topic Re: root account in Operating System - HP-UX

root account

Olivier LEGRAND — Mon, 10 Dec 2001 14:45:51 GMT

Hello everybody,

I want to suppress root account or suppress all their capabilities.
The root account is a standard login and I want to replace it by the same with another name.

Is it possible? Problems ?

Re: root account

Vincent Farrugia — Mon, 10 Dec 2001 14:51:49 GMT

Hello,

I think this can't be done. Why do you want to do this?

Vince

Re: root account

Uday_S_Ankolekar — Mon, 10 Dec 2001 14:52:36 GMT

Hi,

Actullay the UID=0 has super user capability. you can use different name for root but make sure the account has uid as zero.
Also take care if any perticular application in the system looks for account "root" instead of uid.

-Goodluck,
-USA..

Re: root account

harry d brown jr — Mon, 10 Dec 2001 14:52:58 GMT

You'll probably break more things than it is worth. Some things look for the "root" process by looking at the UID of 0 (zero), to determine access, others might look for the name "root".

Secure your root account by only allowing it access from the console.

Also, look at this:

http://people.hp.se/stevesk/bastion.html

live free or die
harry

Re: root account

Olivier LEGRAND — Mon, 10 Dec 2001 14:59:08 GMT

Thanks for your aswers.

Very good Harry, I just want to secure my servers and the login root is a security failure

You know

Regards

Re: root account

Eugen Cocalea — Mon, 10 Dec 2001 15:23:15 GMT

Hi,

It is possible but you have to do it carefully and make sure, if you make 'root' disappear, also leave no signs it was there sometime. I mean, files owned by root should become owned by the new user that must have uid=0.

Some programs don't check for uid=0 but if user is 'root' so you might get into some troubles, but none that you can't solve. If you can't give up user root, make sure he doesn't have a valid shell.

Which reminds me, what happens if you succeed in making your system work absolutely gorgeous without the 'root' account and have to boot in single mode? Is this going to work?

E.

Re: root account

John Bolene — Mon, 10 Dec 2001 15:57:06 GMT

I am not sure I understand security failure....

True, it is a known name, but your password should be a longer than 6 chars and a combination of letters (both upper case and lowercase and numbers).

Examples are HPiswUnderful123, IamaVerynice person987

Re: root account

harry d brown jr — Mon, 10 Dec 2001 16:01:53 GMT

Also, this is how you use securetty:

http://www.faqs.org/faqs/hp/hpux-faq/section-62.html

live free or die
harry

Re: root account

A. Clay Stephenson — Mon, 10 Dec 2001 16:04:44 GMT

Hi:

While this can be done, I wouldn't do it. It generally causes more problems that it is worth. Quite a few installation scripts/programs actually look for 'root' rather that uid 0. In general knowing a login doesn't help you much in that the login facility is intentionally slow to avoid repeated login attempts. The real answer is to make sure that your root password is well-formed. In most companies, guessing logins is rather easy; e.g. first character of first name then the first seven letters of the last name or something similar.