Find the answer to your Linux question:
Results 1 to 6 of 6
Is there a program in Linux that allows the administrator to change the login name from "root" to something else? Users can change their login name to whatever suits them, ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined! ddavid123's Avatar
    Join Date
    Dec 2006
    Location
    Texas
    Posts
    6

    Alternate root login


    Is there a program in Linux that allows the administrator to change the login name from "root" to something else? Users can change their login name to whatever suits them, or what the Administrator desires! In order for malicious software to take control of a Linux system, it must have root permissions.

    Getting the password may be difficult, but not impossible, but having to know the root login name, as well as password, will increase the security of a Linux box! Is there anything in Linux that does this? Thanks!

  2. #2
    Just Joined!
    Join Date
    Dec 2006
    Posts
    73
    i think you can change the name of the root entry in the /etc/passwd and /etc/shadow file or you can set the UID of another user to zero
    Code:
    root:x:0:0:root:/root:/bin/bash
    zakaqere:x:500:500:Jay Leno:/home/zakaqere:/bin/bash
    That is the entry in the /etc/passwd file for root, root is only a name for people. so you could easily change the name of the root account such as:
    Code:
    MySecretAccount:x:0:0:root:/root:/bin/bash
    or you can make a normal user account and edit the file to change the UID and GID to zero (root permission)such as:
    Code:
    zakaqere:x:0:0:Jay Leno:/home/zakaqere:/bin/bash
    After that you could probably change the root's UID and GID to nobody 65534
    And yes it is difficult, the passwords are hashed and no longer stored in /etc/passwd where anyone can read them but instead stored in a shadow password file.


    A hash might look like:
    http://www.fileformat.info/tool/hash...secret19312%24
    depending on the algorithm your system uses. When you provide your password to the login program it hashes your input and looks to see if your password matches and never knows the actual password, just whether the provided and stored are the same.

    Because no known algorithms can derive a password from a one-way hash an attacker's only option from the standpoint of the password file is brute force assuming he can read the shadow file ( i think only root can do this). A hash that is 128 bits long offers 72 quadrillion possibilities an attacker potentially has to check all of them to find the password with mankind's fastest computers this would more than exceed a human lifespan. It seems to me that finding a security hole in one of your services is more likely.

  3. #3
    Blackfooted Penguin daark.child's Avatar
    Join Date
    Apr 2006
    Location
    West Yorks
    Posts
    4,393
    It should be possible, but you may have problems with programs and scripts that have the username "root" as well as the userid "0" hardcoded in them.

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Dec 2006
    Posts
    73
    So then the solution is to disable remote root login and make a UID zero user for remote admin, or don't bother with a second root just login as yourself and su to root

  6. #5
    Blackfooted Penguin daark.child's Avatar
    Join Date
    Apr 2006
    Location
    West Yorks
    Posts
    4,393
    Quote Originally Posted by ZakaqerE
    So then the solution is to disable remote root login and make a UID zero user for remote admin, or don't bother with a second root just login as yourself and su to root
    If security is an important issue, then yes you really should disable remote root logins and login as a normal user then switch to root using su.

  7. #6
    Just Joined!
    Join Date
    Dec 2006
    Posts
    73
    dont forget to use a wheel group

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •