Re: changing root account name

From: Jose Nazario (jose@biocserver.BIOC.cwru.edu)
Date: 10/30/01


Date: Tue, 30 Oct 2001 17:25:07 -0500 (EST)
From: Jose Nazario <jose@biocserver.BIOC.cwru.edu>
To: Kurt Yoder <kylist@shcorp.com>
Subject: Re: changing root account name
Message-ID: <Pine.LNX.4.30.0110301723030.32481-100000@biocserver.BIOC.CWRU.Edu>

On Tue, 30 Oct 2001, Kurt Yoder wrote:

> Would there be any benefit in changing the account name of "root"? For
> instance, I could change the uid 0 account to have the name "foobar".
> Then, if someone were trying to break into the root account, they
> would have an additional step; instead of logging in as root, they'd
> first have to find out what the uid 0 account was called. Of course,
> "su" would always work, but an attempted root login via the network
> would be more difficult, right?

there are far more efficient ways to getting uid zero access rather than
using ssh target -l root or whatever. just smash a stacke or format your
own string on a process running as uid 0 and voila, you are uid 0.

changing the uid 0 login name is hardly worth doing. besides, a few pieces
of low quality software may expect uid 0 == root and hardcode that. your
move may break that.

hope that helps,

____________________________
jose nazario jose@cwru.edu
                           PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)



Relevant Pages

  • Re: Apache 2.2 & Perl CGI::Simple running under separate uids: SCGI? FCGI? PSGI?
    ... | CGIwrap needs to be installed set-uid to root. ... Log in as root, change ... root to change your process to another UID. ... and have the web server talk to them with FastCGI ...
    (comp.lang.perl.misc)
  • Re: Rename root to avoid hacking?
    ... Those are remote attacks, ... root user by name, but I am absolutely certain that no system-local ones ... By using the UID instead of the username, ... ...reach exactly the same SMTP daemon welcome banner. ...
    (comp.os.linux.security)
  • Re: HELP! Is that possible "creating a user named root but acturally not the administrator root"
    ... UID zero. ... Then root will still exist, but it will not be possible to log in to ... The OP asked if it is possible to name a different account root - eg ... the FreeBSD system comes automatically set to you cannot log ...
    (freebsd-questions)
  • Re: ZFS & NFS
    ... This is expected behaviour of NFS. ... It simply sets the UID of remote root to the value -1. ... a Solaris NFS server maps "root" access to ...
    (freebsd-stable)
  • Re: ZFS & NFS
    ... This is expected behaviour of NFS. ... It simply sets the UID of remote root to the value -1. ... a Solaris NFS server maps "root" access to ...
    (freebsd-stable)