Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
My question is, Why do you have a user called admin with the same uid as root? That's just bad and opens this machine up to all kinds of security related issues. I'd like to know the reason behind this, if any? If it's for some application, I'd talk to the developers to rethink how they need to develop such application without needing an active account with root power across the whole system.
And you're probably getting the manipulation token error cause you have two uid's with the same value.
Bad bad bad.. in my opinion. When root changes a password, it usually will not prompt for the existing password, root is god, don't create other accounts with same UID as root with 0.
My question is, Why do you have a user called admin with the same uid as root? That's just bad and opens this machine up to all kinds of security related issues. I'd like to know the reason behind this, if any? If it's for some application, I'd talk to the developers to rethink how they need to develop such application without needing an active account with root power across the whole system.
And you're probably getting the manipulation token error cause you have two uid's with the same value.
Bad bad bad.. in my opinion. When root changes a password, it usually will not prompt for the existing password, root is god, don't create other accounts with same UID as root with 0.
The admin account is a quick and dirty way to execute some privileged commands.
Besides using "sudo", are there alternatives?
How to find out whether SELinux is installed or running?
Having more that one username with the same userid is a dangerous activity, especially for root. Hence the purpose of sudo. To allow some people to run some commands that they could not otherwise use, AND track their use of sudo and the things they did (if you have accounting running (pacct)).
As root run the following:
if [ -e `which selinuxenabled` ] ; then `which selinuxenabled` ; if [ $? -eq 0 ] ; then echo "SELinux enabled" ; else echo "SELinux disabled" ; fi; else echo "SELinux not installed"; fi
The admin account is a quick and dirty way to execute some privileged commands.
Besides using "sudo", are there alternatives?
Might be quick and dirty but add in insecure as well. You can easily implement sudo to run what you need without passwords, etc. If you're going to run a user with the UID of 0, basically making it another root user, you might as well just login and use root, there's no difference in what your doing except possibly security through obscurity, which never works and is not fool proof.
Might be quick and dirty but add in insecure as well. You can easily implement sudo to run what you need without passwords, etc. If you're going to run a user with the UID of 0, basically making it another root user, you might as well just login and use root, there's no difference in what your doing except possibly security through obscurity, which never works and is not fool proof.
Obscurity? The username is "admin" hehehehehe. So, nor even that.
Use sudo. By deleting the admin user you will also fix the "problem" that you created and this thread will be solved as well.
Obscurity? The username is "admin" hehehehehe. So, nor even that.
Well, anyone in the Unix world all know root is god. I've seen plenty of accounts created as admin that aren't necessarily given anything close to root privileges. When I think of admin or administrator, I think of Windows.
Well, anyone in the Unix world all know root is god. I've seen plenty of accounts created as admin that aren't necessarily given anything close to root privileges. When I think of admin or administrator, I think of Windows.
Sure. But regardless, I don't think I am wrong if I say that 100% of the dictionary based attacks will try that word on an early stage. It's not that uncommon, and even if it can't guarantee root access, it's a good start.
Believe me, someone that short sighted as to set an user account called "admin" with a weak password that can be cracked, has probably made much more errors that will make the system vulnerable enough if you get to log with that user.
There's no obscurity in using "admin" as an user or root account as there's no obscurity in using an account name named "Joseph" either and putting your ID number as a password. But that's what a lot of people do. So, it's doesn't really matter if the "admin" user has root privileges or not (that's just a bonus that the eventual attacker will find and enjoy). The point is that, as you said, there's a lot of people that use "admin" for one purpose or another. So, it's a very common name to find on a name generator, and even in dictionaries for passwords (yeah, some people is that way).
As long as it's on the dictionary or it's close enough, there's no obscurity at all, because attackers don't care about what the user name is supposed to be. They can try lots of times on lots of computers, and the ip banning is not invulnerable. When it comes to security the best you can do is to put as many layers as possible in the middle.
That's why admins use tools like johntheripper to check the integrity of the passwords. A weak password is a way for an attacker to get into the system. Once you are there, if you are smart enough you can wait, watch, and find a way to scale privileges.
Having more that one username with the same userid is a dangerous activity, especially for root
Quote:
Originally Posted by trickykid
My question is, Why do you have a user called admin with the same uid as root? That's just bad and opens this machine up to all kinds of security related issues.
Like what kind of security problem?
I have some machines here that have this.. hum.. feature.. And i vaguely remember that this is not good habit but more precisely what's the risk?
I'm not the admin but the admin created me this kind of UID 0 account. He said he doesn't want to install any packages.. like sudo... As I can now change he's root password, that's not very logical but that's not the point, I just want to know the real risk of having two same UID 0.
Two (or N) users with the same UID is truly better worded as "one user". For linux, users with the same UID are the same user, no matter if they have different passwords, homes or whatever else.
The file ownerships are stored by UID, not by user name. That means that any file belonging to a given UID will effectively belong to any number of users which have that same UID.
I will remind you that, in linux (and in generanl, in any POSIX OS) everything is a file, including device nodes, network sockets, pipes (you can start seeing what the implications are, aren't you?).
In other words: if "admin" is the same UID than "root", then "admin" IS "root". Effectively, handling the "admin" user the "root" password would be easier, and would save you one line in the passwords file. There are a few corner cases when this "feature" as you call it can be useful (or so some people think), but if you are asking here you are probably in one of those rare cases.
If you go to a command line as root, you can change a users password by
issuing the following:
passwd username
You will be prompted for a new password for the user without asking current password.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.