advanced search 

Topics

Home
Command Lines (0/0)
General News (0/0)
HowTo (3/0)
Mission (1/0)
Scripts (0/0)

User Functions





Don't have an account yet? Sign up as a New User
Lost your password?

Events

There are no upcoming events
Wednesday, July 03 2024 @ 01:12 AM EDT
   

root login - fixing fedora 11

Sunday, December 06 2009 @ 03:16 AM EST
Contributed by:
Views: 240,035
HowTo

Its sad to see that the fedora distro has followed ubuntu in disabling the root login.  I'm sure that some idiot has passed himself off as a security expert by comming up with the idea.  If your the kind of admin who babysits an email server and plays freecell all day, then you probably should not log in as root .... ever ....  For those of us who actually work in system administration and 90% of everything we do requires root access, logging in as root is a necessary evil. 



The restrictions for root login are handled by PAM so the fix is pretty straight forward.  You will need to edit one or more of the following files depending on your auth settings

/etc/pam.d/gdm
/etc/pam.d/gdm-password
/etc/pam.d/gdm-fingerprint

Edit each file and remove or comment out the line that reads:

auth            required          pam_succeed_if.so user != root quiet

That should do it. And of course, backup your files before you change them etc.. etc..  If you don't know basic precautionary procedures you shouldn't be messing with the root account and you deserve what you get

 

What's Related

Story Options

Trackback

Trackback URL for this entry: http://www.empirelinux.org/trackback.php?id=20091206031638430

No trackback comments for this entry.
root login - fixing fedora 11 | 1 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
root login - fixing fedora 11
Authored by: r00t on Sunday, December 06 2009 @ 04:30 AM EST

I thought I had better add a quick comment in an attempt to hold back the flood of 'Never login as root' flames that will follow.

First of all, I do not always log in as root. I log in as root when i need to update or reconfigure a system. I have configured my root desktop to launch my browser under my standard users account and my irc client runs in a chroot jail. Those are simple precautions for the high risk applications and the files that they may download.

As for the idea that your system is safer logging in as a normal user and then typing your root password later when you need to run an administrative app, I would like to remind you that hackers are childish but not stupid! From the mindset of a hacker i would be drooling at the thought of an overconfident semi-admin constantly typing the root password in a cluttered GUI environment.

Consider the following psudocode example:

trojan-worm // basic download with only normal user privlidages
{
deliver password stealing app;
replace the menu shortcut for and administrative app with shortcut to password stealing app;
}
password stealing app // simple script to simulate admin password prompt (GUI for prompt copied from open source code so appearance is identical) still only user permissions
{
prompt for password;
silently confirm password;
if password is valid {
remove shortcut to password stealing app and put back original administrative app shortcut;
post root password to #alt.leet.haxorz with a flaming challenge to test your security;
}
return false notice that the password was entered incorrectly;
quietly exit and delete password stealing app;
}
Edited on Monday, December 07 2009 @ 12:03 AM EST by r00t
[ # ]

     Copyright © 2024 empirelinux
 All trademarks and copyrights on this page are owned by their respective owners.
Created this page in 7.72 seconds