second root account

[salck]

Hi guys. Can someone tell if there is a way to create a second root account ..but not just some user with root rights ...example - user1=0 ...i dont need that
i need account which must be called "root"?
i want to have two users called "root" but with different passwords. Is there some program or software which can recognize which root is the real root by its password? I will appreciate this because i really need that. Thanks a lot guys ...

[DThor]

Nope, impossible. There is only one root. You also can't have two users which have the same userid, no matter what they're called. How would you expect the system to know which is which, if that's the qualifier that identifies the user to the system?

I'd be curious to know why you "need" it, though.

DT

[salck]

i expect the system to recognize which one is the real one by its passowrd ...i need second root account for a security reasons ...i mean ....i need to make something like that beacuse if some guy, i dont want to mantion nothing, come and log into my system with the fake one root user - i want one of the directories to be rm -rf in backround only because i dont want this man to see that directory ...if i give him a root user he will think that he have all the rights he need .....but in the same time the directory that i dont want to be seen will be removed immediately after he logs into the system ....if you understand what i mean

[DThor]

I understand you completely, but it's the wrong way to deal with it. It's the same in Windows - the "Administrator" account. There doesn't need to be any mystery about who "root" is, what needs to be a mystery is the password. Your concern should be about protecting that, and hardening the system, not trying to play tricks on people. What you're talking about is essentially some sort of "trap" - to fool someone into thinking they've logged in as root. I can't imagine why you'd want to do that, but that's OK, you don't have to say.

Instead, a better approach would be to monitor traffic to the system in question, and find out from which IP this person is attempting(unsuccessfully) to log in as root. It's a far safer approach.

Regardless, though, it's literally not possible to do things the way you were asking - the entire Linux kernel depends on the concept of unique userids, and *definitely* no root spoofing - that would be a massive security hole.

DT

[salck]

ok thank you very much!! ...now i have to go i have a meeting... I`ll post again when i am back
thank you for reply
but i want to ask you another question about this.

[geek.de.nz]

Hi, I've been on this issue for a while, tried changing the root user name, so that root could not login as such, but as some other name, e.g. admin. But this did not quite work well.

Anyway, I need a second root user because I am doing periodic backups of the system and that user needs to be able to read ALL files on the system over SSH. I don't want root to be able to login over SSH directly and that other user needs to login without a password for automatic backups. Changing permissions for every file is not a good solution, because then I would have to always add this new user as the group and set read permission to the group on every file. I don't want files to be globally readable and I don't want to muck up the file permissions. There must be a way. There is even a backup user in my /etc/passwd file:

backup:34:34:backup:/var/backups:/bin/sh

But that one cannot read all files either. ???

[kern]

you don't need another root user either

even though you have turned off 'rootlogin' in SSHD config, root can still use tools such as rsync,SCP,and others, over SSH.

sorted.

[geek.de.nz]

OK, I think I might not have been clear enough in what the problem is.

Machine A has the data to be backed up Machine B wants to connect to A as (say) user backup and copy (rsync) files over ssh. So, B needs to login as a client (ssh backup@A) to A. Since 'ssh root@A' is not allowed the client logging in from B to A cannot copy all files because he doesn't have enough permissions.

I'm using dirvish by the way.

[kern]

I dont get you.

you do not need root login available to use rsync as root over ssh

[geek.de.nz]

all i want to do is backup with rsync over ssh. isn't there a way to add a user that can read all files but cannot do stuff that root can?