Re: Lock Screen as root

On Fri, 2006-05-26 at 00:29 -0400, Erik Hemdal wrote:
The "lock screen" operation in FC5 does not actually lock the screen
when the user is logged in as root. I'm curious about why this is not
considered a serious bug. When I log in as root, the Screensaver
Preferences applet shows the "lock screen when screensaver active" box
checked. It informs root that the screen will lock when in fact, it
won't.

I've found the following:

On the fedora-list, Aaron Konstam noted that locking the screen as
root is something you don't want to do, because you should not log in
as root.

Generally, unlike Windows, there isn't a *need* to graphically log in as
root. I've yet to come across any graphical configuration tools that
won't let you use them as root when you're otherwise logged in as
yourself (you're prompted for the password when you start them).
Likewise, you can use "su" or "sudo" for any command line things.

Logging in a root is risky, even more so when done graphically. Should
you fire up a web browser you expose the entire system to every flaw
that it might have, for instance. Leaving something like a browser
running, going away and not paying attention to it, might mean that some
page that reloads with another page after a time period might get you
with a time bomb. That's just one simple example.

Beyond the first week that I used Linux, where I just wanted to fiddle
with everything to see what it did, and not have to keep on entering a
password, I've not *had* to log on as root since, nor even felt the
need.

I suppose another aspect of leaving root logged in but locked out is
that someone might walk up, see they're locked out, and restart X,
clobbering anything that you wanted leaving running.

I do agree with you that the preferences shouldn't suggest that the root
user could lock the screen if it can't/won't.

--
(Currently running FC4, in case that's important to the thread)

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Relevant Pages

  • Re: screen saver and screen lock will not work on FC5
    ... KDE's kscreensaver can lock ... the screen for root ... the screensaver can't ... But it's possible to do that, and when you do under GNOME, the ...
    (Fedora)
  • Re: Lock Screen as root
    ... When I log in as root, the Screensaver ... Preferences applet shows the "lock screen when screensaver active" box ... Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org ...
    (Fedora)
  • Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14)
    ... >would be pretty sad to have a root security hole through the screensaver. ... up, and root access, they could always kill it that way. ... it does protect the payroll manager from having one of his lackeys give ...
    (Bugtraq)
  • Re: xhost +localhost
    ... Root should never have a pretty screensaver. ... > Programs like xscreensaver are doing FreeBSD a favor by preventing ... > you will make a mistake while running as root. ...
    (freebsd-questions)
  • Re: How can I allow screensaver unlocking by root?
    ... where the root passwd can unlock any user's screen saver. ... If I am the root passwd owner, I want to be able to get on a machine without having to destroy parts of it. ... How can I allow screensaver unlocking by root? ...
    (Fedora)