FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 06-30-2008, 03:58 AM
"Jerry Williams"
 
Default This session is running as a privileged user box?

I am getting tired of clicking Continue when the “This
session is running as a privileged user” box pops up each time I login as
root.


*


I am the only user most of the time on the box and I know
that you should login as a normal user most of the time.


*


So could we add a check box to this dialog box that says “Don’t
show this to me again.” ?


*


I saw this a bunch at the Summit as well.


People login as root and have to keep clicking “Continue”
and it slows things down.


And most people know about running things as root and really
only need to see this once.


*


Thanks!


Jerry Williams







--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 06-30-2008, 04:29 AM
"Tom "spot" Callaway"
 
Default This session is running as a privileged user box?

On Sun, 2008-06-29 at 21:58 -0600, Jerry Williams wrote:
> I am the only user most of the time on the box and I know that you
> should login as a normal user most of the time.

No, really, what you should do is login as a normal user _all_ of the
time, and use sudo or su to take root access only when you really need
it.

What you're doing is analogous to using a loaded shotgun as a golf club,
and what you're suggesting is that we take the safety off, because it
interferes with your golf game.

~spot

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 06-30-2008, 04:45 AM
"Tom "spot" Callaway"
 
Default This session is running as a privileged user box?

On Mon, 2008-06-30 at 00:29 -0400, Tom "spot" Callaway wrote:
> On Sun, 2008-06-29 at 21:58 -0600, Jerry Williams wrote:
> > I am the only user most of the time on the box and I know that you
> > should login as a normal user most of the time.
>
> No, really, what you should do is login as a normal user _all_ of the
> time, and use sudo or su to take root access only when you really need
> it.
>
> What you're doing is analogous to using a loaded shotgun as a golf club,
> and what you're suggesting is that we take the safety off, because it
> interferes with your golf game.

Although, it is also worth pointing out that if you still think it is a
good idea, you should write the patch and submit it upstream (i'm pretty
sure you want to look in gnome-session).

http://bugzilla.gnome.org/show_bug.cgi?id=162960 has some of the back
story here, from an upstream perspective.

~spot

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 06-30-2008, 02:50 PM
"Jerry Williams"
 
Default This session is running as a privileged user box?

> -----Original Message-----
> From: fedora-devel-list-bounces@redhat.com [mailto:fedora-devel-list-
> bounces@redhat.com] On Behalf Of Tom "spot" Callaway
> Sent: Sunday, June 29, 2008 10:30 PM
> To: Development discussions related to Fedora
> Subject: Re: This session is running as a privileged user box?
>
> On Sun, 2008-06-29 at 21:58 -0600, Jerry Williams wrote:
> > I am the only user most of the time on the box and I know that you
> > should login as a normal user most of the time.
>
> No, really, what you should do is login as a normal user _all_ of the
> time, and use sudo or su to take root access only when you really need
> it.

Hmm, I guess I need to think about why I am trying to do things by logging
in as root.

The first reason is that another account wasn't set up.

The other reason, that looks like it isn't an issue, was I wanted to run
some of the GUI tools as root, but it looks like they just ask for the root
password when run as a normal person, if they need root.

But then why does root's GUI profile have things like a browser or games or
stuff like that? Stuff you should never run as root?

I did attend a desktop security presentation at the Summit and it seemed
pretty good to try and fix some of these things, as far as letting a user
change things like timezone without needing the root password.

>
> What you're doing is analogous to using a loaded shotgun as a golf club,
> and what you're suggesting is that we take the safety off, because it
> interferes with your golf game.
>
> ~spot

So shouldn't we be removing some of the lead from the shells if we can?
Like not putting a browser in roots GUI?

I am thinking the biggest reason I login as root is pretty much habit.
And that is now sounding like that is a bad habit, that I should try and
break. So I am going to try and not login as root any more and see what
issues I run into.

Thanks!
Jerry Williams


--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 06-30-2008, 02:57 PM
"Tom "spot" Callaway"
 
Default This session is running as a privileged user box?

On Mon, 2008-06-30 at 08:50 -0600, Jerry Williams wrote:
> But then why does root's GUI profile have things like a browser or
> games or stuff like that? Stuff you should never run as root?

These are valid questions. I know there was some discussion about making
the root GUI session a super-minimal session, but I'm not sure where it
went from there.

~spot

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 06-30-2008, 05:09 PM
Doug Ledford
 
Default This session is running as a privileged user box?

On Mon, 2008-06-30 at 00:29 -0400, Tom "spot" Callaway wrote:
> On Sun, 2008-06-29 at 21:58 -0600, Jerry Williams wrote:
> > I am the only user most of the time on the box and I know that you
> > should login as a normal user most of the time.
>
> No, really, what you should do is login as a normal user _all_ of the
> time, and use sudo or su to take root access only when you really need
> it.

There are valid reasons to log in as root. Sometimes even always log in
as root (think test machine you wipe out over and over again and root is
the only account that ever exists on the machine, or times when NIS is
down and all the user accounts don't exist temporarily, or times when
NIS is up, but NFS is down and user home directories don't exist).
Regardless, the ability to turn off a nag over something you know well
and understand and accept the risks of doesn't seem to out of the
question to me (although I could also see hiding the knob to turn it off
in some deep foo so that a person can't turn it off without really
knowing what they are doing, which implies maybe they know what they are
doing logging in as they are).

> What you're doing is analogous to using a loaded shotgun as a golf club,
> and what you're suggesting is that we take the safety off, because it
> interferes with your golf game.

Hehehe, if that's how a person wants to play golf.... ;-)

--
Doug Ledford <dledford@redhat.com>
GPG KeyID: CFBFF194
http://people.redhat.com/dledford

Infiniband specific RPMs available at
http://people.redhat.com/dledford/Infiniband

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 06-30-2008, 05:18 PM
Chris Snook
 
Default This session is running as a privileged user box?

Jerry Williams wrote:
I am getting tired of clicking Continue when the “This session is
running as a privileged user” box pops up each time I login as root.




I am the only user most of the time on the box and I know that you
should login as a normal user most of the time.




So could we add a check box to this dialog box that says “Don’t show
this to me again.” ?





I saw this a bunch at the Summit as well.

People login as root and have to keep clicking “Continue” and it slows
things down.


And most people know about running things as root and really only need
to see this once.


How about we add a button to launch system-config-users, so that people can
create a non-root account and not have to deal with it again?


-- Chris

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 06-30-2008, 05:46 PM
Andrew Farris
 
Default This session is running as a privileged user box?

Tom "spot" Callaway wrote:

On Mon, 2008-06-30 at 08:50 -0600, Jerry Williams wrote:

But then why does root's GUI profile have things like a browser or
games or stuff like that? Stuff you should never run as root?


These are valid questions. I know there was some discussion about making
the root GUI session a super-minimal session, but I'm not sure where it
went from there.

~spot


Perhaps a normal user account should always be created during installation
without any feedback (choice of username/passwd) which can only be logged in to
from the local console. Such a user could be the 'I need to do initial maint'
account rather than root... and still need the root password to make changes.


Something like 'fedora/fedora' for user/pass which is always created and needs
to be disabled once installed.


Once another normal user is created, the 'fedora' user could be automatically
removed (perhaps by firstboot once users are created)?


--
Andrew Farris <lordmorgul@gmail.com> www.lordmorgul.net
gpg 0x8300BF29 fingerprint 071D FFE0 4CBC 13FC 7DEB 5BD5 5F89 8E1B 8300 BF29

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 06-30-2008, 05:53 PM
Andrew Farris
 
Default This session is running as a privileged user box?

Doug Ledford wrote:

On Mon, 2008-06-30 at 00:29 -0400, Tom "spot" Callaway wrote:

On Sun, 2008-06-29 at 21:58 -0600, Jerry Williams wrote:

I am the only user most of the time on the box and I know that you
should login as a normal user most of the time.

No, really, what you should do is login as a normal user _all_ of the
time, and use sudo or su to take root access only when you really need
it.


There are valid reasons to log in as root. Sometimes even always log in
as root (think test machine you wipe out over and over again and root is
the only account that ever exists on the machine


If this was an install-test machine you really don't need to setup
configurations like 'do not show me this again' anyway. If its meant to test
anything more significant than installation a normal user should be created
because you are not testing normal use scenarios if you're logged in as root.



or times when NIS is
down and all the user accounts don't exist temporarily, or times when
NIS is up, but NFS is down and user home directories don't exist).
Regardless, the ability to turn off a nag over something you know well
and understand and accept the risks of doesn't seem to out of the
question to me (although I could also see hiding the knob to turn it off
in some deep foo so that a person can't turn it off without really
knowing what they are doing, which implies maybe they know what they are
doing logging in as they are).


I question whether anyone knows what they are doing when logging in graphically
as root... if they know what they are doing they'll be fixing any of those
above problems from a virtual terminal, or remotely from a normal user
elsewhere. It is never necessary to login to an X session as root, and probably
shouldn't even be allowed.



What you're doing is analogous to using a loaded shotgun as a golf club,
and what you're suggesting is that we take the safety off, because it
interferes with your golf game.


Hehehe, if that's how a person wants to play golf.... ;-)


Better not to be the one to caddy for this 'club' user though.

--
Andrew Farris <lordmorgul@gmail.com> www.lordmorgul.net
gpg 0x8300BF29 fingerprint 071D FFE0 4CBC 13FC 7DEB 5BD5 5F89 8E1B 8300 BF29

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 06-30-2008, 06:24 PM
Doug Ledford
 
Default This session is running as a privileged user box?

On Mon, 2008-06-30 at 10:53 -0700, Andrew Farris wrote:
> Doug Ledford wrote:
> > On Mon, 2008-06-30 at 00:29 -0400, Tom "spot" Callaway wrote:
> >> On Sun, 2008-06-29 at 21:58 -0600, Jerry Williams wrote:
> >>> I am the only user most of the time on the box and I know that you
> >>> should login as a normal user most of the time.
> >> No, really, what you should do is login as a normal user _all_ of the
> >> time, and use sudo or su to take root access only when you really need
> >> it.
> >
> > There are valid reasons to log in as root. Sometimes even always log in
> > as root (think test machine you wipe out over and over again and root is
> > the only account that ever exists on the machine
>
> If this was an install-test machine you really don't need to setup
> configurations like 'do not show me this again' anyway. If its meant to test
> anything more significant than installation a normal user should be created
> because you are not testing normal use scenarios if you're logged in as root.

Sometimes, not testing "normal use scenarios" is exactly what you want.
As a kernel developer, I don't really want to mess with broken
console-kit rules in order to test if kernel module Y actually works
(any console rules are a separate issue from the kernel module working).

> I question whether anyone knows what they are doing when logging in graphically
> as root...

You can question it all you want, but I assure you I *do* know what I'm
doing, and I'll happily tell anyone that tells me otherwise to kindly
attend to their own affairs, kthxbye.

> if they know what they are doing they'll be fixing any of those
> above problems from a virtual terminal, or remotely from a normal user
> elsewhere. It is never necessary to login to an X session as root, and probably
> shouldn't even be allowed.

Shouldn't even be allowed? Boy, that's going a long ways down the road
of "I know what's best for you, so shut up and deal with it...", which
would be a big part of the reason I never liked Microsoft or Apple
OSes...let's please not go down that road.

> >> What you're doing is analogous to using a loaded shotgun as a golf club,
> >> and what you're suggesting is that we take the safety off, because it
> >> interferes with your golf game.
> >
> > Hehehe, if that's how a person wants to play golf.... ;-)
>
> Better not to be the one to caddy for this 'club' user though.

Not asking anyone to be my caddy, just for them not to deny me the right
to caddy my own game as I see fit.

--
Doug Ledford <dledford@redhat.com>
GPG KeyID: CFBFF194
http://people.redhat.com/dledford

Infiniband specific RPMs available at
http://people.redhat.com/dledford/Infiniband

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 

Thread Tools




All times are GMT. The time now is 06:15 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org