Renaming root account
Atom Powers
APowers at PyramidBrew.com
Thu Mar 3 17:13:34 GMT 2005
Enabling "toor" is not very different from renaming the root account, worse
because you would then have two "root" (uid 0) accounts.
I don't see any harm in renaming the root account, but I don't think it would
do much either. Most processes that use root run with setuid 0, regardless of
what's in the passwd file. Even in user land you don't have to know what the
root account is named if you use 'su' or 'sudo'.
The only case I can envision where it would make a difference is if you have
an application which wants to run as a specific (usually unpriv.) user and
you set it to use "root", or if you allow "root" logon through ssh (bad idea)
or terminal (but if somebody can get that then you are already in trouble).
----
Perfection is just a word I use occasionally with mustard.
Atom Powers
Systems Administrator
Pyramid Breweries Inc.
206.682.8322 x251
-----Original Message-----
From: owner-freebsd-security at freebsd.org
[mailto:owner-freebsd-security at freebsd.org] On Behalf Of Wouter
Sent: Thursday, March 03, 2005 1:22 AM
To: freebsd-security at freebsd.org
Subject: Re: Renaming root account
Renaming root is generally a bad idea, what you could do, however, is set a
password on(thus enabling) the "toor" account and set root's shell to
/sbin/nologin
Wouter
----- Original Message -----
From: "Craig Edwards" <brain at winbot.co.uk>
To: <freebsd-security at freebsd.org>
Sent: Thursday, March 03, 2005 09:03
Subject: Renaming root account
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi everyone,
>
> One quick question: Is it safe and/or sensible to rename the root
> account, so that the only uid 0 user on a system is something different
> to root? I can see how this would be effective against external
> attackers who have no knowledge of the internals of the system as they
> would spend pointless hours trying to crack a user which doesnt exist,
> however to internal users they could always just cat /etc/passwd and see
> that root has been renamed. So firstly, is this possible, and security
> wise is it of any real use? Can anyone think of any apps it would break
> that assume that the uid 0 user is called root and don't just address
> the user by its uid?
>
> Thanks,
> Craig Edwards
>
> - --
> WinBot IRC client developer: http://www.winbot.co.uk
> ChatSpike - The users network: http://www.chatspike.net
> InspIRCd - Modular IRC server: http://www.inspircd.org
> Online RPG Developer: http://www.ssod.org
> - --
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.5 (MingW32)
>
> iD8DBQFCJsTf0k42Wxli/BARAp2DAJ9dp1eu2IL41pfp/4ZFp9kS2KuMdgCeI20k
> w1Jt+uriEmWM+wmhEFxH+vw=
> =vGhO
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
"freebsd-security-unsubscribe at freebsd.org"
>
_______________________________________________
freebsd-security at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
More information about the freebsd-security
mailing list