LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-21-2011, 05:07 PM   #1
stormreactor
LQ Newbie
 
Registered: Jul 2011
Posts: 22

Rep: Reputation: Disabled
Use a Different Name for 'root'


Okay. This might be a stupid question, but is there any way to build a linux distro with a root user named something other than 'root'?

I'm trying to set up a mobile system where the username 'root' will be used for something else. It'd probably be more secure with an unconventional superuser name, anyway.

(Also, is there any way to rename the root user on an existing distro, pre- or post-install?)

Thanks all!
 
Old 07-21-2011, 05:12 PM   #2
Arcane
Member
 
Registered: May 2006
Location: Latvia, Europe
Distribution: random
Posts: 303

Rep: Reputation: 233Reputation: 233Reputation: 233
Well even if it is possible why not create extra user with root privileges and lock root account with password that is very very long and will take ages to break + configure system use the other account when needed?
 
Old 07-21-2011, 05:20 PM   #3
stormreactor
LQ Newbie
 
Registered: Jul 2011
Posts: 22

Original Poster
Rep: Reputation: Disabled
Well, I suppose I could, but it wouldn't solve the problem of me needing the username 'root' for a non-superuser.

Even if it isn't a good idea, let's just say in the spirit of academic inquiry, is there a way to do this?

Thanks for your response.
 
Old 07-21-2011, 05:20 PM   #4
SL00b
Member
 
Registered: Feb 2011
Location: LA, US
Distribution: SLES
Posts: 375

Rep: Reputation: 112Reputation: 112
Also, disable root login from remote, so it won't do anyone any good to try to brute force the account without physical access.

If you set up an app that uses a less privileged account named "root", and you try to do something with it that says you need "root" privileges, things are going to get mighty confusing.
 
Old 07-21-2011, 05:23 PM   #5
brian-ocs
LQ Newbie
 
Registered: Jul 2011
Location: San Diego, CA
Distribution: CentOS 6, Linux Mint Debian Edition
Posts: 18

Rep: Reputation: 1
The root account gets all sorts of special treatment in terms of the way it can access files and run commands. My understanding is that these features are built into the kernel itself, which means you would probably have to build your own kernel--probably not worth the trouble.

You might be able to switch around user/UID and group/GID pairings by doing some clever juggling with usermod, but I don't know that the system would honour changes to the root account while logged in as root.

Another thought: if you lock down the root account, like Arcane suggests, you still can't create an additional "root" account. However, since Linux is case sensitive, you could create something similar; Root or r00t, perhaps

Last edited by brian-ocs; 07-21-2011 at 05:27 PM.
 
1 members found this post helpful.
Old 07-21-2011, 05:33 PM   #6
stormreactor
LQ Newbie
 
Registered: Jul 2011
Posts: 22

Original Poster
Rep: Reputation: Disabled
Oh, okay. I wasn't sure if 'root' was built into the kernel or not. In the case that it is, I suppose my project just go 10x more complex.

'root' is a poor choice for a superuser name, in my opinion. The word "root" seems to already be used all over the place in the computer sciences.

At any rate, does anyone have any good resources on the mechanics of a superuser? If I do modify the kernel (which is currently way over my head), I might also need a reference to a good source which could explain the anatomy of the Linux kernel.
 
Old 07-21-2011, 05:35 PM   #7
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Debian Testing
Posts: 19,192
Blog Entries: 4

Rep: Reputation: 469Reputation: 469Reputation: 469Reputation: 469Reputation: 469
Why aren't you using sudo? That way you can restrict access to superuser actions, you can even restrict the superuser actions taken by account and you don't have to give out the root password. Look into visudo (man visudo).
 
Old 07-21-2011, 05:46 PM   #8
Arcane
Member
 
Registered: May 2006
Location: Latvia, Europe
Distribution: random
Posts: 303

Rep: Reputation: 233Reputation: 233Reputation: 233
Quote:
Originally Posted by brian-ocs View Post
{...}if you lock down the root account you still can't create an additional "root" account.{...}
Em..root privileges is key not account - ubuntu is example that root isn't required as rule for distro to work + extra users can be created just like in Windows with admin rights. My point was to disable root or not use at all so not create duplicate root in first place which makes no sence because OP wanted get rid of it.
 
Old 07-21-2011, 05:49 PM   #9
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530
Quote:
Originally Posted by stormreactor View Post
my project just go 10x more complex.
That's not a problem with Linux but with a faulty or lacking project definition. And an odd choice of user name in the first place given you told us yourself you know that "The word "root" seems to already be used all over the place in the computer sciences"...


Quote:
Originally Posted by stormreactor View Post
At any rate, does anyone have any good resources on the mechanics of a superuser? If I do modify the kernel (which is currently way over my head), I might also need a reference to a good source which could explain the anatomy of the Linux kernel.
You do not want to go there. It's against standards, you'll break more than you will be able to fix and you'll be SOL and w/o support. If you want to dip your toes in kernel land beyond 'man capabilities' and its references I'd suggest starting with "Understanding the Linux Kernel".

I second Sudo usage for tasks requiring root privileges.
 
1 members found this post helpful.
Old 07-21-2011, 05:55 PM   #10
brian-ocs
LQ Newbie
 
Registered: Jul 2011
Location: San Diego, CA
Distribution: CentOS 6, Linux Mint Debian Edition
Posts: 18

Rep: Reputation: 1
Arcane, I concur: it is perfectly possible and even desirable to grant administrative privileges to different accounts. I read stormreactor's post to mean that he wanted to use the word "root" as the name for a different account (presumably non-administrative). I was saying that the system would not allow that particular string of letters, r-o-o-t, to be used to indicate two separate accounts ( that is, 2 UIDs), and that there was likely no way to assign the root account (UID 0) a different user name.
 
Old 07-21-2011, 06:16 PM   #11
stormreactor
LQ Newbie
 
Registered: Jul 2011
Posts: 22

Original Poster
Rep: Reputation: Disabled
Haha, okay. I guess I'd better go into a bit more detail on my project.

I am attempting to build a Linux distribution for a particular homebrew mobile computing platform. It's not another run-of-the-mill computer operating system for you desktop. It has to serve some very specific functions, one of which involves utilizing a user named 'root'.

For the purposes of security, I don't want to use the superuser account 'root' which appears in 99% of Linux distros out there. I want to create an separate account named 'root', which will be highly restricted and not have any root privileges whatsoever.

Why not create another user with a different name that can do the same tasks, you might ask? Well, I suppose I could, but naming the user 'root' would make things much easier at a hardware level. Trust me.

I know that this is the "Newbie" section of LinuxQuestions.org, and I am a Linux newbie, so I didn't know how complicated this question was. It is possible that I just bit off more than I can chew, or I'll just have to migrate to another Unix-like kernel where the root user can be renamed. (I'm not aware of any that exists, however.)

As for Ubuntu, I am keenly aware that you don't need to use the root account to get root privileges, since sudo is installed by default. But the 'root' user does still exist and is still vital to the function of the system under the surface. (You can access it by entering "sudo su" in the terminal.)
______________________________

@unSpawn - True, it may be faulty. I did think of that, but also thought that it would be easier to rename 'root'. I guess I was wrong. Also, read below.

@brain-ocs - You are correct in your reading of my post. I do want to totally obliterate 'root' as a superuser, which means replacing UID 0. If this isn't possible, I most definitely have to figure out a workaround. The mobile platform I'm working on is supposed to be a 'client' to another piece of hardware (which I didn't build) that imitates an actual physical user through a hard-wired interface. This piece of hardware often accesses the client by logging in as 'root', and I am not aware of a way to reprogram it. It's decently old.
 
Old 07-21-2011, 06:20 PM   #12
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
Quote:
Originally Posted by Arcane View Post
Em..root privileges is key not account - ubuntu is example that root isn't required as rule for distro to work + extra users can be created just like in Windows with admin rights. My point was to disable root or not use at all so not create duplicate root in first place which makes no sence because OP wanted get rid of it.
Wtf? The root account is utterly essential under Ubuntu, you just don't directly login to it. What account do you think sudo uses? What account do you think all the init processes run as?

In principle there should be a logical difference between root and uid 0. The main init process launches as uid 0. But you can't easily know it other scripts do reference "root ". If you are stripping things down a lot you might be able to get into a state where you do know that. I'm not aware of any sanity checks etc, but I may well be wrong. Just rename it in passed and shadow and group and reboot...

Last edited by acid_kewpie; 07-21-2011 at 06:26 PM.
 
Old 07-21-2011, 06:21 PM   #13
Arcane
Member
 
Registered: May 2006
Location: Latvia, Europe
Distribution: random
Posts: 303

Rep: Reputation: 233Reputation: 233Reputation: 233
Quote:
Originally Posted by stormreactor View Post
{...}As for Ubuntu, I am keenly aware that you don't need to use the root account to get root privileges, since sudo is installed by default. But the 'root' user does still exist and is still vital to the function of the system under the surface. (You can access it by entering "sudo su" in the terminal.){...}
root is disabled on Ubuntu and you won't access it with sudo you will just execute stuff with root privileges but will stay in custom account name. This is why many people avoid Ubuntu because they need root account by default. If you compare it to Windows sudo is like "Run as" command where you execute something as admin while staying in limited user without logging in that account.
https://help.ubuntu.com/community/RootSudo
Quote:
Originally Posted by acid_kewpie View Post
Wtf? The root account is utterly essential under Ubuntu, you just don't directly login to it. What account do you think sudo uses? What account do you think all the init processes run as?
Custom account with root privileges? It is like Windows XP where root is hidden Administrator account from Welcome screen outside safe mode and working one is extra admin acc with custom name you specify when install it. Also i never said root account doesn't exist in Ubuntu but is denied to user by default which makes same outcome.
http://en.wikipedia.org/wiki/Sudo

Last edited by Arcane; 07-21-2011 at 06:30 PM.
 
Old 07-21-2011, 06:23 PM   #14
MTK358
LQ 5k Club
 
Registered: Sep 2009
Posts: 6,443
Blog Entries: 3

Rep: Reputation: 720Reputation: 720Reputation: 720Reputation: 720Reputation: 720Reputation: 720Reputation: 720
Quote:
Originally Posted by brian-ocs View Post
The root account gets all sorts of special treatment in terms of the way it can access files and run commands. My understanding is that these features are built into the kernel itself
I thought that the kernel doesn't pay attention to the user's name, and that it only uses the user IDs (0 == root).

I wonder what would happen if you would just rename the "root" entries in /etc/passwd and /etc/shadow to some other name.
 
1 members found this post helpful.
Old 07-21-2011, 06:29 PM   #15
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
Quote:
Originally Posted by Arcane View Post
root is disabled on Ubuntu and you won't access it with sudo you will just execute stuff with root privileges but will stay in custom account name. This is why many people avoid Ubuntu because they need root account by default. If you compare it to Windows sudo is like "Run as" command where you execute something as admin while staying in limited user without logging in that account.
Open a terminal and run "sudo -i ". Root login shell.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] how can i remount root filesystem as read/write after modify readonly-root file jcwkyl Linux - Newbie 3 12-21-2010 11:40 PM
Adding root privaliges to user accounts or auto login as root Val-Ent Linux - General 15 03-02-2010 05:27 PM
How can I have a script owned as root and run as root by a user: setuid? stickey bit? abefroman Linux - Newbie 9 04-19-2008 06:15 PM
why lftp command run failed when user isn't root, but ok when logining as root steven_yu Linux - Software 0 06-06-2007 09:36 PM
root files: create as root:root or root:wheel? pcass Linux - Security 1 02-07-2004 05:14 PM


All times are GMT -5. The time now is 05:16 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration