From owner-freebsd-questions@FreeBSD.ORG Mon May 21 20:29:46 2007 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 553D516A41F for ; Mon, 21 May 2007 20:29:46 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: from host222.ipowerweb.com (host222.ipowerweb.com [66.235.210.10]) by mx1.freebsd.org (Postfix) with SMTP id 2546B13C484 for ; Mon, 21 May 2007 20:29:46 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: (qmail 12323 invoked from network); 21 May 2007 20:27:20 -0000 Received: from unknown (HELO demeter.hydra) (24.9.123.251) by host222.ipowerweb.com with SMTP; 21 May 2007 20:27:20 -0000 Received: from demeter.hydra (localhost [127.0.0.1]) by demeter.hydra (8.13.6/8.13.6) with ESMTP id l4LKTiMA095003 for ; Mon, 21 May 2007 14:29:44 -0600 (MDT) (envelope-from perrin@apotheon.com) Received: (from ren@localhost) by demeter.hydra (8.13.6/8.13.6/Submit) id l4LKThv0095002 for questions@freebsd.org; Mon, 21 May 2007 14:29:43 -0600 (MDT) (envelope-from perrin@apotheon.com) X-Authentication-Warning: demeter.hydra: ren set sender to perrin@apotheon.com using -f Date: Mon, 21 May 2007 14:29:43 -0600 From: Chad Perrin To: questions@freebsd.org Message-ID: <20070521202943.GA94928@demeter.hydra> References: <20070520221917.GA91736@ezekiel.daleco.biz> <1a9901c79b3c$4774abc0$6600a8c0@tamouh> <20070521044430.GB91151@demeter.hydra> <465140C0.7070409@u.washington.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <465140C0.7070409@u.washington.edu> User-Agent: Mutt/1.4.2.2i Cc: Subject: Re: just general questions about fbsd X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 May 2007 20:29:46 -0000 On Sun, May 20, 2007 at 11:48:32PM -0700, Garrett Cooper wrote: > Chad Perrin wrote: > >On Sun, May 20, 2007 at 08:09:19PM -0400, Tamouh H. wrote: > >>On the other hand, Windows has the ability to change the administrator > >>user or completely disable it. Something not available in Unix systems. > >>For example, a cracker or hacker targeting UNIX system will automatically > >>try to compromise the "root" user. It is 100% guaranteed to be there. On > >>the other hand in Windows, good sys admins will rename or complete > >>disable the administrator user hence making it more difficult to know the > >>administrator user. > >> > > > >Actually . . . technically, root users can be renamed and can, in many > >ways, be disabled. They can certainly be made inaccessible remotely. > > > > That can break many scripts though, can't it, if the dev improperly > looks up the name, not the UID? Probably -- if you're talking about disabling or renaming the root account for users. I've never personally done it, so can't really comment on that. I have, however, generally made the root account inaccessible remotely -- and that hasn't cause me any problems at all. -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] MacUser, Nov. 1990: "There comes a time in the history of any project when it becomes necessary to shoot the engineers and begin production."