| 1 |
On Fri, Nov 13, 2009 at 7:24 PM, Mick <michaelkintzios@×××××.com> wrote: |
| 2 |
> On Thursday 12 November 2009 23:08:18 Iain Buchanan wrote: |
| 3 |
>> On Thu, 2009-11-12 at 22:18 +0000, Mick wrote: |
| 4 |
>> > On Thursday 12 November 2009 22:09:01 Alan McKinnon wrote: |
| 5 |
>> > > Gdm itself has a config option to disallow root logins |
| 6 |
>> > |
| 7 |
>> > Ahh, unfortunately I can only access it remotely via ssh at this stage. |
| 8 |
>> > Hopefully the pam method will work fine. |
| 9 |
>> |
| 10 |
>> You don't need anything more to configure gdm than ssh access - this is |
| 11 |
>> Linux after all & a good program has text based configurations :) |
| 12 |
>> |
| 13 |
>> Edit /etc/X11/gdm/custom.conf |
| 14 |
>> |
| 15 |
>> In the section [security] add: |
| 16 |
>> AllowRoot=false |
| 17 |
> |
| 18 |
> Thanks for this! :-) |
| 19 |
> |
| 20 |
>> You may then have to restart xdm. |
| 21 |
>> |
| 22 |
>> However, if someone has the root password to log in to X, then what's to |
| 23 |
>> stop them changing anything you do now? |
| 24 |
> |
| 25 |
> Know how? |
| 26 |
> -- |
| 27 |
> Regards, |
| 28 |
> Mick |
| 29 |
|
| 30 |
Approach security a little more sanely and don't give untrusted users |
| 31 |
root access? If you have to take steps to restrict the root account, |
| 32 |
you need to rethink who has use of it. Preventing damage in the event |
| 33 |
that the system *does* get compromised is one thing, but trying to |
| 34 |
control someone who is *given* access to root on the software side is |
| 35 |
the wrong approach, in my incredibly non-humble opinion. |
| 36 |
|
| 37 |
-- |
| 38 |
Poison [BLX] |
| 39 |
Joshua M. Murphy |
Archives