Use a Different Name for 'root'
 

Okay. This might be a stupid question, but is there any way to build a linux distro with a root user named something other than 'root'?

I'm trying to set up a mobile system where the username 'root' will be used for something else. It'd probably be more secure with an unconventional superuser name, anyway.

(Also, is there any way to rename the root user on an existing distro, pre- or post-install?)

Thanks all!

Well even if it is possible why not create extra user with root privileges and lock root account with password that is very very long and will take ages to break + configure system use the other account when needed?

Well, I suppose I could, but it wouldn't solve the problem of me needing the username 'root' for a non-superuser.

Even if it isn't a good idea, let's just say in the spirit of academic inquiry, is there a way to do this?

Thanks for your response. :D

Also, disable root login from remote, so it won't do anyone any good to try to brute force the account without physical access.

If you set up an app that uses a less privileged account named "root", and you try to do something with it that says you need "root" privileges, things are going to get mighty confusing.

The root account gets all sorts of special treatment in terms of the way it can access files and run commands. My understanding is that these features are built into the kernel itself, which means you would probably have to build your own kernel--probably not worth the trouble.

You might be able to switch around user/UID and group/GID pairings by doing some clever juggling with usermod, but I don't know that the system would honour changes to the root account while logged in as root.

Another thought: if you lock down the root account, like Arcane suggests, you still can't create an additional "root" account. However, since Linux is case sensitive, you could create something similar; Root or r00t, perhaps

Oh, okay. I wasn't sure if 'root' was built into the kernel or not. In the case that it is, I suppose my project just go 10x more complex.

'root' is a poor choice for a superuser name, in my opinion. The word "root" seems to already be used all over the place in the computer sciences.

At any rate, does anyone have any good resources on the mechanics of a superuser? If I do modify the kernel (which is currently way over my head), I might also need a reference to a good source which could explain the anatomy of the Linux kernel. :D

Why aren't you using sudo? That way you can restrict access to superuser actions, you can even restrict the superuser actions taken by account and you don't have to give out the root password. Look into visudo (man visudo).

Em..root privileges is key not account - ubuntu is example that root isn't required as rule for distro to work + extra users can be created just like in Windows with admin rights. My point was to disable root or not use at all so not create duplicate root in first place which makes no sence because OP wanted get rid of it.

That's not a problem with Linux but with a faulty or lacking project definition. And an odd choice of user name in the first place given you told us yourself you know that "The word "root" seems to already be used all over the place in the computer sciences"...


You do not want to go there. It's against standards, you'll break more than you will be able to fix and you'll be SOL and w/o support. If you want to dip your toes in kernel land beyond 'man capabilities' and its references I'd suggest starting with "Understanding the Linux Kernel".

I second Sudo usage for tasks requiring root privileges.

Arcane, I concur: it is perfectly possible and even desirable to grant administrative privileges to different accounts. I read stormreactor's post to mean that he wanted to use the word "root" as the name for a different account (presumably non-administrative). I was saying that the system would not allow that particular string of letters, r-o-o-t, to be used to indicate two separate accounts ( that is, 2 UIDs), and that there was likely no way to assign the root account (UID 0) a different user name.

Haha, okay. I guess I'd better go into a bit more detail on my project.

I am attempting to build a Linux distribution for a particular homebrew mobile computing platform. It's not another run-of-the-mill computer operating system for you desktop. It has to serve some very specific functions, one of which involves utilizing a user named 'root'.

For the purposes of security, I don't want to use the superuser account 'root' which appears in 99% of Linux distros out there. I want to create an separate account named 'root', which will be highly restricted and not have any root privileges whatsoever.

Why not create another user with a different name that can do the same tasks, you might ask? Well, I suppose I could, but naming the user 'root' would make things much easier at a hardware level. Trust me.

I know that this is the "Newbie" section of LinuxQuestions.org, and I am a Linux newbie, so I didn't know how complicated this question was. It is possible that I just bit off more than I can chew, or I'll just have to migrate to another Unix-like kernel where the root user can be renamed. (I'm not aware of any that exists, however.)

As for Ubuntu, I am keenly aware that you don't need to use the root account to get root privileges, since sudo is installed by default. But the 'root' user does still exist and is still vital to the function of the system under the surface. (You can access it by entering "sudo su" in the terminal.)
______________________________

@unSpawn - True, it may be faulty. I did think of that, but also thought that it would be easier to rename 'root'. I guess I was wrong. Also, read below.

@brain-ocs - You are correct in your reading of my post. I do want to totally obliterate 'root' as a superuser, which means replacing UID 0. If this isn't possible, I most definitely have to figure out a workaround. The mobile platform I'm working on is supposed to be a 'client' to another piece of hardware (which I didn't build) that imitates an actual physical user through a hard-wired interface. This piece of hardware often accesses the client by logging in as 'root', and I am not aware of a way to reprogram it. It's decently old.

Wtf? The root account is utterly essential under Ubuntu, you just don't directly login to it. What account do you think sudo uses? What account do you think all the init processes run as?

In principle there should be a logical difference between root and uid 0. The main init process launches as uid 0. But you can't easily know it other scripts do reference "root ". If you are stripping things down a lot you might be able to get into a state where you do know that. I'm not aware of any sanity checks etc, but I may well be wrong. Just rename it in passed and shadow and group and reboot...

root is disabled on Ubuntu and you won't access it with sudo you will just execute stuff with root privileges but will stay in custom account name. This is why many people avoid Ubuntu because they need root account by default. If you compare it to Windows sudo is like "Run as" command where you execute something as admin while staying in limited user without logging in that account.
https://help.ubuntu.com/community/RootSudo
Custom account with root privileges? It is like Windows XP where root is hidden Administrator account from Welcome screen outside safe mode and working one is extra admin acc with custom name you specify when install it. Also i never said root account doesn't exist in Ubuntu but is denied to user by default which makes same outcome.
http://en.wikipedia.org/wiki/Sudo

I thought that the kernel doesn't pay attention to the user's name, and that it only uses the user IDs (0 == root).

I wonder what would happen if you would just rename the "root" entries in /etc/passwd and /etc/shadow to some other name.

Open a terminal and run "sudo -i ". Root login shell.