Question: Changing My Root Account Name

eech55 · 08-16-2004, 04:16 PM

hi all

for secrurity reaons, i want to change my root account name to some thing else

could you please tell me how?

is using the command "chpass" is the modular sultion?

i used chpass command, and then i renamed "root" with "new_name".. but then i found my FreeBSD with two root accounts with the same ID

frob23 · 08-16-2004, 04:53 PM

Do NOT remove the account with the name root. This is begging for problems. If you want, you can create a second account with a UID of zero (example toor already exists like this) and give that a password. Then you can edit master.passwd to put a "*" where the old root account's password is.

But for fnord's sake... leave the old name there.

frob23 · 08-16-2004, 05:00 PM

/etc/passwd

Code:

root:*:0:0:This is the old unusable root account:/root:/bin/csh
newrootuser:*:0:0:This is the real root account:/root:

/etc/master.passwd

Code:

root:*:0:0::0:0:This is the old unusable root account:/root:/bin/csh
newrootuser:$1$gt1.mwCO$yJfqN3c2/hg6QdE4dnfve1:0:0::0:0:This is the real root account:/root:

After editing these files... be sure to run:
pwd_mkdb

This will be run automatically if you use vipw -- which is a good idea. Using vipw will allow you to edit both files at once. Just star out the old root password. Then edit out of vipw. and "passwd newrootuser" which will place a password for your new root.

acid_kewpie · 08-16-2004, 05:04 PM

changing an account name isn't good in the name of security, just obscurity. it's not a practise to be recommended at any level. if a system is suitably secure then the root account will be perfectly safe.

chort · 08-16-2004, 05:24 PM

You always have a uid 0 account, so it's not like you're getting rid of anything. In fact, if you completely remove the name to uid mapping for "root", you will probably cause a large number of problems when trying to install certain software packages.

The best way to protect root is to not allow users to attempt remote login attempts with that accounts, so disable them in sshd_config and hopefully that's the only remote shell you're using (you shouldn't have telnetd or any of the "r commands" enabled).

Exploits such as buffer overflows and rootkits use uid 0 and don't rely on the name to uid mapping, so removing the "root" name will not prevent those attacks.

eech55 · 08-16-2004, 06:31 PM

can i have a super account exactly with root permissions but with an UID of 1002 for example? can i make installations then without problems?
will i be safe fro exploits?

chort · 08-16-2004, 06:39 PM

No.

The UNIX is based on a concept of a super-user and all over non-super-users. Since the super-user is special, there has to be a way to identify that it has special powers other users don't have. uid 0 is that special identifier.

There is no simple magic trick to just make something instantly secure. You have to know how your system works, and you have to configure it with as few avenues for attack as possible. Also, one of the most important things is to make sure you always install security updates quickly, which means paying attention to security advisories and downloading & applying security patches soon after they become available.

Also, if you run a relatively proactively secure OS, such as OpenBSD there will be a number of controls in place to help you out, such as stack protection, write-exclusively-or-execute, immutable kernel in multi-user mode, etc. You could get patches to do that kind of thing in Linux, but then you would have to know how to apply and configure them.

noir911 · 08-18-2004, 02:08 AM

cat /etc/passwd | grep 0:0

security thru obscurity is no security at all.

eech55 · 08-18-2004, 03:09 PM

thanks a lot guys