theoretical question - can root's username be changed?
Matthew Miller
mattdm at mattdm.org
Fri Dec 2 13:23:03 UTC 2005
On Thu, Dec 01, 2005 at 11:16:58PM -0500, Claude Jones wrote:
> must go on to get at root's privileges, by changing his username. What is
> the advantage of every Linux system having this same user, 'root'? I make
> it a point when securing a Windows server of always deleting the
> administrator account and creating a new account with membership in
> administrators for administration purposes. Why is that concept flawed, or
> feeble, as you put it? It pretty much goes downhill from there with
> Windows, but, I see nothing wrong with that particular feature.
For this reason, I prefer to make it so the root account doesn't allow ssh
logins, or even restrict logins to a given set of users -- edit
/etc/ssh/sshd_config (see old threads here for details).
Beyond that, the name you pick doesn't really matter, since the power is in
uid/gid 0, not in the name. And, someone trying to break in other than
through password-guessing (which they won't even be able to try if you block
external root logins) won't care what the name is; they'll aim for uid 0.
(In fact, a common system-hacker thing to do is create a second account with
uid 0.
--
Matthew Miller mattdm at mattdm.org <http://mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
More information about the fedora-list
mailing list