From Fedora Project Wiki

Revision as of 04:21, 14 June 2009 by Tmz (talk | contribs) (Make additional requirement of editing gdm-password on F11 more obvious)

By default, from Fedora 10 onwards, the root user is not allowed to login via the GNOME Display Manager (GDM) by default. Logging in as root in the graphical environment is typically not necessary, and not recommended at all for security reasons. Furthermore, it is easy to accidentally trash your system when using your system with full elevated privileges and administrator access. Graphical administration tools that require special privileges usually issue a prompt for the appropriate password.

You should use the su - ("switch user") command to run specific processes as root if necessary, or configure sudo instead. However, if you must login as root in GDM despite the increased security risks of doing so, follow the steps outlined below.

  1. Login in as a regular user and open the terminal (command line) and edit the configuration text file
    su -c 'gedit /etc/pam.d/gdm'
  2. Locate the line that that read as follows:
    auth required user != root quiet
  3. Remove or comment out line by prefixing #.
    # auth required user != root quiet
  4. Save and close the editor.

On Fedora 11, you also need to edit /etc/pam.d/gdm-password, following the above steps.

How does this work?

Fedora uses a Password Authentication Module (PAM) called This module is designed to issue an authentication success or failure based on characteristics of the account belonging to the authenticating user. One use is to select whether to load other modules based on this test. This module blocks root login for GDM, and can be toggled on or off as necessary.