How to Auto Login By root user

English Install/Boot/Login
#21

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The problem is not using the ‘root’ privileges from time to time; the
problem is using them by default, having them be auto-logged-in at a GUI
by default, and not explaining anything else. I personally don’t like the
auto-login feature at all, though I suppose it could have its place for a
public terminal or something where everybody uses the same username or
something, or for a wallboard or something where there is no interaction
with the desktop (set one of those up… worked really well too).

Privileges are needed when you need to CHANGE the system. Do you expect
everybody who happens to walk up to the system to need to CHANGE the
system (vs. just their user)? Hopefully not, and if so then hopefullly
you can explain why and such.

Take a step back. How does windows get infected to the point that no
matter which user uses it they are all compromised (sniffed passwords,
hijacked browser sessions, personal files sent out over the Internet to
who-knows-where)? Because the SYSTEM is infected, and not just the user
account. Why isn’t malware trying to infect the base system stopped by
permissions setup to prevent random altering of system files? Because
windows is written poorly and requires you to be privileged to do a LOT of
non-system things. For example, the last time I had to help somebody
install a toolbar (microsoft’s even) in internet explorer they had to be
an Adminsitrator… to add a toolbar to a web browser. Also they had to
reboot, which implies interacting with the kernel of the system (not
something that should be related to a web browser ever, at all). Compare
that with Firefox, or Opera, or any other browser: Tools: Add-ons, Add,
restart browser. Tada, all done. This is because user-specific settings
should be, well, specific to the user. windows has never been a properly
multi-user platform, though, so a lot of these basic concepts are missed.

Most non-technical people (and even some of the technical folks), at some
point in their lives, will click on a link they shouldn’t, be redirected
to a site they shouldn’t trust, or download some piece of software of low
repute. What happens at that point is a matter of training and
environment. Most non-technical users aren’t trained to read the screen,
so instead they click the nearest ‘Ok’ or ‘Yes’ even if the prompt says,
“I’m going to infect you and steal your passwords.” because they don’t
know better. At that point the system does what the user says and nothing
can prevent the user’s own files from being subject to the user’s will so
personal documents may be compromised by whatever that user is running,
but the rest of the system should be completely safe… UNLESS that user
was running as a privileged user. In that case the entire system is
vulnerable to the user’s whims.

Don’t run as root unless you need to, and most of those times you should
be using sudo, gnomesu, kdesu, etc. or responding to the system’s prompts
to elevate your privileges understanding exactly what is happening.

Good luck.

On 03/03/2010 12:06 AM, hdhiman wrote:
>
> Just an experiment.
> Lets say i do make root login as default. How much am i compromising my
> system? If i need to do trouble shooting etc, i still have to use root
> account, right?
> So if the issue here is that the root account will be open and active
> during my desktop session, is it completely exposed to anyone on the
> internet etc?
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJLjhENAAoJEF+XTK08PnB5rk0QAJT7gp4GajHvEmEXBcg3VGp4
kFtU95V2vmsEOykpVe3hyr8Sgn99YZNn6YVMWj/r0ZfmyK0S0pTgpr+BAdCQJ1vI
3PCJlNFmos87E+jpWL6UtE2CD5LHNIV/yG9YAnJ9om1xbG1knX0KjgwBElyLV1v+
1ov4UEWXckxg9zBqtbXgxLjAcoQeXPkINnQPZ9BArPFEpYorSd6Szo+l8bnwNEdN
OFeOO7PKTPUfadllNBFHuN/G+48e2nz6hXM0QjIParBH+ureOdmDlkiF9TJUyrdW
ok1motp8dQsNXCt5CzgB0KMLetPvE+VkSzgaoJ8m2ru06+Qe94Jh2LYLz7JO2fVA
OV9si07TwnLufCluJ8D4tVSeHjY41B8tT1RrTRVo6ex/yGhETLNXud+COPw8MF6Z
OsaNHAF7cXzkhI1cxjnUjTBfR3aNAk1CSNr5XyFxsouCSvmYcGPEOqh+B8rv182T
/bDe83/RI/W4OuRKNJrjcCvco2tzR49JOwGL16oZrpLxSfu06gj+dchtHQ6gBvih
N96T3shCILGQ4n022wvAuYfCByUhl8fxcWlr7MsYaTtxPeVKmTvycRf94ueLI6Nb
2UuqaVKpt0HZvIxig+JpFXX8vpTGLFJbowexw6VTXkmsNg0QYtkessaN+9MG8Oon
hztsgk7Tgfw/Rb44hq7H
=uFSV
-----END PGP SIGNATURE-----

#22

Even if nobody else will compromise your system, you will do it yourself. As everybody managing systems for some amount of time can tell you, they all sooner or later hosed their own system as root, even when they use strickt rules for being root only when needed. People make errors, o yes they do.

But, as it is proven that real dumb people read these threads (not meaning any of the above posters for that matter), I will not provide any examples here.

#23

And I believe Linux is not for dumb people…many people just get scared by looking at the command line! So usually people who use Linux actually need to have some knowledge of the workings…this is one of the reason it’s safer from the user’s side as well.

#24

The threadstarter has started a huge wave in this forum. I think he is joking.

#25

hdhiman wrote:
> i still have to use root account, right?

if your question is:

I still have to log into KDE/Gnome/etc as root, right?

the answer is no

you should never log into KDE/Gnome/XFCE or any other *nix-like
graphical user interface desktop environment as root…

doing so 1) opens you up to several different security problems, 2)
too many too easy ways to damage your system no matter how careful
your actions (example: just browsing in your home directory as root
can lock you out later as yourself due to permissions damage), 3) and,
anyway logging into KDE/etc as root is never required to do any and
all administrative duties…

so, always log in as yourself, and “become root” by using a root
powered application (like YaST, File Manager Superuser Mode) or using
“su -”, sudo, kdesu, gnomesu in a terminal to launch whatever tool is
needed (like Kwrite to edit a config file)…read more on all that here:

http://en.opensuse.org/SDB:Login_as_root
http://docs.kde.org/stable/en/kdebase-runtime/userguide/root.html
http://tinyurl.com/6ry6yd
http://tinyurl.com/ydbwssh


palladium

#26

RULE # 1 Avoid running as root for any thing other then is absolutely needed.

COROLLARY NEVER run a GUI as root If you must do something as root do it in a terminal or use su/sudo etc.

The problem is not so much that you will be owned it is that you can totally screw things up. However you do vastly increase the possibility of getting owned.

#27

On Wed, 03 Mar 2010 07:06:01 +0000, hdhiman wrote:

> Just an experiment.
> Lets say i do make root login as default. How much am i compromising my
> system? If i need to do trouble shooting etc, i still have to use root
> account, right?
> So if the issue here is that the root account will be open and active
> during my desktop session, is it completely exposed to anyone on the
> internet etc?

Maybe not completely exposed, but one of the basic tenets of computer
security is to run with only the minimal privileges you need to do what
you need to do.

Jim


Jim Henderson
openSUSE Forums Administrator

#28

I read a couple of pages on this thread, where everyone says JUST SAY NO to autologin. However I am testing systems using Linux. Not being a guru I looked for a way to get around logging in because the testing I am performing requires multiple reboots every day or even every hour. All the reasons to NOT auto login are very good for the field. However in the lab it’s just another pain to have the system waiting for me to type in a user id and pw every boot, and is preventing me from running automation.

If it can’t be done, fine. Just say so. If it can, would one of you gurus please post the method? Specifically I am testing with SLES 10 SP2, however any methods to autologin on RHEL would be appreciated too.
Thanks

#29

You can auto login but just NOT as root. In OpenSuse, which may not be the same as SLES 10, in Yast-System- /etc/sysconfig editor then Desktop-Display Manger you can configure who gets logged and if they need a password in DISPLAYMANGER_AUTOLOGIN and DISPLAYMANGER_PASSWORD_LESS+LOGIN

#30

SystemTester wrote:
> Specifically I am testing with SLES 10 SP2

you are in luck! SLES 10 is a commercial product of Novell and is
supported by them (this is the openSUSE forum, the two systems are
related, but not the same [like Fedora, Red Hat and CentOS are
related, but not the same])…

you are, of course, welcome to hang out here and see if someone can
tell you more about how to auto-login as root (are you sure you need
to log in as root? because auto login as a users like Tester is a
piece of cake)…but, i think you will find the real SLES 10 gurus
don’t hang here, they are over in forums.novell.com


DenverD
CAVEAT: http://is.gd/bpoMD [posted via NNTP w/openSUSE 10.3]
I feel annoyed that I can’t put my wide range of languages on stupid
Facebook. For example, I speak Sarcasm, fluently spoken and written,
and Various Forms of Geek…

#31

This is sooo pathetic.

The guy has asked a valid question and then lots of “gurus” started a whole storm of silly answers like “this is a security breach”. Do you really thing people are so dumb that they do not realize that running computer under root in a generic case is a problem? Have you ever guessed there may be valid reasons for automatically logging in as root? No? Too bad. Perhaps in 10 more years you will learn.

But for the lazy ones, here is a quick example. You are doing some very special development on a dedicated machine. The machine must be restarted hundreds of times a day. Running the development in virtual environment is not an option as you care for effects of real hardware (say, you are fixing a bug in a driver or something). Security is not a concern as the machine is not connected to network and there is nothing on it worth protecting. What is important is the ability to reboot it quickly. So, of course, you install an SSD on it, tune its BIOS and bootloader, etc. That is fine. But you still have to type like a monkey after every reboot because somebody decided for you that your arms are too much harm so they absolutely must be chopped off. Thanks v.m.

And especially for those who say that running as root is an MS way. MS way is more like deciding what’s best for users and then forcing that approach on them. This is exactly what openSUSE, Ubuntu and other Linux distros do in this case. Fundamentally it undermines the main benefit of Linux - the OS which can be easily tuned for any purpose, no matter how crazy it is.

#32

> This is sooo pathetic.

chip in with your wisdom as often as you feel inclined to do so…
it is invaluable.


DD

#33

On 2011-12-27 17:46, rtvd wrote:
> This is sooo pathetic.

It is also pathetic to say so a year later. You have only posted once and
the only post you make is that one…


Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

#34

You are totally right! It looks like you read my mind ;). That was a long time ago but i belive this answer will be helpful to someone else.
So here we go. Switch to /etc/sysconfig directory and edit displaymanager file the way like this :

Type: string

Default:

Define the user whom should get logged in without request. If string

is empty, display standard login dialog.

DISPLAYMANAGER_AUTOLOGIN=“root”

This trick applies to openSUSE 13.2 but i think this should be also valid for previous releases.