| View previous topic :: View next topic |
| Author |
Message |
Dont know anything
n00b
Joined: 13 Jun 2003
Posts: 60
|
 Posted: Sun Sep 07, 2003 1:05 am Post subject: X as root |
 |
|
Allright I got another newbe question, it says in the security guide i should NOT run x as root.
What does this mean?
When i installed x i did emerge xfree as root.
When i type ps -aux i can see that kdm and /etc/X11/X -nolisten tcp get started up as root during boot up.
Dos this mean my boxs is insecure and that if i run apache and a mailserver that it's a easy hack?
If thats the case, can i get any sugestions of how i'm suposed to avoid this?
*sorry for crappy spelling*
Thanks up front =) |
|
| Back to top |
|
 |
Ox-
Guru
Joined: 19 Jun 2003
Posts: 305
|
| Posted: Sun Sep 07, 2003 3:42 am Post subject: |
|
|
xdm and xfree have to run as root.
I guess what the guide means is... don't start a session as root. I.e. don't run startx when logged in as root, and don't log in as root from the xdm login screen.
Log in as a regular user, then if you need to do something as root, do it with something like gnomesu or su in a console. |
|
| Back to top |
|
|
steveb
Advocate
Joined: 18 Sep 2002
Posts: 4564
|
| Posted: Sun Sep 07, 2003 3:45 am Post subject: Re: X as root |
|
|
| Dont know anything wrote: | Allright I got another newbe question, it says in the security guide i should NOT run x as root.
What does this mean?
When i installed x i did emerge xfree as root.
When i type ps -aux i can see that kdm and /etc/X11/X -nolisten tcp get started up as root during boot up.
Dos this mean my boxs is insecure and that if i run apache and a mailserver that it's a easy hack?
If thats the case, can i get any sugestions of how i'm suposed to avoid this?
*sorry for crappy spelling*
Thanks up front =) |
i try to explain (english is not my native language):
1) installing xfree as root is normal (you could install it as an user if you are member of the group "portage", but installing it as root is no problem at all).
2) if you use kdm or xdm or gdm and login as root, then this is NOT good! but login as normal user and switching to root (with su or sudo) whenever needed is okay.
3) NO! your box is not insecure (from what i can see). it could be that there are exploit or problems with apache or your mail server, but your setup is preatty normal. just keep reading the gentoo security advisory and update the critical software when needed. and avoid to login as root!
cheers
SteveB |
|
| Back to top |
|
|
Dont know anything
n00b
Joined: 13 Jun 2003
Posts: 60
|
| Posted: Sun Sep 07, 2003 5:03 am Post subject: Thanks |
|
|
Thanks, i was getting a bit worried here...
 |
|
| Back to top |
|
|
|
Networking & Security
