GUI as root, and I don't waste time by
    having to use sudo or su.

    I can log in as root, it works, but I never need to use it. Exception: configure root's desktop
    features like fonts or single/double clicks. After done, exit.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.2 x86_64 "Emerald" GM (Elessar))

  6. #26
    Join Date
    Jun 2008
    Location
    Groningen, Netherlands
    Posts
    20,039
    Blog Entries
    14

    Default Re: graphical root login no longer allowed after update from KDE4.5.0 to KDE 4.5.1

    Quote Originally Posted by Carlos E. R. View Post
    On 2010-09-15 20:06, VolkerBause wrote:
    >
    > Thanks for the tip! I looked into this a week or so ago and at the time
    > did a downgrade by removing the new repositories and running zypper
    > dup.
    >
    > Just wanted to add my own opinion regarding the "root" login issue:
    >
    > I for one do use GUI root loggins despite having studied 3 years
    > programming and being fully educated regarding the risks that are
    > involved with any operating system and any application for that matter
    > using administrative previledges. I have over 20 years of computer
    > experience with over 5 years in Linux. Using "root" in any circumstance
    > does not make you a fool or stupid. My motto: Don't judge people if you
    > don't want to be judged!


    I also do a lot of administration work, I don't log into the GUI as root, and I don't waste time by
    having to use sudo or su.

    I can log in as root, it works, but I never need to use it. Exception: configure root's desktop
    features like fonts or single/double clicks. After done, exit.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.2 x86_64 "Emerald" GM (Elessar))

    can be done by 'kdesu systemsettings', like kdesu allows you to run any app with root permissions.
    ° Appreciate my reply? Click the star and let me know why.

    ° Perfection is not gonna happen. No way.

    https://en.opensuse.org/openSUSE:Board#Members
    http://en.opensuse.org/User:Knurpht
    http://nl.opensuse.org/Gebruiker:Knurpht

  7. #27
    Join Date
    Jun 2008
    Location
    Earth - Denmark
    Posts
    10,730

    Default Re: graphical root login no longer allowed after update from KDE4.5.0 to KDE 4.5.1

    VolkerBause wrote:

    > I take your comment as sarcasm. Hope you have a better day tomorrow!


    no, it was an honest request to hang and help the new folks when they
    ask for help after logging into KDE/Gnome etc as root..

    > True leaders are made from people that take calculated risks.


    you have no idea of my propensity for risk taking nor my leadership
    qualities...so, i'd prefer you to stick to non-attacking postings as
    you hang around to help new folks fix their problems..

    --
    DenverD
    CAVEAT: http://is.gd/bpoMD [posted via NNTP w/openSUSE 10.3]

  8. #28
    Join Date
    Jun 2008
    Location
    Groningen, Netherlands
    Posts
    20,039
    Blog Entries
    14

    Default Re: graphical root login no longer allowed after update from KDE4.5.0 to KDE 4.5.1

    Cool down, guys. No need to tear eachother down.
    ° Appreciate my reply? Click the star and let me know why.

    ° Perfection is not gonna happen. No way.

    https://en.opensuse.org/openSUSE:Board#Members
    http://en.opensuse.org/User:Knurpht
    http://nl.opensuse.org/Gebruiker:Knurpht

  9. #29

    Default Re: graphical root login no longer allowed after update from KDE4.5.0 to KDE 4.5.1

    My apologies then. It appeared sarcastic but I was not sure. In terms of the true leader issue, I was not referring specifically to you or anybody for that matter but rather trying to indicate that without risk comes little or no reward.

    In terms of the "kdesu" command. It takes time and in my personal opinion is less effective. I try everything at least a couple of times in order to see what works best under different circumstances. While "kdesu" is more than adequate for daily operations it is a drag when you try to get things done.

  10. #30
    Carlos E. R. NNTP User

    Default Re: graphical root login no longer allowed after update from KDE4.5.0 to KDE 4.5.1

    On 2010-09-15 22:06, VolkerBause wrote:
    >
    > DenverD;2223110 Wrote:
    >> thank you for your opinion...
    >>
    >> please stick around and help the new folks who will follow your
    >> example...and, have strange little permissions problems pop up..


    > I take your comment as sarcasm. Hope you have a better day tomorrow!


    Nope.

    Typically novice users shoot themselves on the foot caused just by login as root in a GUI, so we are
    hoping you will be around to solve those problems :-)


    > NB: OpenSUSE is intended for new to highly experienced users alike.
    > That being said, how can one gain the full experience of Linux if you
    > always stay on the safe side. Their are things such as common sense and
    > being paranoid. The only way to learn is to take some risks and make
    > mistakes.


    There are mistakes, and there are mistakes. There is taking calculated risks, and then there is
    testing a vaccine on oneself - if it fails, doctor lost.

    There is no need to walk on the tight rope.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.2 x86_64 "Emerald" GM (Elessar))

Page 3 of 5 FirstFirst 12345 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •