[CentOS] Lost my menu options again - KDE messes with Gnome?

Mon Oct 3 22:02:14 UTC 2005
Craig White <craigwhite at azapple.com>

On Mon, 2005-10-03 at 17:53 -0500, Ryan wrote:
> On Monday 03 October 2005 09:00 am, Dave Gutteridge wrote:
> > > You should never login to GUI as root. Never as in not ever.
> >
> > Okay. Out of curiosity, why not?
> >
> 
> Two Schools of thought:
> 
> #1 By logging in to do a few tasks as root, you open numerous programs as root 
> you do not need to. This creates a security problem - programs running with 
> root privileges for no reason.
> 
> #2 Windows admins log in as administrator all the time, and somehow keep their 
> machines malware free (well, some do), and certain types of network equipment 
> has a gui - and no user OTHER than root or admin!
----
What Windows does has nothing to do with Unix/Linux. If you have Win2K3
server with latest service packs, it's virtually impossible to use
Internet Explorer now without indicating to Internet Explorer that you
wish to downgrade security. As for keeping it free of malware, not if
you actually use the machine as administrator for anything beyond
administration.

Heck - Microsoft recommends that you not have administrative privileges
on your own Windows XP desktop. They just keep it quiet and by default,
give you administrative privileges on setup.
----
> 
> 
> I've always thought its best to use your judgment. Small tasks - use the 
> commandline, without a doubt. If you have 80 things to do, unjack from the 
> network and login as root. If the machine is running in production and you 
> are afraid of the consequences....wait, why do you need to change 80 things 
> on a production machine?? :-P
> 
> 
> Some modern versions of Debian will *not* let you login as root at the login 
> screen, or run a program as root easily (have to use the kdesu or sudo 
> facilities). I think this is overkill. Some level of judgement should be 
> allowed on the part of the operator.
----
It's really a much better concept. I think it's only because RedHat by
default uses GDM that you can login as root on runlevel 5. It's really a
poor idea. Debian (and things like Ubuntu) have it right.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.