From owner-freebsd-questions@FreeBSD.ORG Thu Feb 11 08:04:18 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C43D4106566C for ; Thu, 11 Feb 2010 08:04:18 +0000 (UTC) (envelope-from m.seaman@black-earth.co.uk) Received: from smtp.infracaninophile.co.uk (gate6.infracaninophile.co.uk [IPv6:2001:8b0:151:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id 23BB28FC0C for ; Thu, 11 Feb 2010 08:04:17 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.187.76.163]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.4/8.14.4) with ESMTP id o1B8497E050067 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Thu, 11 Feb 2010 08:04:11 GMT (envelope-from m.seaman@black-earth.co.uk) X-DKIM: Sendmail DKIM Filter v2.8.3 smtp.infracaninophile.co.uk o1B8497E050067 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=black-earth.co.uk; s=201001-black-earth; t=1265875451; bh=+wrua2UC5r3ZF0rd8/DjdxpcPO2voBo5vHV/k36nltc=; h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References: In-Reply-To:Content-Type:Cc:Content-Type:Date:From:In-Reply-To: Message-ID:Mime-Version:References:To; z=Message-ID:=20<4B73B9F0.1020105@black-earth.co.uk>|Date:=20Thu,=2 011=20Feb=202010=2008:04:00=20+0000|From:=20Matthew=20Seaman=20|User-Agent:=20Mozilla/5.0=20(Macintosh=3 B=20U=3B=20Intel=20Mac=20OS=20X=2010.6=3B=20en-GB=3B=20rv:1.9.1.7) =20Gecko/20100111=20Thunderbird/3.0.1|MIME-Version:=201.0|To:=20Gi orgos=20Keramidas=20|CC:=20Robert=20Huff =20,=20=0D=0A=20Lin=20Taosheng=20,=0D=0A=20freebsd-questions@freebsd.org|Subject:=20Re:= 20HELP!=20Is=20that=20possible=20"creating=20a=20user=20named=20ro ot=20but=09acturally=0D=0A=20not=20the=20administrator=20root"|Ref erences:=20<5ffa459b1002102005i6b03c6fcqc1d4a11f590164d4@mail.gmai l.com>=09<19315.37670.468383.119569@jerusalem.litteratus.org>=20<8 74olocpmc.fsf@kobe.laptop>|In-Reply-To:=20<874olocpmc.fsf@kobe.lap top>|X-Enigmail-Version:=201.0|Content-Type:=20multipart/signed=3B =20micalg=3Dpgp-sha1=3B=0D=0A=20protocol=3D"application/pgp-signat ure"=3B=0D=0A=20boundary=3D"------------enig09BBB50931970D06FBDF0E 1A"; b=WBaZmP/ExrEwNWNFe8T5rqhTDpt/Y87kIK5VkBAjw8V5C+8eyHIeH/5sArkbfMpJv VbHJr7hE5pVU1DGkdpzVsG5G27dGfpK2/bAHTemBDP1FVW1pfJWK94qTE/rNJhYbeO KQwd34terZTS2iCfeAHU24G3D9UaTlNX3SIAwg5E= Message-ID: <4B73B9F0.1020105@black-earth.co.uk> Date: Thu, 11 Feb 2010 08:04:00 +0000 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-GB; rv:1.9.1.7) Gecko/20100111 Thunderbird/3.0.1 MIME-Version: 1.0 To: Giorgos Keramidas References: <5ffa459b1002102005i6b03c6fcqc1d4a11f590164d4@mail.gmail.com> <19315.37670.468383.119569@jerusalem.litteratus.org> <874olocpmc.fsf@kobe.laptop> In-Reply-To: <874olocpmc.fsf@kobe.laptop> X-Enigmail-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig09BBB50931970D06FBDF0E1A" X-Virus-Scanned: clamav-milter 0.95.3 at happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, SPF_FAIL, URIBL_RED autolearn=no version=3.3.0 X-Spam-Checker-Version: SpamAssassin 3.3.0 (2010-01-18) on happy-idiot-talk.infracaninophile.co.uk Cc: Lin Taosheng , Robert Huff , freebsd-questions@freebsd.org Subject: Re: HELP! Is that possible "creating a user named root but acturally not the administrator root" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Feb 2010 08:04:18 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig09BBB50931970D06FBDF0E1A Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 11/02/2010 05:23, Giorgos Keramidas wrote: > On Thu, 11 Feb 2010 00:18:30 -0500, Robert Huff wr= ote: >> Lin Taosheng writes: >>> Is that possible to implementated? >> >> For most purposes, what's important is not the account name, >> but the User II. "Root" is special because it has UID 0. You can, >> create other accounts with UIS 0 ... but it's usually a Very Bad >> Idea. >> >> As far as I know, there's no reason you can't rename the "root" >> account and have a non UID 0 account with that name. On the other >> hand, if you're asking this question there may be a better way to >> accomplish your objective: would you care to share? >=20 > The kernel doesn't really care what your user *name* is. See for > example the 'toor user in '/etc/master.passwd'. On the other hand, lots of software expects the superuser account to be called 'root' because that what it always has been ever since Thompson and Ritchie et al. first created Unix. Changing the name of the superuser account, and making root into an unprivileged user will cause you much wailing and gnashing of teeth. It doesn't really buy you much in terms of improved security in any case. Far better to concentrate on making it impossible for the existing root account to be compromised. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard, Flat 3 Black Earth Consulting Ramsgate Kent, CT11 9PW Free and Open Source Solutions Tel: +44 (0)1843 580647 --------------enig09BBB50931970D06FBDF0E1A Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktzufkACgkQ8Mjk52CukIxBtACcCacRuPGEhSXwhsvTJJuTDDjI hbcAnRS+YXF/7PC/N0GNwaIkrOS+f50G =ko56 -----END PGP SIGNATURE----- --------------enig09BBB50931970D06FBDF0E1A--