From owner-freebsd-questions@FreeBSD.ORG Fri May 30 15:18:31 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C65B7106564A for ; Fri, 30 May 2008 15:18:31 +0000 (UTC) (envelope-from cptsalek@gmail.com) Received: from yx-out-2324.google.com (yx-out-2324.google.com [74.125.44.29]) by mx1.freebsd.org (Postfix) with ESMTP id 952358FC0A for ; Fri, 30 May 2008 15:18:31 +0000 (UTC) (envelope-from cptsalek@gmail.com) Received: by yx-out-2324.google.com with SMTP id 31so437888yxl.13 for ; Fri, 30 May 2008 08:18:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=BgiQFsEO/p6n1YImeUg/Vr0Xe3jlJjVhHC1NjxKJIh0=; b=tRQ8lLbNr0lIdblR/PaZUvNF2pSf5gopFeM2jId5ai/M9MmYHIfICXErrmsk+cHeFNVp6JygiGsMO7Am0z7mOVuOkCVP1rmBoDjCPWO59mZFh1MYolB3GMoVNDzG1B02PmPIeYaAmfc3AhrLvSCrpBAeceN7kKnbe950nHj+Pfw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=cWE0CBnll8nWEze5o5fbYOD5ynADAHFyJnZBE0dq36stACin2wQoWkEBi1ZcGLAw0QzKxMh9+cE8FlVt536Y6bal36hyMeDVgq8ZMLqYe8QezuhnOUtrh4kyAEYGoTU838SVw3iP/LiLZZ/KvMxUnsKZZG2+gBu7+pD7D9R+ZN0= Received: by 10.150.83.22 with SMTP id g22mr905963ybb.146.1212160704877; Fri, 30 May 2008 08:18:24 -0700 (PDT) Received: by 10.150.155.3 with HTTP; Fri, 30 May 2008 08:18:24 -0700 (PDT) Message-ID: <14989d6e0805300818p3f90570eye1dc27d01cccca2f@mail.gmail.com> Date: Fri, 30 May 2008 17:18:24 +0200 From: "Christian Walther" To: "Wojciech Puchar" In-Reply-To: <20080530170151.D2560@wojtek.tensor.gdynia.pl> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <200805301453.m4UErWlE011463@lurza.secnetix.de> <20080530170151.D2560@wojtek.tensor.gdynia.pl> Cc: gilles.ganault@free.fr, freebsd-questions@freebsd.org Subject: Re: Renaming "root" to "homer"? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 May 2008 15:18:31 -0000 2008/5/30 Wojciech Puchar : >> Peope have already pointed out that it is a bad idea to >> allow remote root logins, so I won't repeat that. :-) > > i like bad ideas :) except the worst idea - dumb generalization. > >> But to answer your question: Renaming the "root" account >> will probably break quite a log of things, for example > > make 2 roots, root and homer in /etc/master.passwd Won't work. sshd does not only check the username, but the UserID, too... That's what I expect from a security aware software anyway. A method to deal with this "issue" could be to install sudo and to define username ALL=(root):NOPASSWD:/path/to/shell Then you could do alias su="/usr/local/bin/sudo -u root /path/to/shell" Needless to say that as soon as the user account is compromised, the root account is out of your control, too. > > just remember to type > passwd root > > or > > passwd homer. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >