Date: Mon, 31 Dec 2001 15:47:33 +0100 From: Rogier Steehouder <r.j.s@gmx.net> To: FreeBSD-questions@freebsd.org Subject: Re: Can I rename root? Message-ID: <20011231154733.A832@localhost> In-Reply-To: <20011230103317.A474@localhost>; from r.j.s@gmx.net on Sun, Dec 30, 2001 at 10:33:17AM %2B0100 References: <20011229154552.B855@localhost> <20011230103317.A474@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On 30-12-2001 10:33 (+0100), Rogier Steehouder wrote:
> On 29-12-2001 15:45 (+0100), Rogier Steehouder wrote:
> > A simple question: Can I rename root?
>
> I only got the advise: Don't. iThanks for the advise, but since noone
> knew any programs explicitly, I did it anyway.
A short review of some of the comments I got (and my answers):
- Some people suppose I do this as some sort of security measure: Security
by obscurity. (And isn't admin a bit predicatable then?)
Well, obscurity helps of course, but it is no substitute for bad
maintenance. I know that and the main reason I wanted it changed was
easthetics. I like the new name better, so why wouldn't I be able to
change it. (And no, it's not 'admin'. That IS a bit predictable.)
And Cliff, all that information you could find out about my system (and
more) has probably been mentioned earlier in the mailing list. If I want
usable tips, I have to give up some info, don't I? But I am curious how
you would determine my FreeBSD version in just a few seconds. Besides,
half the info you mention I can extract from your mail headers as well
if you haven't faked them.
- If you could gain access to a normal user, you could just look at
/etc/passwd for the new name.
Yes, so let's try and not let unauthorized people gain user-access. As I
just said, security is not the main issue in this name change.
- Installation scripts and upgrading may be affected.
Right, that IS an issue. Next time I upgrade (I believe 4.5 is about to
come out) I will see what happens. But since chown and install accept
numeric ID's as well as names, why not use them in the scripts? That way
anyone can name root anything they want. I do not expect the ports
collection and system sources to change, but why not take it into
account on the next upgrade. What was it Shakespear said about a rose's
name?
A known convention is that user ID 0 is all powerful. If the name
matters, then say so. I think it would be a good idea to have a list of
required user and group names and numbers for a system or for a port
(like postfix expects a postfix user and a maildrop group). If such a
list exists and is published I will accept it and stick to it. If not I
reserve the right to rename any of them (and accept the problems arising
from it :-)
With kind regards, Rogier Steehouder
--
___ _
-O_\ //
| / Rogier Steehouder //\
/ \ r.j.s@gmx.net // \
<---------------------- 25m ---------------------->
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011231154733.A832>