HPE Community
Operating System - HP-UX
1851104 Members
2110 Online
104056 Solutions
New Discussion

root account

 
SOLVED
Go to solution
Olivier LEGRAND
Frequent Advisor

‎12-10-2001 06:45 AM

‎12-10-2001 06:45 AM

root account

Hello everybody,

I want to suppress root account or suppress all their capabilities.
The root account is a standard login and I want to replace it by the same with another name.

Is it possible? Problems ?
0 Kudos
Reply
8 REPLIES 8
Vincent Farrugia
Honored Contributor

‎12-10-2001 06:51 AM

‎12-10-2001 06:51 AM

Re: root account

Hello,

I think this can't be done. Why do you want to do this?

Vince
Tape Drives RULE!!!
0 Kudos
Reply
Uday_S_Ankolekar
Honored Contributor

‎12-10-2001 06:52 AM

‎12-10-2001 06:52 AM

Re: root account

Hi,

Actullay the UID=0 has super user capability. you can use different name for root but make sure the account has uid as zero.
Also take care if any perticular application in the system looks for account "root" instead of uid.

-Goodluck,
-USA..
Good Luck..
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎12-10-2001 06:52 AM

‎12-10-2001 06:52 AM

Solution

Re: root account

You'll probably break more things than it is worth. Some things look for the "root" process by looking at the UID of 0 (zero), to determine access, others might look for the name "root".

Secure your root account by only allowing it access from the console.

Also, look at this:

http://people.hp.se/stevesk/bastion.html

live free or die
harry
Live Free or Die
Reply
Olivier LEGRAND
Frequent Advisor

‎12-10-2001 06:59 AM

‎12-10-2001 06:59 AM

Re: root account

Thanks for your aswers.

Very good Harry, I just want to secure my servers and the login root is a security failure

You know

Regards
0 Kudos
Reply
Eugen Cocalea
Respected Contributor

‎12-10-2001 07:23 AM

‎12-10-2001 07:23 AM

Re: root account

Hi,

It is possible but you have to do it carefully and make sure, if you make 'root' disappear, also leave no signs it was there sometime. I mean, files owned by root should become owned by the new user that must have uid=0.

Some programs don't check for uid=0 but if user is 'root' so you might get into some troubles, but none that you can't solve. If you can't give up user root, make sure he doesn't have a valid shell.

Which reminds me, what happens if you succeed in making your system work absolutely gorgeous without the 'root' account and have to boot in single mode? Is this going to work?

E.
To Live Is To Learn
0 Kudos
Reply
John Bolene
Honored Contributor

‎12-10-2001 07:57 AM

‎12-10-2001 07:57 AM

Re: root account

I am not sure I understand security failure....

True, it is a known name, but your password should be a longer than 6 chars and a combination of letters (both upper case and lowercase and numbers).

Examples are HPiswUnderful123, IamaVerynice person987
It is always a good day when you are launching rockets! http://tripolioklahoma.org, Mostly Missiles http://mostlymissiles.com
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎12-10-2001 08:01 AM

‎12-10-2001 08:01 AM

Re: root account

Also, this is how you use securetty:

http://www.faqs.org/faqs/hp/hpux-faq/section-62.html

live free or die
harry
Live Free or Die
Reply
A. Clay Stephenson
Acclaimed Contributor

‎12-10-2001 08:04 AM

‎12-10-2001 08:04 AM

Re: root account

Hi:

While this can be done, I wouldn't do it. It generally causes more problems that it is worth. Quite a few installation scripts/programs actually look for 'root' rather that uid 0. In general knowing a login doesn't help you much in that the login facility is intentionally slow to avoid repeated login attempts. The real answer is to make sure that your root password is well-formed. In most companies, guessing logins is rather easy; e.g. first character of first name then the first seven letters of the last name or something similar.
If it ain't broke, I can fix that.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.