1 |
On Fri, Nov 13, 2009 at 7:24 PM, Mick <michaelkintzios@×××××.com> wrote: |
2 |
> On Thursday 12 November 2009 23:08:18 Iain Buchanan wrote: |
3 |
>> On Thu, 2009-11-12 at 22:18 +0000, Mick wrote: |
4 |
>> > On Thursday 12 November 2009 22:09:01 Alan McKinnon wrote: |
5 |
>> > > Gdm itself has a config option to disallow root logins |
6 |
>> > |
7 |
>> > Ahh, unfortunately I can only access it remotely via ssh at this stage. |
8 |
>> > Hopefully the pam method will work fine. |
9 |
>> |
10 |
>> You don't need anything more to configure gdm than ssh access - this is |
11 |
>> Linux after all & a good program has text based configurations :) |
12 |
>> |
13 |
>> Edit /etc/X11/gdm/custom.conf |
14 |
>> |
15 |
>> In the section [security] add: |
16 |
>> AllowRoot=false |
17 |
> |
18 |
> Thanks for this! :-) |
19 |
> |
20 |
>> You may then have to restart xdm. |
21 |
>> |
22 |
>> However, if someone has the root password to log in to X, then what's to |
23 |
>> stop them changing anything you do now? |
24 |
> |
25 |
> Know how? |
26 |
> -- |
27 |
> Regards, |
28 |
> Mick |
29 |
|
30 |
Approach security a little more sanely and don't give untrusted users |
31 |
root access? If you have to take steps to restrict the root account, |
32 |
you need to rethink who has use of it. Preventing damage in the event |
33 |
that the system *does* get compromised is one thing, but trying to |
34 |
control someone who is *given* access to root on the software side is |
35 |
the wrong approach, in my incredibly non-humble opinion. |
36 |
|
37 |
-- |
38 |
Poison [BLX] |
39 |
Joshua M. Murphy |