Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Sabayon 4.1 question
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Unsupported Software
View previous topic :: View next topic  
Author Message
gallienus
n00b
n00b


Joined: 29 Jul 2007
Posts: 5

PostPosted: Sat Jun 06, 2009 9:12 am    Post subject: Sabayon 4.1 question Reply with quote

Thank you I greatly appreciate the time you took to read this.

I know this isn't the place for sabayon support questions but all my posts on the sabayon board have died on this issue. Sabayon as you may or may not know comes in two flavors KDE and Gnome. In the gnome version it is still possible for root to log into a graphical desktop, this is not even possible in the KDE version. I've been reading message boards and web pages for the last 6 or 7 days looking for a way to enable root logins to the KDE 4.2 desktop. As far as I can tell the only 'built-in" method for blocking root login's in kde is AllowRootLogin=true or false in the kdmrc file. I've changed that to true and still no login. I've posted a message on the kde forum and a developer responded and said aside from the kdmrc file there is nothing kde does upstream to block root logins. I've even read up on pam and it seems like that would allow this kind of control but even after playing with the pam entries and re-emerging kdm and xdm with the pam use flags disabled I still have had no luck.

Since sabayon is based on gentoo I was wondering if this method of blocking a root login was something you guys came up with. Please don't take offense, as far as locking down a desktop it seems rather ingenious. I've been trying to find a solution for 6 days now and everything I've tried hasn't helped. Any help or insight on this topic is greatly appreciated.

Yes even before this I knew all about su, sudo and kdesu, and even if I didn't after six days of reading "just use su or sudo" those two commands are etched into my brain. After 6 days this is a matter of principle now. Even if I don't ever log into kde as root again, anything short of being able to do so is just not good enough. It's my pc and it doesn't matter what I want to do or that it's a bad idea if I want to log into root's desktop I should be able to so. Besides, just like gentoo sabayon uses portage so completely blocking a root login is just plain silly.

emerge -C pam or,
emerge -C grub

Can mess up a system a lot more than simply logging into KDE's desktop as root and I can do both of those things using su.

Again sorry for bringing a sabayon question to the gentoo board and I thank you for the time you took to read it and hopefully respond. Lastly, I'd like to thank all the developers that make gentoo possible. I don't use it but you guys make Sabayon possible and I greatly appreciate all your hard work and effort.
Back to top
View user's profile Send private message
skunk
l33t
l33t


Joined: 28 May 2003
Posts: 640
Location: granada, spain

PostPosted: Sat Jun 06, 2009 11:01 am    Post subject: Reply with quote

it works here after setting AllowRootLogin=true and restarting kdm.
running kde 4.2.89 on gentoo.
Back to top
View user's profile Send private message
hirakendu
Guru
Guru


Joined: 24 Jan 2007
Posts: 386
Location: san diego

PostPosted: Sat Jun 06, 2009 5:33 pm    Post subject: Reply with quote

I don't see why you are so careful about your words :). I know Sabayon users occassionally get a bit of flak here, but given that this is the *unsupported* section, I imagine one may ask about anything (perhaps remotely related to gentoo linux), including other distros (except possibly for something like how to enabling administrator login in windows or mac osx :p).

All said, yes, I do login as root in both kde and gnome. I use gdm (partly because I use gnome more often, and also as it is themable and it 'integrates' better.) Even in gdm, one needs to enable local root login in the preferences. As for kdm, the AllowRootLogin=true thing you mentioned is the only thing you require to do. (This is a system with kde 4.2 and USE=-kdeprefix, and the config file is /usr/share/config/kdm/kdmrc.)

I do remember having some issues with pam/consolekit and kdm/gdm, but I think it got resolved with appropriate USE flags. You don't need to emerge -C any packages, and doing so on system packages is totally uncool (a more benign version of 'rm -rf /').

I don't think Gentoo does anything to disable root login. If at all you can't root login into KDE after all this, then it could possibly be Sabayon.

You may see my appropriate config files (kdmrc, gdm.conf, package.use, make.conf etc) here.
_________________
Helium Sources || Gentoo Minimal Livecd
Back to top
View user's profile Send private message
gallienus
n00b
n00b


Joined: 29 Jul 2007
Posts: 5

PostPosted: Sun Jun 07, 2009 8:42 pm    Post subject: Reply with quote

Thanks for the replies. Now I know it's something the Sabayon Devs did since this isn't kde or gentoo in origin.
Back to top
View user's profile Send private message
i92guboj
Bodhisattva
Bodhisattva


Joined: 30 Nov 2004
Posts: 10306
Location: Córdoba (Spain)

PostPosted: Sun Jun 07, 2009 8:59 pm    Post subject: Reply with quote

May I ask why would you want to run a desktop as root?

I just want to warn you that's not a good idea at all. It's way to easy to do a silly thing on a desktop, and, besides that, there's absolutely no reason to do so. If you need to run a single program as root, use su, sudo, kdesu or whatever you prefer.
_________________
Gentoo Handbook | My website
Back to top
View user's profile Send private message
gallienus
n00b
n00b


Joined: 29 Jul 2007
Posts: 5

PostPosted: Sun Jun 07, 2009 11:57 pm    Post subject: Reply with quote

Actually I very, very rarely log into root's desktop. I can't give you a concrete example of when I needed to log into root's desktop. I do remember when I first installed mythtv I was having some trouble with mysql. In the process of trying to get mythtv and mysql working I did occasionally jump to the root desktop.

From a security standpoint I know logging into the root desktop really can't be justified. I'm looking at it from the standpoint of, "It's my computer and it's my call if the root desktop is ever actually used". I'm not really sure how they crippled the root account but it's more than just using AllowRootLogin. I've already spent a week trying to figure this out and it's all to no avail. Instead of reading about pam I should have spent that time going over each and every file in /root to see if some key files had their permissions set properly. I've given up. At this point it'll be easier just to upgrade to the gnome version of sabayon that still allows for root login's.

I'm not looking to start a great debate I just think that even if it is risky, massively dangerous, unwise and just plain stupid it's the user's decision.
Back to top
View user's profile Send private message
i92guboj
Bodhisattva
Bodhisattva


Joined: 30 Nov 2004
Posts: 10306
Location: Córdoba (Spain)

PostPosted: Mon Jun 08, 2009 12:12 am    Post subject: Reply with quote

Of course it's your decision. Fair enough :)

I only wanted to make sure that you knew the implications.
_________________
Gentoo Handbook | My website
Back to top
View user's profile Send private message
gallienus
n00b
n00b


Joined: 29 Jul 2007
Posts: 5

PostPosted: Mon Jun 08, 2009 12:49 am    Post subject: Reply with quote

Oh yeah, it's something I'm extremely careful with. In fact when I put linux on a person's computer I warn them about the risks of using root and tell them they should avoid logging into root at all costs.
Back to top
View user's profile Send private message
yabbadabbadont
Advocate
Advocate


Joined: 14 Mar 2003
Posts: 4791
Location: 2 exits past crazy

PostPosted: Mon Jun 08, 2009 3:38 am    Post subject: Reply with quote

I believe that it is disabled at the xorg level. I'm pretty sure that pappy_mcfae has a thread about getting around it somewhere... unfortunately, he helps a lot of people, so finding it might be just a tad difficult. You might try shooting him a private message and see if he can provide you with the correct link to the thread where it was discussed.

Edit: actually it was about allowing xscreensavers to run when logged in as root... sorry. Still, it might give you some ideas.

https://forums.gentoo.org/viewtopic-t-691628-highlight-.html
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Unsupported Software All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum