On 05/15/2013 05:16 PM, Glen Dunno wrote:
> Sorry I thought he was already logging in as root to do his work.
if you think s/he is logging into a DE as root, please don’t
encourage him/her to continue doing that…
–
dd
On 05/15/2013 05:16 PM, Glen Dunno wrote:
> Sorry I thought he was already logging in as root to do his work.
if you think s/he is logging into a DE as root, please don’t
encourage him/her to continue doing that…
–
dd
On 2013-05-15 16:50, dd wrote:
> right, you do NOT want to log into KDE (or any other *nix-like desktop
> environment as root)
The problem is, that in order for Linux to gain more people support,
this can not be. New administrators want to administer their machines in
graphical mode and never touch text mode.
It scares people away.
–
Cheers / Saludos,
Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)
On 05/15/2013 08:13 PM, Carlos E. R. wrote:
> The problem is, that in order for Linux to gain more people support,
> this can not be. New administrators want to administer their machines in
> graphical mode and never touch text mode.
>
> It scares people away.
so, when are they gonna fix it so it is safe to log into the DE as root?
because you KNOW those who can’t be bothered with reading WILL
browse, send/receive mail, watch porn etc etc etc as root.
–
dd
On 05/15/2013 02:59 PM, dd pecked at the keyboard and wrote:
> On 05/15/2013 08:13 PM, Carlos E. R. wrote:
>> The problem is, that in order for Linux to gain more people support,
>> this can not be. New administrators want to administer their machines in
>> graphical mode and never touch text mode.
>>
>> It scares people away.
>
> so, when are they gonna fix it so it is safe to log into the DE as root?
It’s safe now if you know what you are doing. Unfortunately most people
don’t so for them it never will be safe to login to a DE as root.
Ken
On 2013-05-15 22:56, Ken Schneider wrote:
> On 05/15/2013 02:59 PM, dd pecked at the keyboard and wrote:
>> On 05/15/2013 08:13 PM, Carlos E. R. wrote:
>>> The problem is, that in order for Linux to gain more people support,
>>> this can not be. New administrators want to administer their machines in
>>> graphical mode and never touch text mode.
>>>
>>> It scares people away.
>>
>> so, when are they gonna fix it so it is safe to log into the DE as root?
>
> It’s safe now if you know what you are doing. Unfortunately most people
> don’t so for them it never will be safe to login to a DE as root.
Absolutely!
That’s the thing.
–
Cheers / Saludos,
Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)
Wow, so there is a class of people that can sniff out all the viruses, malware, root hacks, shimsham, flimflam, whizbang etc…and can run a DE as root.
Cool, I think I may have the smarts so what would the test be?
On 2013-05-16 05:26, anika200 wrote:
> Wow, so there is a class of people that can sniff out all the viruses,
> malware, root hacks, shimsham, flimflam, whizbang etc…and can run a
> DE as root.
> Cool, I think I may have the smarts so what would the test be?
Who is saying that? :-o
–
Cheers / Saludos,
Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)
On 05/16/2013 05:26 AM, anika200 wrote:
> Wow, so there is a class of people that can sniff out all the viruses,
> malware, root hacks, shimsham, flimflam, whizbang etc…and can run a
> DE as root.
no! that is not what was written…
first the danger or not has nothing to do with a “class of people”,
but rather with the knowledge level of individuals (from any
‘class’, if there were such a thing)!
the knowledgeable person(s) who can safely log into the DE as root
would (through expert understanding of the dangers, where they are
and how to avoid them) never put the system into a situation (such
as browsing the net) where exposure to viruses (if one existed), root
kits and etc might occur…
additionally, they would know (all?) the potential ways to mess up
their system while running a DE as root.
personally, i have too little experience to know even most of the
ways to kill my system accidentally…i’ve only been using Linux off
and on since (about) 1997/8, and exclusively since only (about)
2001/2…so, i am far too new to risk it.
–
dd
openSUSE®, the “German Engineered Automobile” of operating systems!
On 2013-05-16 06:16, dd wrote:
> On 05/16/2013 05:26 AM, anika200 wrote:
>> Wow, so there is a class of people that can sniff out all the viruses,
>> malware, root hacks, shimsham, flimflam, whizbang etc…and can run a
>> DE as root.
>
> no! that is not what was written…
>
> first the danger or not has nothing to do with a “class of people”, but
> rather with the knowledge level of individuals (from any ‘class’, if
> there were such a thing)!
>
> the knowledgeable person(s) who can safely log into the DE as root would
> (through expert understanding of the dangers, where they are and how to
> avoid them) never put the system into a situation (such as browsing
> the net) where exposure to viruses (if one existed), root kits and etc
> might occur…
>
> additionally, they would know (all?) the potential ways to mess up their
> system while running a DE as root.
All correct
It is almost impossible to know all the risks, but certainly connecting
to internet is a very large one.
However, when you run the packager updater from your user session, that
program is running and connecting to internet as root, so is not that
the same risk? Or when you run a tool as wireshark, it needs run as
root, and security holes have been found on it frequently. So, is it not
the same risk?
Well, in a way it is - but when you log in to the GUI as root,
everything is running as root, not just a tool or two! The risk is
much larger.
The more obvious risk is that operator errors or bugs can do more
damage, they are unlimited to the home. And both do happen. And with the
entire session going as root…
So if you can avoid it, do avoid it.
There are, of course, exceptions to rules. For example… 12.3 RC1 or
final had a bug that made log-in as user in an XFCE system impossible.
You had to log in as root and run an update before being able to log-in
as user.
I log in as root after a system upgrade because I have such a large
amount of things to do as root that it is easier to to do it from a full
session. It is a calculated risk, similar to what a conscientious
Windows administrator does when administering his system, which he has
to do of necessity in a graphical session. When we end, we both log out
and back as user before using the system.
–
Cheers / Saludos,
Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)
On 05/16/2013 11:03 AM, Carlos E. R. wrote:
> Well, in a way it is - but when you log in to the GUI as root,
> everything is running as root, not just a tool or two! The risk is
> much larger.
and, unless we add repos which are untrustworthy, or someone spoofs
the DNS to swing in code from some rogue site, we assume that our
root running YaST is going to NOT fetch root kits or other malware
from our trusted oS repos…
and, the dangers of root powered tools like wireshark are well known
(or at least should be well known to those who know how to operate as
root safely)…so!
so, while it might be ok for SOME to do some things that some other
should not do, i hope you never catch me saying that the guy/gal who
has been here one day (or one year) should just log into the DE as
old super root and . . .
i’m gonna tell you: even knowing you know more than me about a lot of
stuff, i will not recommend to YOU that you log into the DE as
anything other than a simple user! now, it is your machine and if you
are sure you are smart enough to not get in trouble and do however
you wish…AND you blow up your own system, YOU deserve the trouble
you make for yourself…
and i WILL be the first to say: I told you not to do that! and i will
NOT feel obliged to try to help you fix up your mess!
[and, you will NEVER be able to say: Well, you told me it was ok for
me to do it!! Whaaaaaa!]
see?
On 2013-05-16 12:25, dd wrote:
> On 05/16/2013 11:03 AM, Carlos E. R. wrote:
>> Well, in a way it is - but when you log in to the GUI as root,
>> everything is running as root, not just a tool or two! The risk is
>> much larger.
>
> and, unless we add repos which are untrustworthy, or someone spoofs the
> DNS to swing in code from some rogue site, we assume that our root
> running YaST is going to NOT fetch root kits or other malware from our
> trusted oS repos…
I was not thinking that road, but that is also true an unavoidable:
installation of the updates has to be done as root necessarily (via sudo
or whatever, not on a full session). No, I was thinking of the internet
connection that YaST has to do, using wget or curl, to download the
packages from the proper sites. It runs as root! And it is not really
necessary, that child task could run as another user, but it has to drop
the results on directories owned by root.
> and, the dangers of root powered tools like wireshark are well known (or
> at least should be well known to those who know how to operate as root
> safely)…so!
No, we don’t
When I use wireshark to sniff on my network, I expect that it is simply
listening to the traffic and presenting the information for me to read.
That’s all I need - but apparently holes have been discovered that allow
attacks to my machine! Even if I’m running a user session, because
wireshark needs root powers to put the network interface in promiscuous
mode. I guess it could drop privileges later, but it doesn’t, or maybe
it is not possible. Dunno.
> so, while it might be ok for SOME to do some things that some other
> should not do, i hope you never catch me saying that the guy/gal who has
> been here one day (or one year) should just log into the DE as old super
> root and . . .
No, and I also tell them not to.
AVOID LOGIN A ROOT IN GUI!!
See? I said it.
> [and, you will NEVER be able to say: Well, you told me it was ok for me
> to do it!! Whaaaaaa!]
>
> see?
:-))
The only point I try to make, what started this discussion, is that we
must shoo away people from using GUI session as root for known real
dangers or problems, not for untrue reasons. Generation of ~/.Xauthority
and ~/.Iceauthority should not happen, and would be a reportable bug.
My guess is that those files appear from using “su” (not “su -”), or
because of a bug somewhere in kde or gnome or… But not because of a
full login, because in that case you use /root/* as your home.
MAYBE, maybe, if you use a graphical file browser while logged fully as
root and handle files under a home, maybe those apss create those
particular session files?? :-? If this happens (it would be a bug), it
is not something that would happen to me, because I do my maintenance
tasks with ‘mc’. So /maybe/ that’s why it hasn’t happened to me.
I would certainly like to verify why those files owned by root appear on
a home to some people.
–
Cheers / Saludos,
Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)
On 05/16/2013 01:18 PM, Carlos E. R. wrote:
> I would certainly like to verify why those files owned by root appear on
> a home to some people.
i do not know how, but i can tell you it happened to me…on Red Hat
in about 98…had no idea why, or how to fix it…an old man (with
computer roots back into the '60s) told me how to fix it and said:
Never log into the GUI of any *nix as root.
and, i have not since…
–
dd
Back in 10.3 I was still logging as root sometimes and I managed to trip the 2 authority file problem both of them where owned by root and I could not log on as my normal user until I changes ownership back on them. Also have seen the problem crop up here on occasion. Often (but not all the time) unable to log as user is caused by this.
On 2013-05-16 22:06, gogalthorp wrote:
>
> Back in 10.3 I was still logging as root sometimes and I managed to trip
> the 2 authority file problem both of them where owned by root and I
> could not log on as my normal user until I changes ownership back on
> them. Also have seen the problem crop up here on occasion. Often (but
> not all the time) unable to log as user is caused by this.
Yes, if it happens you certainly can not log in.
–
Cheers / Saludos,
Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)
Sorry for delay in reply…
@Carlos (robin_listas): I did followed your suggestion as well. forgot to thank you earlier.
@Glen_Dunno and @DenverD : I am working on cmdline as root. I logged as root in DE once only jst to check.
Also, I already tried this solution as suggested by wolfi323 but it didnt worked.
Finally, after trying all the suggestions and no luck, so I decided to reinstall the nVidia drivers as problem started after its update. And it worked. now its working fine.
Thanks everyone for your help and time.
On 2013-05-18 07:46, mystic2009 wrote:
> Finally, after trying all the suggestions and no luck, so I decided to
> reinstall the nVidia drivers as problem started after its update. And it
> worked. now its working fine.
Good!
Dunno if you read this?
> https://www.suse.com/releasenotes/i386/openSUSE/12.3/RELEASE-NOTES.en.html#idm1262519932
Supposedly, the Nvidia driver were updated to handle this automatically :-?
–
Cheers / Saludos,
Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)
No, but the udev package was updated to grant the logged in user access to /dev/nvidiactl. From the changelog:
- Mon Apr 08 2013 fcrozat@suse.com
…
- Add logind-nvidia-acl.diff: set ACL on nvidia devices
(bnc#808319).
…