HPE Community
Operating System - HP-UX
1752513 Members
5045 Online
108788 Solutions
New Discussion юеВ

Why should I not rename root?

 
SOLVED
Go to solution
Brian Myners
Occasional Contributor

тАО09-28-2000 03:18 AM

тАО09-28-2000 03:18 AM

Why should I not rename root?

Can anyone think of a reason why I should not rename "root"?

If the Security system relies on a User Name/ Password pair, then having a known i.d means that any would-be hacker will be half way there.

Any comments would be greatly appreciated.
To err is human .....to get me involved just makes it worse.
0 Kudos
Reply
8 REPLIES 8
CHRIS ANORUO
Honored Contributor

тАО09-28-2000 03:29 AM

тАО09-28-2000 03:29 AM

Re: Why should I not rename root?

Think of renaming your user id and see if you can log into the system!!!!!
When We Seek To Discover The Best In Others, We Somehow Bring Out The Best In Ourselves.
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО09-28-2000 03:29 AM

тАО09-28-2000 03:29 AM

Re: Why should I not rename root?

Andrew:

In reality, superuser privilege is known and/or conferred when the uid=0 regardless of whether the name is "root" or "Andrew", or whatever. Thus, you aren't really defeating much of anything for the determined cracker.

...JRF...
0 Kudos
Reply
John Palmer
Honored Contributor

тАО09-28-2000 03:41 AM

тАО09-28-2000 03:41 AM

Re: Why should I not rename root?

Well there may be lots of things that are coded to include the name 'root'.

A swift search of scripts in /sbin/init.d throw up a couple that do chown and rely on id returning uid=0(root). There may be lots of other things as well.

Being halfway there in knowing the username? are you a statistician?

Hopefully your password is not as easily guessed!
0 Kudos
Reply
Chris Garman
Frequent Advisor

тАО09-28-2000 03:43 AM

тАО09-28-2000 03:43 AM

Solution

Re: Why should I not rename root?

In theory there is no reason not to.
Once authenticated by login, you are known to the system by a UID only.

However there may be applications or system utilities that refer to superuser via the username of root, so obviously you would run into problems here.

I don't know the official HP line, but Id put money on the fact it is 'unsupported'. I hate it when they say that!!
Reply
John Palmer
Honored Contributor

тАО09-28-2000 04:02 AM

тАО09-28-2000 04:02 AM

Re: Why should I not rename root?

One other thought, if you use vipw to modify the password file, it does consistency checks for user 'root'. If you haven't got one then vipw won't work'
0 Kudos
Reply
Cheryl Griffin
Honored Contributor

тАО09-28-2000 04:31 AM

тАО09-28-2000 04:31 AM

Re: Why should I not rename root?

Besides the fact that it is a UNIX standard, and who knows what little feature was hardcoded to look for root user.

Will it work - More than likely.
Has it been tested - No.
Would it be supported - Probably not.
Does it buy you anything - No.
"Downtime is a Crime."
0 Kudos
Reply
Brian Myners
Occasional Contributor

тАО09-28-2000 05:27 AM

тАО09-28-2000 05:27 AM

Re: Why should I not rename root?

Thanks for the replies. My view was that as there are other mechanisms for protecting the root login, it was not worth running the risk of adversely effecting scripts / programs.

Thanks and points will be awarded shortly.
To err is human .....to get me involved just makes it worse.
0 Kudos
Reply
Wodisch
Honored Contributor

тАО10-02-2000 03:12 AM

тАО10-02-2000 03:12 AM

Re: Why should I not rename root?

Hello Andrew,

it definitly *NOT* work! The username "root" is hardcoced into a lot of codefiles,
and configfiles; e.g. check "/etc/inetd.conf" - almost all services will not work, if
there is no "root" with UID=0! Same is true for many more files and programs.
I have tried this - it is not worth the effort :-(

HTH,
Wodisch
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.