can't run gnome as root - addition - SOLVED

[Avi Greenbury]

Patrick Asselman wrote:
> On 2012-10-03 12:24, Phil Dobbin wrote:
> >Tom H wrote:
> >
> >>On Wed, Oct 3, 2012 at 5:49 AM, Patrick Asselman
> >><iceblink at seti.nl> wrote:
> >>>As far as I'm aware, ssh does (by default) not allow root to
> >>>login anyway,
> >>
> >>"PermitRootLogin yes" is set by default on Debian and Ubuntu.
> >>
> >
> >And on CentOS & Fedora...
> 
> I have to say, this amazes me.
> 
> In my opinion this should be changed, to protect the innocent
> unknowing Linux users. The expert users who know what they get
> themselves into, can figure out how to re-enable. Default should be
> to not permit it. 

The efforts to protect people from themselves is what's lead to root
having no password and therefore being unable to login irrespective of
PermitRootLogin's setup. I think the assumption is that if someone
really does want a working root account, they probably want all of it.

SSH isn't installed by default, too, so there's at least two steps the
'unknowing' Linux users need to make - setting a password for root and
installing an sshd - before they open themselves up to whatever it is
you're concerned about.

> Can anyone tell me why it is enabled by default?

>From Colin Watson in bug 45416 [0]:

> This has been discussed many times before and rejected. Note that this
> is also the upstream default. PermitRootLogin allows you to have an
> audit trail of public keys used to log in to the root account rather
> than having to figure out which account escalated to root; furthermore
> on a system where the root password is enabled, it is appropriate to
> log in directly since otherwise the account you use to escalate to
> root is essentially root-equivalent. In Ubuntu's default
> configuration, it makes no difference whether PermitRootLogin is
> enabled or not, so the comments in RootSudo do not apply here.

-- 
Avi

[0] https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/45416



>