[SOLVED] Disable root logins with LightDM

Everything about X, Gnome, KDE, ... and everything running on it

[SOLVED] Disable root logins with LightDM

Postby Imanol » 2012-12-24 01:36

Hi, I've been trying to install Debian on a new machine.

I've got the bad habit of always using the root account for EVERYTHING (I've been doing it for 7 years and I'm realizing how wrong I was), so I'm trying to redeem myself. Right now, I'd like to keep the ability to login as root on the system console, but I want to disallow root logins on X11 (I'm using LightDM) and I just can't find the way to do it!

I'm pretty sure it's very simple and I keep missing it, anyone care to help?

Thanks a lot for your help!!
Last edited by Imanol on 2012-12-25 15:26, edited 1 time in total.
Imanol
 
Posts: 50
Joined: 2011-12-26 22:30

Re: Disable root logins with LightDM

Postby vbrummond » 2012-12-24 04:30

It is far simpler to just not log in as root. I mean you have to manually type root and then the root password in order to log in as root. Just 'don't'. Is this merely an academic question in disguise or are you really addicted to logging in as root so that you might want to seek help for this addiction?
System: Retina 5K iMac, 27-inch, Late 2015 - Intel i5-6600 3.3ghz, 8gb RAM, AMD Radeon R9 M395 2048 MB
OS: Mac OS 10.12
vbrummond
 
Posts: 4417
Joined: 2010-03-02 01:42

Re: Disable root logins with LightDM

Postby Imanol » 2012-12-24 05:22

Actually maybe a little :D

I've logged as root a few times unconsciously when doing stuff and I just need some big message saying "Please don't do that anymore"

Also, it would improve security (wouldn't it?)

It sounds stupid, but there must be a way to disallow root logins
Imanol
 
Posts: 50
Joined: 2011-12-26 22:30

Re: Disable root logins with LightDM

Postby confuseling » 2012-12-24 10:40

You could change root's wallpaper to something frightfully rude... :shock:

Or a custom theme. Everything in a uniform shade of pink. Panels, widgets, cursor. Just pink.
The Forum's search box is terrible. Use site specific search, e.g.
https://www.google.com/search?q=site%3A ... terms+here
confuseling
 
Posts: 2144
Joined: 2009-10-21 01:03

Re: Disable root logins with LightDM

Postby Imanol » 2012-12-24 13:18

Good one, but seriously, is there no way to do it?

In that case I'll try switching to gdm3, I remember it had an AllowRootLogin or something similar on its configuration files...
Imanol
 
Posts: 50
Joined: 2011-12-26 22:30

Re: Disable root logins with LightDM

Postby Hallvor » 2012-12-24 13:20

Install sudo and disable root account?
HP Elitebook 2570p, Intel Core i5 3320-M CPU @ 2.60 GHz, 6 GB RAM, Intel HD 4000 graphics, 240 GB SSD, Debian Stretch (KDE)
User avatar
Hallvor
 
Posts: 843
Joined: 2009-04-16 18:35
Location: Norway

Re: Disable root logins with LightDM

Postby Imanol » 2012-12-24 14:33

But I still want to be able to login as root on the system console (/dev/ttyX)
Imanol
 
Posts: 50
Joined: 2011-12-26 22:30

Re: Disable root logins with LightDM

Postby fsmithred » 2012-12-24 15:12

[quote="confuseling"]You could change root's wallpaper to something frightfully rude... :shock:
SuSE used to put pictures of bombs in the background on a root login.
fsmithred
 
Posts: 1866
Joined: 2008-01-02 14:52

Re: Disable root logins with LightDM

Postby Imanol » 2012-12-25 15:24

I'm getting OFF lighdm, It gives me a lot of trouble as it ignores a lot of .files on my home folder, incorrectly sets the cursor theme and misbehaves wildly

I'm marking this as solved.
Imanol
 
Posts: 50
Joined: 2011-12-26 22:30

Re: [SOLVED] Disable root logins with LightDM

Postby Roaring Silence » 2013-06-21 21:43

I know this post was marked as solved, but it wasn't really solved. The questioner presumably installed a different desktop manager. I am using lightdm in Peppermint Linux, which is ultimately a Debian derivative, and like the original enquirer, I wanted to keep a root account in the background, but disable gui logins for the root user. Unfortunately there does not seem to be a way to do this through the lightdm configuration files, but there is a way to do it by adding a line to one of the PAM configuration files in /etc/pam.d/
As root, in a terminal cd to /etc/pam.d/
then code: ls
You should see the file lightdm
code: nano lightdm
Look to see if there is a line:

# auth required pam_succeed_if.so user != root quiet

If it is there, uncomment it, by removing the initial #
If it is not there, add it without the initial # I don't think its position in the file matters, but I added it near the beginning.
Save the file and reboot, and you should find that that root can no longer log in. I am posting this here in case anyone else wants to keep root privileges but for security's sake disable root gui logins.
I am sorry if this post is too late to help the original enquirer, but that is the only solution as far as lightdm is concerned.
Roaring Silence
 
Posts: 55
Joined: 2009-07-03 23:24
Location: United Kingdom

Re: [SOLVED] Disable root logins with LightDM

Postby ruffwoof » 2018-10-04 22:23

Just stumbled across this old post, I know, years out of date but for reference - create a admin (or whatever) userid and add sudo group to that userid, then

sudo passwd -d root
sudo passwd -l root (that's a little L as in lock).

You'll then have to login as admin and use sudo or run sudo su -

A primary benefits are that hackers can attempt to brute force root passwords, but with a userid that's used for admin and root logins locked they have to brute force both a username and password. sudo also tends to run a lot less things as root so there's less inclination towards a security bug opening up undesired root access.
ruffwoof
 
Posts: 271
Joined: 2016-08-20 21:00

Re: Disable root logins with LightDM

Postby ruffwoof » 2018-10-04 22:32

Imanol wrote:I'm getting OFF lighdm, It gives me a lot of trouble as it ignores a lot of .files on my home folder, incorrectly sets the cursor theme and misbehaves wildly

IIRC its only GDM that provides the capacity to run X as user, or alternatively boot to cli login as user and run X.

You can boot to cli by adjusting /etc/default/grub to
# GRUB_CMDLINE_LINUX_DEFAULT # comment out so textual boot messages
GRUB_CMDLINE_LINUX="text"
GRUB_TERMINAL="console"
.. and run update-grub && systemctl set-default multi-user.target

Set the system to auto login 'user' by creating /etc/systemd/system/getty@tty1.service.d/override.conf containing ...
[Service]
ExecStart=
ExecStart=-/sbin/agetty --autologin user --noclear %I 38400 linux
... and enable that by running systemctl enable getty@tty1.service (change the --autologin user to whatever userid you want to auto login to).

Set the system so you need to be a member of wheel group to su ... but don't add 'user' to the wheel group i.e. edit /etc/pam.d/su and uncomment the line
auth required pam_wheel.so

Appending
[ -z $DISPLAY ] && [ "$(tty)" = "/dev/tty" ] && startx
to user's ~/.profile will automatically startx when user is (automatically) logged in i.e. boots straight to gui (X) desktop.
ruffwoof
 
Posts: 271
Joined: 2016-08-20 21:00


Return to Desktop & Multimedia

Who is online

Users browsing this forum: No registered users and 4 guests

fashionable