Date: Fri, 30 May 2008 16:53:32 +0200 (CEST) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-questions@FreeBSD.ORG, gilles.ganault@free.fr Subject: Re: Renaming "root" to "homer"? Message-ID: <200805301453.m4UErWlE011463@lurza.secnetix.de> In-Reply-To: <dsqs34tisuf7ajugi7ek1ni7bcd4hba58n@4ax.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Gilles <gilles.ganault@free.fr> wrote: > With all those scripts trying to connect to SSHd as "root", I was > wondering if it'd be OK to rename this account to eg. "homer", to act > as a first line of defense? > > Are there unknown consequences to doing something like that? Peope have already pointed out that it is a bad idea to allow remote root logins, so I won't repeat that. :-) But to answer your question: Renaming the "root" account will probably break quite a log of things, for example install scripts which often contain command like "chown root bin/whatever", or start/stop scripts for daemon processes that match for certain commands run by "root", and so on. So better don't do that. Many programs expect that there is an account called "root" with UID 0. Otherwise they will malfunction. > If not, is it done by just editing /etc/password with vi, or is there > a better way? No, editing /etc/passwd directly doesn't work. Instead, you should use the vipw(8) tool, which does several things: - It locks the master.passwd file so nobody else can edit it at the same time. - It opens the master.passwd file with vi (or a different editor if you have the environment variable EDITOR set). - Afterwards it checks the master.passwd file for correct syntax and consistency, to prevent accidental breakage. - It generates the passwd file (for compatibility only) and the pwd.db and spwd.db database files. - Finally the lock is released. Alternatively you can use the pw(8) command line tool to edit, add or delete accounts and groups. Please see the manual page for details. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "C++ is over-complicated nonsense. And Bjorn Shoestrap's book a danger to public health. I tried reading it once, I was in recovery for months." -- Cliff Sarginson
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200805301453.m4UErWlE011463>