Enabling Root User For GNOME Display Manager

From FedoraProject

Revision as of 04:21, 14 June 2009 by Tmz (Talk | contribs)

Jump to: navigation, search

By default, from Fedora 10 onwards, the root user is not allowed to login via the GNOME Display Manager (GDM) by default. Logging in as root in the graphical environment is typically not necessary, and not recommended at all for security reasons. Furthermore, it is easy to accidentally trash your system when using your system with full elevated privileges and administrator access. Graphical administration tools that require special privileges usually issue a prompt for the appropriate password.

You should use the su - ("switch user") command to run specific processes as root if necessary, or configure sudo instead. However, if you must login as root in GDM despite the increased security risks of doing so, follow the steps outlined below.

  1. Login in as a regular user and open the terminal (command line) and edit the configuration text file
    su -c 'gedit /etc/pam.d/gdm'
  2. Locate the line that that read as follows:
    auth required pam_succeed_if.so user != root quiet
  3. Remove or comment out line by prefixing #.
    # auth required pam_succeed_if.so user != root quiet
  4. Save and close the editor.

On Fedora 11, you also need to edit /etc/pam.d/gdm-password, following the above steps.

How does this work?

Fedora uses a Password Authentication Module (PAM) called pam_succeed_if.so. This module is designed to issue an authentication success or failure based on characteristics of the account belonging to the authenticating user. One use is to select whether to load other modules based on this test. This module blocks root login for GDM, and can be toggled on or off as necessary.