Date: Sat, 4 May 2002 03:53:46 +0100 From: Daniel Bye <dan@slightlystrange.org> To: freebsd-questions@FreeBSD.ORG Subject: Re: Demote Root, Promote UserX? Message-ID: <20020504025346.GA5805@icarus.slightlystrange.org> In-Reply-To: <Pine.GSO.4.44L0.0205031736580.8080-100000@shell.core.com> References: <Pine.GSO.4.44L0.0205031736580.8080-100000@shell.core.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, May 03, 2002 at 05:51:46PM -0500, Steven Lake wrote: > I saw something similar to this mentioned with Windows 2000 that > you could do to deture hackers, and I was curious if it's possible with > Fbsd? Can you rename the Root account or possibly demote it, then promote > a lower user account, say something along the lines of "Admin1" or > something to that respect, to the roll of root and not screw anything up? > Or if that's not possible, can you add another user with the same powers > as root while disabling root itself? > > I'm just jabbing for ideas to stop a hacker who might be hacking > in looking for the root account to take control of a machine by allowing > them to hit an account with zero privaledges and go absolutely nowhere. > Of course we plan to be monitoring and catch them if they do, but I want > to slow them down or stop them if possible using this. The important part of the "root" user account is the UID of 0. The name is totally arbitrary. It is simply convention that dictates it be called root. Take a look in the default /etc/passwd - you'll see two entries with UID 0 - "root" and "toor". The difference is simply the default shell. Both have full super-user rights, imparted by the UID. Incidentally, each account can (and probably should) have its own password. So, you can create another user account with any (legal) name, assign it UID 0, disable the "real root" user, and there you go. I believe under NT/Win2000, things are very different - every user has its own SID, as does each group. You then assign rights and permissions to these users and/or groups - no SID is of itself inherently privileged without that association. UNIX systems don't support this notion of "promoting" or "demoting" users in the same way as Windows. (As far as I know, at least) The upshot is, if your account called "root" has UID of, say, 2500, then it is only a normal user account. Likewise, an account by any name but with UID 0 is super-user. It's late, and I hope this makes sense, and isn't too wildly inaccurate... ;-) Dan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020504025346.GA5805>