--On Wednesday, July 27, 2011 11:57:51 AM -0500 Les Mikesell <lesmikesell at gmail.com> wrote: > On 7/27/2011 11:45 AM, Marc Deop wrote: >> If you need to get into X as root means that *you* are doing something >> *wrong*. It has nothing to do with an "underlying problem". > > So why do GUI administrative tools exist? Or did you mean window > manager or desktop instead of X? The point is not that X, or the window manager, or some tool is flawed. (In general, *all* software has flaws.) The point is that UNIX has unprivileged users to help protect itself despite program flaws (as well as other reasons). Some things *have* to run privileged and, knowing that, their developers are historically a lot more paranoid about writing and testing such software. Window managers and graphical programs are complex beasts, and have complex interactions with other complex beasts. That, combined with the fact that they weren't developed with the intent as running as root means that you're running more risks than is really necessary. See the whole MS Windows (NT, XP, whatever) users need to run as administrator to make their programs work mess, especially when you couple it with attacks through email, web browsers, etc. In the particular case of GUI administrative tools (and depending on how they're written), they don't necessarily have to run as root even though they ask for root credentials. (For example, they could "su - /some/command" to make changes). If they do run as root, then hopefully their developers are being sufficiently paranoid. But even then, that is better than running the window manager as root and, by extension, all the *other* programs that are launched (or are launchable) from the window manager. The principle of least privilege applies. Sure, you can ignore it, but you won't get much sympathy if you do. Devin