Date: Thu, 3 Mar 2005 10:22:05 +0100 From: "Wouter" <wouter@spierenburg.net> To: <freebsd-security@freebsd.org> Subject: Re: Renaming root account Message-ID: <029801c51fd2$783a7f60$0100000a@wouter> References: <4226C4DF.3050806@winbot.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Renaming root is generally a bad idea, what you could do, however, is set a password on(thus enabling) the "toor" account and set root's shell to /sbin/nologin Wouter ----- Original Message ----- From: "Craig Edwards" <brain@winbot.co.uk> To: <freebsd-security@freebsd.org> Sent: Thursday, March 03, 2005 09:03 Subject: Renaming root account > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi everyone, > > One quick question: Is it safe and/or sensible to rename the root > account, so that the only uid 0 user on a system is something different > to root? I can see how this would be effective against external > attackers who have no knowledge of the internals of the system as they > would spend pointless hours trying to crack a user which doesnt exist, > however to internal users they could always just cat /etc/passwd and see > that root has been renamed. So firstly, is this possible, and security > wise is it of any real use? Can anyone think of any apps it would break > that assume that the uid 0 user is called root and don't just address > the user by its uid? > > Thanks, > Craig Edwards > > - -- > WinBot IRC client developer: http://www.winbot.co.uk > ChatSpike - The users network: http://www.chatspike.net > InspIRCd - Modular IRC server: http://www.inspircd.org > Online RPG Developer: http://www.ssod.org > - -- > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.5 (MingW32) > > iD8DBQFCJsTf0k42Wxli/BARAp2DAJ9dp1eu2IL41pfp/4ZFp9kS2KuMdgCeI20k > w1Jt+uriEmWM+wmhEFxH+vw= > =vGhO > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?029801c51fd2$783a7f60$0100000a>