From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1N9Dhh-0001Sf-D2 for garchives@archives.gentoo.org; Sat, 14 Nov 2009 08:09:53 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id F0D8CE09D9 for ; Sat, 14 Nov 2009 08:09:52 +0000 (UTC) Received: from mail-iw0-f202.google.com (mail-iw0-f202.google.com [209.85.223.202]) by pigeon.gentoo.org (Postfix) with ESMTP id 289BCE0778 for ; Sat, 14 Nov 2009 07:01:20 +0000 (UTC) Received: by iwn40 with SMTP id 40so2934811iwn.32 for ; Fri, 13 Nov 2009 23:01:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=ZwLbuOTAClw3UtXrKAoc3nqgmYlpIvetesl/vyJXq4s=; b=HnPsMnES3e8ULRBzVDlp6l7nWX5cGbHjVCQqFSQEQ3ScCadTvVjEfKmGA6qWHuU4qu ApU3Se63g7Jm1g/HfKNCYxlhUKslmZgG1dMQ5sGRrKS4htj8tHP+L3Kxr4pbGfDNu66N c2+iVbSlg2zWx82Mw0MlIVI0jzCc1LVJGT94w= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=TJAxJbJWesWILrwobZ34Yzv2z3tq89djIoCitY754Za/EEi1bASi/xCztV0648S/B3 qBJCySvPm1APgxlfcTwkGGaHqmsH8NZxVeVwUeJT2m6a/A0MDTUevv+3HSy5Uiujuis9 vL9gEGpuLBLG9o+OcyfQYpJ5LeDOEA7S5c+WY= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.231.26.131 with SMTP id e3mr1904050ibc.0.1258182079984; Fri, 13 Nov 2009 23:01:19 -0800 (PST) In-Reply-To: <200911140025.08967.michaelkintzios@gmail.com> References: <200911122001.57860.michaelkintzios@gmail.com> <200911122218.51932.michaelkintzios@gmail.com> <1258067298.26857.29.camel@localhost> <200911140025.08967.michaelkintzios@gmail.com> Date: Sat, 14 Nov 2009 02:01:19 -0500 Message-ID: Subject: Re: [gentoo-user] Block root user from login on xorg GUI From: Joshua Murphy To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: a13c37da-18a5-4deb-85fc-8831b3bfa9a0 X-Archives-Hash: 3665386bfc2176a5350fefa235417575 On Fri, Nov 13, 2009 at 7:24 PM, Mick wrote: > On Thursday 12 November 2009 23:08:18 Iain Buchanan wrote: >> On Thu, 2009-11-12 at 22:18 +0000, Mick wrote: >> > On Thursday 12 November 2009 22:09:01 Alan McKinnon wrote: >> > > Gdm itself has a config option to disallow root logins >> > >> > Ahh, unfortunately I can only access it remotely via ssh at this stage= . >> > Hopefully the pam method will work fine. >> >> You don't need anything more to configure gdm than ssh access - this is >> Linux after all & a good program has text based configurations :) >> >> Edit /etc/X11/gdm/custom.conf >> >> In the section [security] add: >> AllowRoot=3Dfalse > > Thanks for this! =C2=A0:-) > >> You may then have to restart xdm. >> >> However, if someone has the root password to log in to X, then what's to >> stop them changing anything you do now? > > Know how? > -- > Regards, > Mick Approach security a little more sanely and don't give untrusted users root access? If you have to take steps to restrict the root account, you need to rethink who has use of it. Preventing damage in the event that the system *does* get compromised is one thing, but trying to control someone who is *given* access to root on the software side is the wrong approach, in my incredibly non-humble opinion. --=20 Poison [BLX] Joshua M. Murphy