There usually is no point in disallowing the (main) sysadmin access to a root terminal (although obviously in most cases 'sudo -i' is a better way to get that than 'sudo su').
Even if only 0.1% or less of "normal" users use this regularly (which they do), it is important that they can keep using it without any trouble. It is a supported feature (as the developers publicly explains how to re-enable it), and there is no way it will confuse users who don't need it (AFAICT), so it makes no sense at all to hide it.
Additionally, it also logs every invocation.
Last edited by JanC; 01-25-2013 at 03:26 PM.
Sometimes a few of the users try to hold total power over all the rest. For example, in 1984, a few users at the MIT AI lab decided to seize power by changing the operator password on the Twenex system and keeping it secret from everyone else. (I was able to thwart this coup and give power back to the users by patching the kernel, but I wouldn't know how to do that in Unix.)
However, occasionally the rulers do tell someone. Under the usual su mechanism, once someone learns the root password who sympathizes with the ordinary users, he or she can tell the rest. The “wheel group” feature would make this impossible, and thus cement the power of the rulers.
Please enumerate how logging in as root in GUI mode is more dangerous than using command line when.
a) Yum is not executed, nor any internet access
b) Gui mode is used to allow me to manage files and directories without the problems arising from a keying in error.
c) Want a list of key-in errors, just look at typos, look at rm *~ vs rm * ~
d) moving files from ../.././abc.c /opt/country/province/state/client/src and doing a mark and paste
So, please tell me what I am overlooking to make logging in as root more dangerous.
For years I have modifed pam.d files to allow root to logon in aui environment. So far, no past history of attacks as external web access is not used, and I am confident that no gui file or bash, bashrc etc has been modified.
I use common sense. Does that not exist any more.
I await your one example that will change my work habits.
I am not stubborn to reject changing my ways of doing things. I just would like one justification.