Re: theoretical question - can root's username be changed?

From: Jeff Vian <jvian10@xxxxxxxxxxx>
Date: Fri, 02 Dec 2005 07:34:25 -0600

On Fri, 2005-12-02 at 08:47 +0200, Markku Kolkka wrote:
> Claude Jones kirjoitti viestissään (lähetysaika perjantai, 2.
> joulukuuta 2005 06:16):
> > Why the word 'feeble'? If everyone in the
> > Linux world knows that the chance is good that there is a user
> > called 'root' on any given Linux box, and that user has nearly
> > unrestrained privileges, why would it be feeble to double the
> > guessing that must go on to get at root's privileges, by
> > changing his username.
>
> Because the privileges are bound to UID=0, not to any particular
> username. Changing the username doesn't add security in any way
> because root exploits try to change the effective UID to 0 or
> try to change the operation of a process already running at UID
> 0.
>
The privileges are given to UID 0, but many things depend on the name as
well so it becomes very difficult to remove the username.

As long as the administrator uses strong passwords by default, changes
them periodically (some say frequently), and restricts remote access to
that account it is reasonably secure to have the root user there.

Changing the username would add some small amount of security because
then the password hacks would fail with the root account. The exploits
that depend on the UID though would not be affected in any way by
removing the root user.

> --
> Markku Kolkka
> markku.kolkka@xxxxxx
>

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Follow-Ups:
- Re: theoretical question - can root's username be changed?
  - From: akonstam

References:
- theoretical question - can root's username be changed?
  - From: Claude Jones
- Re: theoretical question - can root's username be changed?
  - From: Craig White
- Re: theoretical question - can root's username be changed?
  - From: Claude Jones
- Re: theoretical question - can root's username be changed?
  - From: Markku Kolkka

Prev by Date: Re: theoretical question - can root's username be changed?
Next by Date: RE: MYSQL GUI -
Previous by thread: Re: theoretical question - can root's username be changed?
Next by thread: Re: theoretical question - can root's username be changed?
Index(es):
- Date
- Thread

Relevant Pages

Re: error
... > and when i tried to log in i could not get into my account ... the system is only interested in your UID. ... the corresponding username it displays the UID. ... Use 'chown' as root to give your user the files you want back. ...
(alt.os.linux.suse)
Re: error
... > and when i tried to log in i could not get into my account ... the system is only interested in your UID. ... the corresponding username it displays the UID. ... Use 'chown' as root to give your user the files you want back. ...
(alt.os.linux)
Re: root group in solaris :Thankyou
... Stick to sudo or RBAC. ... The root group is nothing special. ... Making UID O ... >>I would like to give root user privileges to a set of OS ...
(Focus-SUN)
Re: creating a user with only read permissions on all files
... the OS itself needs a UID for certain privileged ... So, while 'root' is the administrator, UID 0 /is/ the OS. ... access to the OS privileges to one user, ...
(comp.os.linux.misc)
Re: Apache and home directories (file browser).
... You don't chroot to a uid, you generally 'drop' privileges to a uid. ... When you start Apache, you need to start it as root, then it drops ... If you have suexec ...
(freebsd-isp)