After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 162960 - Gnome should give a warning if users logs in as root
Gnome should give a warning if users logs in as root
Status: RESOLVED FIXED
Product: gnome-session
Classification: Core
Component: general
2.11.x
Other All
: Normal enhancement
: ---
Assigned To: Session Maintainers
Session Maintainers
Depends on:
Blocks:
 
 
Reported: 2005-01-04 21:54 UTC by Diego Calleja
Modified: 2008-01-24 01:32 UTC
See Also:
GNOME target: ---
GNOME version: Unversioned Enhancement



Description Diego Calleja 2005-01-04 21:54:44 UTC
(I'm sorry if this is the wrong product to file the bug against)

Current versions of gnome don't give any warning when users logs in as root,
which is something, IMHO, should be changed:

Allowing users to use the a whole desktop environment is not good, and the proof
of this is Windows: It don't matters how much "secure" is Sp2, the accounts
windows XP creates by default are with administrative privileges, and then
spyware or any virus can do anything in the system. Also, accidentally deleting
a system file can damage the whole system. Windows is the proof that allowing
users to log in with all the privileges and not warning them of that is not good.


IMHO, gnome should not promote this user's behaviour and should do something
about it. Apps which need root privileges for something should ask for root
password like gnome-system-tools does.

Gnome Bug #44437 shows how gnome 1.4 had it, and it was removed, it looks like
the warning was "annoying". The user was asking for a option to remove the
warning - which seems sensible altough it's stupid, just not login as root- but
it looks like it was removed it all, which was not a good idea IMHO.

(KDE has a "krootwarning" which warns the user when it logs in as user. It runs
in each startup and if the user has root privileges it shows a warning in a
window for 30 seconds in the startup which doesn't allow the user to continue
for those 30 seconds. Of course, it can be disabled)
Comment 1 Sebastien Bacher 2005-07-23 15:08:10 UTC
Thanks for your bug. I'm not sure that's something to change from gnome-session,
gdm already has an option about this.

Ccing usuability to get their opinion on this.
Comment 2 Calum Benson 2005-07-26 11:13:00 UTC
I totally agree we shouldn't encourage (or need) people to log in as root. 
However, as Sebastien says, gdm already has an option to prevent users from
doing so-- this leaves it up to distros and sysadmins to decide what the default
behaviour should be, which seems reasonable to me.  And a user can't change that
option without knowing the root password anyway.

I'd be inclined to vote for leaving things as they are, and instead work on
fixing anything that makes users think they need to log in as root.
Comment 3 Vincent Untz 2007-05-09 12:35:41 UTC
Well, there's a difference in using gdm to log in as root in, say, twm, and in GNOME.

I added a small dialog. I'll get reports about this if this annoys users, so let's see during 2.19 :-)
Comment 4 service 2008-01-24 01:32:31 UTC
RE:
2007-05-08  Vincent Untz  <vuntz@gnome.org>

	Add a warning when the user logs in as root.
	Fix bug #162960

It took a while for this to filter down to the various distributions, but it has surely arrived in Fedora and Ubuntu products. It is also a very unwelcome addition.

The Ubuntu developers have made great progress in reducing the need to access the system as root.
By default, root login is disabled. By default, if you want access to root, you must enable this in GDM and you must also create a new root password.
The tools to limit root access already exist, more are not needed.

With this addition to the startup code, even after a person who needs root access and has gone to all the steps to enable it, they get this pop up warning message.
The complaints are just starting to show in English languages searches for how to disable this pop up, they are showing up even more in the non English pages.

For example:
La modifique y quedo de esta manera

Code:

#define ROOTSESSION_RESPONSE_CONTINUE 1
#define ROOTSESSION_RESPONSE_QUIT 3
static gboolean
gsm_check_for_root (void)
{
    return FALSE;
} 

Even if you only speak English, you should recognize modifique as Modify.
And the postings reply was typical.........
Muchas gracias gente!.. Saludos!
I would have only added “Hasta la vista Pop Up !!!”

I don't want to sound rude nor disrespectful, but hard coding this pop up in is really excessive.

If the developers truly believe that this extra pop up to warn the person that has knowingly entered the account named “root” and has knowingly entered the correct “root password” just might be an uniformed new Linux user and therefore still needs a Pop Up warning, then we also need a Gconf-tool setting to enable and disable this “feature”.

Please, as my request and that of many others, either remove the Pop Up or give us a configuration that we can turn it off.

A few Ref:
http://ubuntuforums.org/showthread.php?t=572922
http://forums.gentoo.org/viewtopic-p-4624304-highlight-.html?sid=8cb162da5dc055aa399c01b7f406a115