From: Joshua Murphy <poisonbl@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Block root user from login on xorg GUI
Date: Sat, 14 Nov 2009 02:01:19 -0500 [thread overview]
Message-ID: <c30988c30911132301r3d4a2676s4aea20eb79e750a3@mail.gmail.com> (raw)
In-Reply-To: <200911140025.08967.michaelkintzios@gmail.com>
On Fri, Nov 13, 2009 at 7:24 PM, Mick <michaelkintzios@gmail.com> wrote:
> On Thursday 12 November 2009 23:08:18 Iain Buchanan wrote:
>> On Thu, 2009-11-12 at 22:18 +0000, Mick wrote:
>> > On Thursday 12 November 2009 22:09:01 Alan McKinnon wrote:
>> > > Gdm itself has a config option to disallow root logins
>> >
>> > Ahh, unfortunately I can only access it remotely via ssh at this stage.
>> > Hopefully the pam method will work fine.
>>
>> You don't need anything more to configure gdm than ssh access - this is
>> Linux after all & a good program has text based configurations :)
>>
>> Edit /etc/X11/gdm/custom.conf
>>
>> In the section [security] add:
>> AllowRoot=false
>
> Thanks for this! :-)
>
>> You may then have to restart xdm.
>>
>> However, if someone has the root password to log in to X, then what's to
>> stop them changing anything you do now?
>
> Know how?
> --
> Regards,
> Mick
Approach security a little more sanely and don't give untrusted users
root access? If you have to take steps to restrict the root account,
you need to rethink who has use of it. Preventing damage in the event
that the system *does* get compromised is one thing, but trying to
control someone who is *given* access to root on the software side is
the wrong approach, in my incredibly non-humble opinion.
--
Poison [BLX]
Joshua M. Murphy
next prev parent reply other threads:[~2009-11-14 8:09 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-12 20:01 [gentoo-user] Block root user from login on xorg GUI Mick
2009-11-12 20:39 ` Dirk Heinrichs
2009-11-12 20:56 ` Mick
2009-11-12 21:08 ` Dirk Heinrichs
2009-11-12 21:34 ` Paul Hartman
2009-11-12 21:46 ` Mick
2009-11-12 21:56 ` Alan McKinnon
2009-11-12 22:15 ` Mick
2009-11-13 15:39 ` Paul Hartman
2009-11-12 22:09 ` Alan McKinnon
2009-11-12 22:18 ` Mick
2009-11-12 23:08 ` Iain Buchanan
2009-11-13 2:45 ` Zeerak Waseem
2009-11-14 0:24 ` Mick
2009-11-14 7:01 ` Joshua Murphy [this message]
2009-11-14 7:07 ` Joshua Murphy
2009-11-14 19:32 ` Mick
2009-11-14 20:46 ` Alan McKinnon
2009-11-15 5:15 ` Stroller
2009-11-15 7:44 ` Dale
2009-11-15 8:26 ` Alan McKinnon
2009-11-15 12:47 ` Stroller
2009-11-15 15:11 ` Alan McKinnon
2009-11-15 8:52 ` Neil Bothwick
2009-11-15 10:52 ` Alan McKinnon
2009-11-15 13:37 ` Neil Bothwick
2009-11-14 9:21 ` [gentoo-user] " Nikos Chantziaras
2009-11-14 10:12 ` Dirk Heinrichs
2009-11-14 15:13 ` Nikos Chantziaras
2009-11-14 19:30 ` Alan McKinnon
2009-11-14 20:46 ` Dirk Heinrichs
2009-11-14 22:50 ` Alan McKinnon
2009-11-15 9:22 ` Dirk Heinrichs
2009-11-15 14:40 ` Nikos Chantziaras
2009-11-15 16:12 ` Alan McKinnon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c30988c30911132301r3d4a2676s4aea20eb79e750a3@mail.gmail.com \
--to=poisonbl@gmail.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox