Renaming root account

Atom Powers APowers at
Thu Mar 3 17:13:34 GMT 2005

Enabling "toor" is not very different from renaming the root account, worse
because you would then have two "root" (uid 0) accounts.
I don't see any harm in renaming the root account, but I don't think it would
do much either. Most processes that use root run with setuid 0, regardless of
what's in the passwd file. Even in user land you don't have to know what the
root account is named if you use 'su' or 'sudo'.
The only case I can envision where it would make a difference is if you have
an application which wants to run as a specific (usually unpriv.) user and
you set it to use "root", or if you allow "root" logon through ssh (bad idea)
or terminal (but if somebody can get that then you are already in trouble).

Perfection is just a word I use occasionally with mustard.

Atom Powers
Systems Administrator
Pyramid Breweries Inc.
206.682.8322 x251
-----Original Message-----
From: owner-freebsd-security at
[mailto:owner-freebsd-security at] On Behalf Of Wouter
Sent: Thursday, March 03, 2005 1:22 AM
To: freebsd-security at
Subject: Re: Renaming root account

Renaming root is generally a bad idea, what you could do, however, is set a
password on(thus enabling) the "toor" account and set root's shell to

----- Original Message -----
From: "Craig Edwards" <brain at>
To: <freebsd-security at>
Sent: Thursday, March 03, 2005 09:03
Subject: Renaming root account

> Hash: SHA1
> Hi everyone,
> One quick question: Is it safe and/or sensible to rename the root
> account, so that the only uid 0 user on a system is something different
> to root? I can see how this would be effective against external
> attackers who have no knowledge of the internals of the system as they
> would spend pointless hours trying to crack a user which doesnt exist,
> however to internal users they could always just cat /etc/passwd and see
> that root has been renamed. So firstly, is this possible, and security
> wise is it of any real use? Can anyone think of any apps it would break
> that assume that the uid 0 user is called root and don't just address
> the user by its uid?
> Thanks,
> Craig Edwards
> - --
> WinBot IRC client developer:
> ChatSpike - The users network:
> InspIRCd - Modular IRC server:
> Online RPG Developer:
> - --
> Version: GnuPG v1.2.5 (MingW32)
> iD8DBQFCJsTf0k42Wxli/BARAp2DAJ9dp1eu2IL41pfp/4ZFp9kS2KuMdgCeI20k
> w1Jt+uriEmWM+wmhEFxH+vw=
> =vGhO
> _______________________________________________
> freebsd-security at mailing list
> To unsubscribe, send any mail to
"freebsd-security-unsubscribe at"

freebsd-security at mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribe at"

More information about the freebsd-security mailing list