Renaming root account

Wouter wouter at spierenburg.net
Thu Mar 3 09:22:08 GMT 2005


Renaming root is generally a bad idea, what you could do, however, is set a
password on(thus enabling) the "toor" account and set root's shell to
/sbin/nologin

Wouter
----- Original Message ----- 
From: "Craig Edwards" <brain at winbot.co.uk>
To: <freebsd-security at freebsd.org>
Sent: Thursday, March 03, 2005 09:03
Subject: Renaming root account


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi everyone,
>
> One quick question: Is it safe and/or sensible to rename the root
> account, so that the only uid 0 user on a system is something different
> to root? I can see how this would be effective against external
> attackers who have no knowledge of the internals of the system as they
> would spend pointless hours trying to crack a user which doesnt exist,
> however to internal users they could always just cat /etc/passwd and see
> that root has been renamed. So firstly, is this possible, and security
> wise is it of any real use? Can anyone think of any apps it would break
> that assume that the uid 0 user is called root and don't just address
> the user by its uid?
>
> Thanks,
> Craig Edwards
>
> - --
> WinBot IRC client developer: http://www.winbot.co.uk
> ChatSpike - The users network: http://www.chatspike.net
> InspIRCd - Modular IRC server: http://www.inspircd.org
> Online RPG Developer: http://www.ssod.org
> - --
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.5 (MingW32)
>
> iD8DBQFCJsTf0k42Wxli/BARAp2DAJ9dp1eu2IL41pfp/4ZFp9kS2KuMdgCeI20k
> w1Jt+uriEmWM+wmhEFxH+vw=
> =vGhO
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
"freebsd-security-unsubscribe at freebsd.org"
>




More information about the freebsd-security mailing list