From Fedora Project Wiki

(New page: = Enabling Root User to Login for GNOME Display Manager = By default, from Fedora 10 onwards, root user is not allowed to login via GNOME Display Manager (GDM) by default. Logging in as r...)
 
m (internal link cleaning)
 
(8 intermediate revisions by 5 users not shown)
Line 1: Line 1:
= Enabling Root User to Login for GNOME Display Manager =
By default, from Fedora 10 onwards, the root user is not allowed to login via the GNOME Display Manager (GDM) by default. Logging in as root in the graphical environment is typically [http://mail.gnome.org/archives/gdm-list/2010-March/msg00022.html problematic], not necessary and not recommended at all for security reasons.  Furthermore, it is easy to accidentally trash your system when using your system with full elevated privileges and administrator access. Graphical administration tools that require special privileges usually issue a prompt for the appropriate password.


By default, from Fedora 10 onwards, root user is not allowed to login via GNOME Display Manager (GDM) by default. Logging in as root in the graphical environment is typically not necessary and not recommended at all for security reasons and also because it is easy to accidentally trash your system when using your system with full elevated privileges and administrator access. Graphical administration tools requiring root or user password will usually prompt on demand and we strongly recommend that you use switch user (su -) to run specific commands as root if needed or configure sudo instead. However if you must login as root in GDM despite the increased security risks of doing so, follow the steps outlined below
You should use the {{command|su -}} ("switch user") command to run specific processes as root if necessary, or [[Configuring_Sudo|configure {{command|sudo}}]] instead. However, if you must login as root in GDM despite the increased security risks of doing so, follow the steps outlined below.


Login in as a regular user and open the terminal (command line) and edit the configuration text file
<ol>
<li>Login in as a regular user and open the terminal (command line) and edit the configuration text file
<pre>su -c 'gedit /etc/pam.d/gdm'</pre></li>


<pre>
<li>Locate the line that that read as follows:
<pre>auth required pam_succeed_if.so user != root quiet</pre></li>


su -c 'gedit /etc/pam.d/gdm'
<li>Remove or comment out line by prefixing #.
<pre># auth required pam_succeed_if.so user != root quiet</pre></li>


</pre>
<li>Save and close the editor.</li>
</ol>


Locate the line that that read as follows:
On Fedora 11 onwards, you also need to edit {{filename|/etc/pam.d/gdm-password}}, following the above steps.
 
<pre>
 
auth required pam_succeed_if.so user != root quiet
 
</pre>
 
Remove or comment out line by prefixing #.
 
<pre>
 
# auth required pam_succeed_if.so user != root quiet
 
</pre>
 
Save and close the editor. You should be able login as root user using GDM now.


== How does this work? ==
== How does this work? ==


Fedora uses Password Authentication Module (PAM) called pam_succeed_if.so. This module is designed to succeed or fail authentication based on characteristics of the account belonging to the user being authenticated. One use is to select whether to load other modules based on this test. This module blocks root login for GDM. You can toggle it on or off as necessary.
Fedora uses a Password Authentication Module (PAM) called {{filename|pam_succeed_if.so}}. This module is designed to issue an authentication success or failure based on characteristics of the account belonging to the authenticating user. One use is to select whether to load other modules based on this test. This module blocks root login for GDM, and can be toggled on or off as necessary.

Latest revision as of 21:37, 17 September 2016

By default, from Fedora 10 onwards, the root user is not allowed to login via the GNOME Display Manager (GDM) by default. Logging in as root in the graphical environment is typically problematic, not necessary and not recommended at all for security reasons. Furthermore, it is easy to accidentally trash your system when using your system with full elevated privileges and administrator access. Graphical administration tools that require special privileges usually issue a prompt for the appropriate password.

You should use the su - ("switch user") command to run specific processes as root if necessary, or configure sudo instead. However, if you must login as root in GDM despite the increased security risks of doing so, follow the steps outlined below.

  1. Login in as a regular user and open the terminal (command line) and edit the configuration text file
    su -c 'gedit /etc/pam.d/gdm'
  2. Locate the line that that read as follows:
    auth required pam_succeed_if.so user != root quiet
  3. Remove or comment out line by prefixing #.
    # auth required pam_succeed_if.so user != root quiet
  4. Save and close the editor.

On Fedora 11 onwards, you also need to edit /etc/pam.d/gdm-password, following the above steps.

How does this work?

Fedora uses a Password Authentication Module (PAM) called pam_succeed_if.so. This module is designed to issue an authentication success or failure based on characteristics of the account belonging to the authenticating user. One use is to select whether to load other modules based on this test. This module blocks root login for GDM, and can be toggled on or off as necessary.