Alternate root login

[ddavid123]

Is there a program in Linux that allows the administrator to change the login name from "root" to something else? Users can change their login name to whatever suits them, or what the Administrator desires! In order for malicious software to take control of a Linux system, it must have root permissions.

Getting the password may be difficult, but not impossible, but having to know the root login name, as well as password, will increase the security of a Linux box! Is there anything in Linux that does this? Thanks!

[ZakaqerE]

i think you can change the name of the root entry in the /etc/passwd and /etc/shadow file or you can set the UID of another user to zero

Code:

root:x:0:0:root:/root:/bin/bash
zakaqere:x:500:500:Jay Leno:/home/zakaqere:/bin/bash

That is the entry in the /etc/passwd file for root, root is only a name for people. so you could easily change the name of the root account such as:

Code:

MySecretAccount:x:0:0:root:/root:/bin/bash

or you can make a normal user account and edit the file to change the UID and GID to zero (root permission)such as:

Code:

zakaqere:x:0:0:Jay Leno:/home/zakaqere:/bin/bash

After that you could probably change the root's UID and GID to nobody 65534
And yes it is difficult, the passwords are hashed and no longer stored in /etc/passwd where anyone can read them but instead stored in a shadow password file.


A hash might look like:
http://www.fileformat.info/tool/hash...secret19312%24
depending on the algorithm your system uses. When you provide your password to the login program it hashes your input and looks to see if your password matches and never knows the actual password, just whether the provided and stored are the same.

Because no known algorithms can derive a password from a one-way hash an attacker's only option from the standpoint of the password file is brute force assuming he can read the shadow file ( i think only root can do this). A hash that is 128 bits long offers 72 quadrillion possibilities an attacker potentially has to check all of them to find the password with mankind's fastest computers this would more than exceed a human lifespan. It seems to me that finding a security hole in one of your services is more likely.

[daark.child]

It should be possible, but you may have problems with programs and scripts that have the username "root" as well as the userid "0" hardcoded in them.

[ZakaqerE]

So then the solution is to disable remote root login and make a UID zero user for remote admin, or don't bother with a second root just login as yourself and su to root

[daark.child]

So then the solution is to disable remote root login and make a UID zero user for remote admin, or don't bother with a second root just login as yourself and su to root

If security is an important issue, then yes you really should disable remote root logins and login as a normal user then switch to root using su.

[ZakaqerE]

dont forget to use a wheel group