Use a Different Name for 'root'

stormreactor · 07-22-2011, 03:43 PM

Okay, new update.

After changing the name of UID 0 (root), sudo doesn't actually work correctly. If you use it to access a protected file, it will still deny permission (such as accessing /etc/sudoers, for example). Other operations, such as the GUI mount for DSL, will also not work.

What I mean to say is that this may not have been as 'clean' as I thought. While sudo gives the appearance of working, it does not. (You can still do root-level operations by switching to the root user with "su <root user>", however.)

Also, as I mentioned in an earlier reply, the network stops working in DSL. Some of these problems may just be DSL specific, but for your advice for anyone who wants do what I did, build your own Linux system and do it at the beginning. It will remove a lot of headache.

Nevertheless, if you do do it on a functioning system temporarily, it won't drastically kill it (with the stripped-down distros at any rate). You'll just have some problems with some system services and processes, that's all. Anyway, I hope this helps anyone who wants to replace 'root' out there, however few there may be. Good luck!

frieza · 07-22-2011, 03:52 PM

yeah root has been a standard for the sysadmin's user name for decades, not just for linux/unix but other things like mysql
honestly i don't see any real reason to change it, but good luck

tommylovell · 07-22-2011, 04:42 PM

Quote:

Originally Posted by MTK358

I thought that the kernel doesn't pay attention to the user's name, and that it only uses the user IDs (0 == root).

I wonder what would happen if you would just rename the "root" entries in /etc/passwd and /etc/shadow to some other name.

As others have said, that's true. The name "root" has no real significance (or it least it should have no significance). UID=0 is what is important. (I'm not certain how this would all tie into SELinux, though.)

But, if you had this,

Code:

[root@athlon ~]# vi /etc/passwd

[root@athlon ~]# head -n3 /etc/passwd
root:x:0:0:root:/root:/bin/bash
notroot:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin

[root@athlon ~]# ls -n
total 104
-rw-------. 1 0 0  2177 Jul 17 02:38 anaconda-ks.cfg
-rw-r--r--. 1 0 0 62986 Jul 17 02:38 install.log
-rw-r--r--. 1 0 0 11682 Jul 17 02:33 install.log.syslog
-rwxr-xr-x. 1 0 0 13008 Jul 19 22:41 ps_mem.py
-rwxr-xr-x. 1 0 0   142 Jul 19 15:23 swap

[root@athlon ~]# ls -l
total 104
-rw-------. 1 root root  2177 Jul 17 02:38 anaconda-ks.cfg
-rw-r--r--. 1 root root 62986 Jul 17 02:38 install.log
-rw-r--r--. 1 root root 11682 Jul 17 02:33 install.log.syslog
-rwxr-xr-x. 1 root root 13008 Jul 19 22:41 ps_mem.py
-rwxr-xr-x. 1 root root   142 Jul 19 15:23 swap

Then reversed the first two /etc/passwd entries,

Code:

[root@athlon ~]# vi /etc/passwd

[root@athlon ~]# head -n3 /etc/passwd
notroot:x:0:0:root:/root:/bin/bash
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin

[root@athlon ~]# ls -n
total 104
-rw-------. 1 0 0  2177 Jul 17 02:38 anaconda-ks.cfg
-rw-r--r--. 1 0 0 62986 Jul 17 02:38 install.log
-rw-r--r--. 1 0 0 11682 Jul 17 02:33 install.log.syslog
-rwxr-xr-x. 1 0 0 13008 Jul 19 22:41 ps_mem.py
-rwxr-xr-x. 1 0 0   142 Jul 19 15:23 swap

[root@athlon ~]# ls -l
total 104
-rw-------. 1 notroot root  2177 Jul 17 02:38 anaconda-ks.cfg
-rw-r--r--. 1 notroot root 62986 Jul 17 02:38 install.log
-rw-r--r--. 1 notroot root 11682 Jul 17 02:33 install.log.syslog
-rwxr-xr-x. 1 notroot root 13008 Jul 19 22:41 ps_mem.py
-rwxr-xr-x. 1 notroot root   142 Jul 19 15:23 swap

If you logon as root after the above change is made,

Code:

Last login: Fri Jul 22 17:22:53 2011 from 192.168.1.99

[notroot@athlon ~]# whoami
notroot

[notroot@athlon ~]# w
 17:28:19 up 5 days,  8:52,  4 users,  load average: 0.16, 0.12, 0.13
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
tommy    tty7     :0               Sun08    5days 39.56s  0.25s pam: gdm-passwo
tommy    pts/0    :0.0             Sun08    5days  0.64s  1.78s gnome-terminal
root     pts/1    192.168.1.99     17:22    1:51   0.10s  0.10s -bash
root     pts/2    192.168.1.99     17:27    0.00s  0.17s  0.13s w

[notroot@athlon ~]# id root
uid=0(notroot) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)

[notroot@athlon ~]# id notroot
uid=0(notroot) gid=0(root) groups=0(root)

But it's just a bad idea to change the first root/uid=0 entry.

Edited: never thought about sudo, but clearly that's another complication...

phenyloxime · 07-22-2011, 11:43 PM

superuser with an identity crisis?

go talk to the emacs psychiatrist

littlejoe5 · 07-23-2011, 02:51 AM

Don't remember how it's done, but I have changed a users number. Most users users (in most distros) default to user id #1000. Some default to 500. I wanted all of my users (different distros) to be the same (since I am all of them), since I changed it to #1000.

I don't know if it would be possible to change a users ID # to #0. thereby giving him complete root privileges. Don't really think it would be a good idea. And I would hope that it would be more difficult than that to obtain root privileges.

catkin · 07-23-2011, 03:10 AM

Quote:

Originally Posted by littlejoe5

Don't remember how it's done, but I have changed a users number. Most users users (in most distros) default to user id #1000. Some default to 500. I wanted all of my users (different distros) to be the same (since I am all of them), since I changed it to #1000.

I don't know if it would be possible to change a users ID # to #0. thereby giving him complete root privileges. Don't really think it would be a good idea. And I would hope that it would be more difficult than that to obtain root privileges.

There is no universally accepted standard for UID (and GID) numbers; the most complete scheme I found is in the Debian Policy statement here.

It is possible to change any user's UID to 0 which gives almost complete rootly powers (almost complete because some software is coded to look for the root user name instead of the 0 UID).

MTK358 · 07-23-2011, 06:24 AM

Quote:

Originally Posted by littlejoe5

And I would hope that it would be more difficult than that to obtain root privileges.

Why? Only root (or whetever user has the UID 0) can change it in the first place.