Re: renaming root account (169 Views)
Reply
Respected Contributor
Edward Alfert_2
Posts: 174
Registered: ‎04-15-2001
Message 1 of 11 (169 Views)
Accepted Solution

renaming root account

As a security measure, it is recommended that in windows environment you delete the administrator account after creating another administrator account with a different name. that way a hacker (or should i say cracker) has to figure out both the username and password. if you leave the default administrator name, he/she/it only has to guess the password.

Is there such a recommendation for unix/hp-ux?

how about the idea of creating a user with uid=0 and then removing the root account?
"Do what you love and you will never work a day in your life." - Confucius
Honored Contributor
Uday_S_Ankolekar
Posts: 2,021
Registered: ‎06-05-2001
Message 2 of 11 (169 Views)

Re: renaming root account

Hi,

I think it is always uid=0 counts not the name.

-USA..
Good Luck..
Acclaimed Contributor
James R. Ferguson
Posts: 21,184
Registered: ‎07-06-2000
Message 3 of 11 (169 Views)

Re: renaming root account

Hi:

Don't start down this road!

First, there may be software that references the account name 'root' in lieu of the uid=0.

Second, if you use SAM to remove an account, you specify the *name* not the *id*. The removal of files and directories, if you choose to do so, however, is done by *id*. You can see the problem!

Choose a good password. Convert to a trusted system. Allow root login only at the console by placing 'root' in /etc/securetty. These are all better options than changing 'root' to something else!!!

Regards!

...JRF...
Honored Contributor
Craig Rants
Posts: 1,078
Registered: ‎10-23-2001
Message 4 of 11 (169 Views)

Re: renaming root account

Edward,
I have never heard anyone in the Unix environment say to remove the root account. Trying to compare Unix and Windows security is the old Apples and Oranges thing. That being said, the root account should be protected at all costs.

Start with locking down access to root
echo console > /etc/securetty

The command above will limit external root access to the serial connected console or to the su - command from a user already on the box.

Take the approach of securing your box, not patching over the problems and you will learn more about your system and feel better about its security.

Just my thoughts,
C
"In theory, there is no difference between theory and practice. But, in practice, there is. " Jan L.A. van de Snepscheut
Acclaimed Contributor
A. Clay Stephenson
Posts: 17,825
Registered: ‎07-16-1998
Message 5 of 11 (169 Views)

Re: renaming root account

While it is true that uid 0 is what really counts, a number of scripts and programs may look for user 'root'. I wouldn't change this.
If it ain't broke, I can fix that.
Respected Contributor
Edward Alfert_2
Posts: 174
Registered: ‎04-15-2001
Message 6 of 11 (169 Views)

Re: renaming root account

what about many files being owned by root? does the name not matter?
"Do what you love and you will never work a day in your life." - Confucius
Honored Contributor
John Bolene
Posts: 1,835
Registered: ‎01-08-1998
Message 7 of 11 (169 Views)

Re: renaming root account

root has to be the first entry in the password file.

You can set other users up with different passwords and uid=0 for them to be root.
It is always a good day when you are launching rockets! http://tripolioklahoma.org, Mostly Missiles http://mostlymissiles.com
Respected Contributor
Bernie Vande Griend
Posts: 342
Registered: ‎03-29-2000
Message 8 of 11 (169 Views)

Re: renaming root account

It is actually the user id of 0 that determines "root" access, not the name.
You would greatly have to modify the OS to change that behavior, unless you were building your own OS, it wouldn't be a good idea to even mess with that.

Purists will tell you to leave the unix account alone, don't add mutliple users with ids of 0, don't use software that changes the access of the "root" account or how it behaves. I tend to agree with that. There is software like CA's Access Control that tweaks the kernel and has the ability to change the root account itself, what it can access and do. There are other methods of securing a system and dealing with the power of root that do not modify the kernel. Sudo and PowerBroker are examples of those.
Even if you were to change the name root to something else, it really wouldn't do much to deter a hacker since the userid is still what matters.
Ye who thinks he has a lot to say, probably shouldn't.
Honored Contributor
Bill Hassell
Posts: 14,221
Registered: ‎05-29-2000
Message 9 of 11 (169 Views)

Re: renaming root account

Sure, just rename the root entry in /etc/passwd to something like notgood. Then be prepared for a LOT of sysadmin headaches in the future. Just like renaming the administrator account on a PC, if it is not common knowledge, then a lot of re-installs will take place 'cause no one knows how to login.

And if it is common-knowledge, then you might question the whole point of renaming the root user.

The recommended practice is to leave root as is, change the system to Trusted, and change root passwords on a regular basis. Anyone who tries to hack in as root will disable root on the network (console = still OK) and will also leave their IP-address+date+time as a calling card as seen from the lastb command.
Acclaimed Contributor
James R. Ferguson
Posts: 21,184
Registered: ‎07-06-2000
Message 10 of 11 (169 Views)

Re: renaming root account

Hi (again) Edward:

The name of an account, other than perhaps 'root' does not matter. File ownership and process privileges are determined by various forms of the numeric id (uid, euid).

If you like, create a new user, call him "Edward"; nte the uid, create some files for him; remove the entry from the /etc/passwd file and /etc/group files (or use SAM to delete the account), BUT leave the files. If you do an 'ls' on the files you will now see their ownership described by the uid instead of the name. Now add a new account with a different name. Look at your files again and note that they are now owned by the "new" user.

Only the numeric value is stored in the file inode. The /etc/passwd file simply maps number-to-name.

Regards!

...JRF...

Regards!

...JRF...
Honored Contributor
Wodisch
Posts: 3,786
Registered: ‎06-30-2000
Message 11 of 11 (169 Views)

Re: renaming root account

Hello,

to add an example "why NOT" to this thread (btw: did we not have this discussion some months ago, already?):
look into "/etc/inetd.conf" and you will find a lot of "root" in there. Rename or delete "root" from your "/etc/passwd" and NOBODY CAN TELNET IN ANYMORE! nor rlogin, nor X-windows...

So what would you gain? Some jokes about "the man who shot down his system"...

Just my $9.99,
Wodisch
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.