Date: Fri, 30 May 2008 17:18:24 +0200 From: "Christian Walther" <cptsalek@gmail.com> To: "Wojciech Puchar" <wojtek@wojtek.tensor.gdynia.pl> Cc: gilles.ganault@free.fr, freebsd-questions@freebsd.org Subject: Re: Renaming "root" to "homer"? Message-ID: <14989d6e0805300818p3f90570eye1dc27d01cccca2f@mail.gmail.com> In-Reply-To: <20080530170151.D2560@wojtek.tensor.gdynia.pl> References: <200805301453.m4UErWlE011463@lurza.secnetix.de> <20080530170151.D2560@wojtek.tensor.gdynia.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
2008/5/30 Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl>: >> Peope have already pointed out that it is a bad idea to >> allow remote root logins, so I won't repeat that. :-) > > i like bad ideas :) except the worst idea - dumb generalization. > >> But to answer your question: Renaming the "root" account >> will probably break quite a log of things, for example > > make 2 roots, root and homer in /etc/master.passwd Won't work. sshd does not only check the username, but the UserID, too... That's what I expect from a security aware software anyway. A method to deal with this "issue" could be to install sudo and to define username ALL=(root):NOPASSWD:/path/to/shell Then you could do alias su="/usr/local/bin/sudo -u root /path/to/shell" Needless to say that as soon as the user account is compromised, the root account is out of your control, too. > > just remember to type > passwd root > > or > > passwd homer. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14989d6e0805300818p3f90570eye1dc27d01cccca2f>