Use a Different Name for 'root'
Okay. This might be a stupid question, but is there any way to build a linux distro with a root user named something other than 'root'?
I'm trying to set up a mobile system where the username 'root' will be used for something else. It'd probably be more secure with an unconventional superuser name, anyway. (Also, is there any way to rename the root user on an existing distro, pre- or post-install?) Thanks all! |
Well even if it is possible why not create extra user with root privileges and lock root account with password that is very very long and will take ages to break + configure system use the other account when needed?
|
Well, I suppose I could, but it wouldn't solve the problem of me needing the username 'root' for a non-superuser.
Even if it isn't a good idea, let's just say in the spirit of academic inquiry, is there a way to do this? Thanks for your response. :D |
Also, disable root login from remote, so it won't do anyone any good to try to brute force the account without physical access.
If you set up an app that uses a less privileged account named "root", and you try to do something with it that says you need "root" privileges, things are going to get mighty confusing. |
The root account gets all sorts of special treatment in terms of the way it can access files and run commands. My understanding is that these features are built into the kernel itself, which means you would probably have to build your own kernel--probably not worth the trouble.
You might be able to switch around user/UID and group/GID pairings by doing some clever juggling with usermod, but I don't know that the system would honour changes to the root account while logged in as root. Another thought: if you lock down the root account, like Arcane suggests, you still can't create an additional "root" account. However, since Linux is case sensitive, you could create something similar; Root or r00t, perhaps |
Oh, okay. I wasn't sure if 'root' was built into the kernel or not. In the case that it is, I suppose my project just go 10x more complex.
'root' is a poor choice for a superuser name, in my opinion. The word "root" seems to already be used all over the place in the computer sciences. At any rate, does anyone have any good resources on the mechanics of a superuser? If I do modify the kernel (which is currently way over my head), I might also need a reference to a good source which could explain the anatomy of the Linux kernel. :D |
Why aren't you using sudo? That way you can restrict access to superuser actions, you can even restrict the superuser actions taken by account and you don't have to give out the root password. Look into visudo (man visudo).
|
Quote:
|
Quote:
Quote:
I second Sudo usage for tasks requiring root privileges. |
Arcane, I concur: it is perfectly possible and even desirable to grant administrative privileges to different accounts. I read stormreactor's post to mean that he wanted to use the word "root" as the name for a different account (presumably non-administrative). I was saying that the system would not allow that particular string of letters, r-o-o-t, to be used to indicate two separate accounts ( that is, 2 UIDs), and that there was likely no way to assign the root account (UID 0) a different user name.
|
Haha, okay. I guess I'd better go into a bit more detail on my project.
I am attempting to build a Linux distribution for a particular homebrew mobile computing platform. It's not another run-of-the-mill computer operating system for you desktop. It has to serve some very specific functions, one of which involves utilizing a user named 'root'. For the purposes of security, I don't want to use the superuser account 'root' which appears in 99% of Linux distros out there. I want to create an separate account named 'root', which will be highly restricted and not have any root privileges whatsoever. Why not create another user with a different name that can do the same tasks, you might ask? Well, I suppose I could, but naming the user 'root' would make things much easier at a hardware level. Trust me. I know that this is the "Newbie" section of LinuxQuestions.org, and I am a Linux newbie, so I didn't know how complicated this question was. It is possible that I just bit off more than I can chew, or I'll just have to migrate to another Unix-like kernel where the root user can be renamed. (I'm not aware of any that exists, however.) As for Ubuntu, I am keenly aware that you don't need to use the root account to get root privileges, since sudo is installed by default. But the 'root' user does still exist and is still vital to the function of the system under the surface. (You can access it by entering "sudo su" in the terminal.) ______________________________ @unSpawn - True, it may be faulty. I did think of that, but also thought that it would be easier to rename 'root'. I guess I was wrong. Also, read below. @brain-ocs - You are correct in your reading of my post. I do want to totally obliterate 'root' as a superuser, which means replacing UID 0. If this isn't possible, I most definitely have to figure out a workaround. The mobile platform I'm working on is supposed to be a 'client' to another piece of hardware (which I didn't build) that imitates an actual physical user through a hard-wired interface. This piece of hardware often accesses the client by logging in as 'root', and I am not aware of a way to reprogram it. It's decently old. |
Quote:
In principle there should be a logical difference between root and uid 0. The main init process launches as uid 0. But you can't easily know it other scripts do reference "root ". If you are stripping things down a lot you might be able to get into a state where you do know that. I'm not aware of any sanity checks etc, but I may well be wrong. Just rename it in passed and shadow and group and reboot... |
Quote:
https://help.ubuntu.com/community/RootSudo Quote:
http://en.wikipedia.org/wiki/Sudo |
Quote:
I wonder what would happen if you would just rename the "root" entries in /etc/passwd and /etc/shadow to some other name. |
Quote:
|
All times are GMT -5. The time now is 11:27 PM. |