Re: renaming root account

Edward Alfert_2 · ‎11-12-2001

As a security measure, it is recommended that in windows environment you delete the administrator account after creating another administrator account with a different name. that way a hacker (or should i say cracker) has to figure out both the username and password. if you leave the default administrator name, he/she/it only has to guess the password.

Is there such a recommendation for unix/hp-ux?

how about the idea of creating a user with uid=0 and then removing the root account?

"Do what you love and you will never work a day in your life." - Confucius

Uday_S_Ankolekar · ‎11-12-2001

Hi,

I think it is always uid=0 counts not the name.

-USA..

Good Luck..

James R. Ferguson · ‎11-12-2001

Hi:

Don't start down this road!

First, there may be software that references the account name 'root' in lieu of the uid=0.

Second, if you use SAM to remove an account, you specify the *name* not the *id*. The removal of files and directories, if you choose to do so, however, is done by *id*. You can see the problem!

Choose a good password. Convert to a trusted system. Allow root login only at the console by placing 'root' in /etc/securetty. These are all better options than changing 'root' to something else!!!

Regards!

...JRF...

Craig Rants · ‎11-12-2001

Edward,
I have never heard anyone in the Unix environment say to remove the root account. Trying to compare Unix and Windows security is the old Apples and Oranges thing. That being said, the root account should be protected at all costs.

Start with locking down access to root
echo console > /etc/securetty

The command above will limit external root access to the serial connected console or to the su - command from a user already on the box.

Take the approach of securing your box, not patching over the problems and you will learn more about your system and feel better about its security.

Just my thoughts,
C

"In theory, there is no difference between theory and practice. But, in practice, there is. " Jan L.A. van de Snepscheut

A. Clay Stephenson · ‎11-12-2001

While it is true that uid 0 is what really counts, a number of scripts and programs may look for user 'root'. I wouldn't change this.

If it ain't broke, I can fix that.

Edward Alfert_2 · ‎11-12-2001

what about many files being owned by root? does the name not matter?

"Do what you love and you will never work a day in your life." - Confucius

John Bolene · ‎11-12-2001

root has to be the first entry in the password file.

You can set other users up with different passwords and uid=0 for them to be root.

It is always a good day when you are launching rockets! http://tripolioklahoma.org, Mostly Missiles http://mostlymissiles.com

Bernie Vande Griend · ‎11-12-2001

It is actually the user id of 0 that determines "root" access, not the name.
You would greatly have to modify the OS to change that behavior, unless you were building your own OS, it wouldn't be a good idea to even mess with that.

Purists will tell you to leave the unix account alone, don't add mutliple users with ids of 0, don't use software that changes the access of the "root" account or how it behaves. I tend to agree with that. There is software like CA's Access Control that tweaks the kernel and has the ability to change the root account itself, what it can access and do. There are other methods of securing a system and dealing with the power of root that do not modify the kernel. Sudo and PowerBroker are examples of those.
Even if you were to change the name root to something else, it really wouldn't do much to deter a hacker since the userid is still what matters.

Ye who thinks he has a lot to say, probably shouldn't.

Bill Hassell · ‎11-12-2001

Sure, just rename the root entry in /etc/passwd to something like notgood. Then be prepared for a LOT of sysadmin headaches in the future. Just like renaming the administrator account on a PC, if it is not common knowledge, then a lot of re-installs will take place 'cause no one knows how to login.

And if it is common-knowledge, then you might question the whole point of renaming the root user.

The recommended practice is to leave root as is, change the system to Trusted, and change root passwords on a regular basis. Anyone who tries to hack in as root will disable root on the network (console = still OK) and will also leave their IP-address+date+time as a calling card as seen from the lastb command.

Bill Hassell, sysadmin

James R. Ferguson · ‎11-12-2001

Hi (again) Edward:

The name of an account, other than perhaps 'root' does not matter. File ownership and process privileges are determined by various forms of the numeric id (uid, euid).

If you like, create a new user, call him "Edward"; nte the uid, create some files for him; remove the entry from the /etc/passwd file and /etc/group files (or use SAM to delete the account), BUT leave the files. If you do an 'ls' on the files you will now see their ownership described by the uid instead of the name. Now add a new account with a different name. Look at your files again and note that they are now owned by the "new" user.

Only the numeric value is stored in the file inode. The /etc/passwd file simply maps number-to-name.

Regards!

...JRF...

Regards!

...JRF...

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: renaming root account

renaming root account