[CentOS] running X as root in centos 6

Wed Jul 27 18:59:43 UTC 2011
Devin Reade <gdr at gno.org>

--On Wednesday, July 27, 2011 11:57:51 AM -0500 Les Mikesell
<lesmikesell at gmail.com> wrote:

> On 7/27/2011 11:45 AM, Marc Deop wrote:
>> If you need to get into X as root means that *you* are doing something
>> *wrong*. It has nothing to do with an "underlying problem".
> 
> So why do GUI administrative tools exist?  Or did you mean window 
> manager or desktop instead of X?

The point is not that X, or the window manager, or some tool is flawed.
(In general, *all* software has flaws.)

The point is that UNIX has unprivileged users to help protect itself
despite program flaws (as well as other reasons).  Some things *have*
to run privileged and, knowing that, their developers are historically
a lot more paranoid about writing and testing such software.

Window managers and graphical programs are complex beasts, and have
complex interactions with other complex beasts.  That, combined with
the fact that they weren't developed with the intent as running as root
means that you're running more risks than is really necessary.

See the whole MS Windows (NT, XP, whatever) users need to run as
administrator to make their programs work mess, especially when
you couple it with attacks through email, web browsers, etc.

In the particular case of GUI administrative tools (and depending on
how they're written), they don't necessarily have to run as root
even though they ask for root credentials. (For example, they could
"su - /some/command" to make changes).  If they do run as root, 
then hopefully their developers are being sufficiently paranoid. 
But even then, that is better than running the window manager as
root and, by extension, all the *other* programs that are launched
(or are launchable) from the window manager.

The principle of least privilege applies.  Sure, you can ignore it,
but you won't get much sympathy if you do.

Devin