On Wed, 13 Feb 2002, Ronald KA4INM Youvan wrote:
> Someone said:
>
> > . . . don't run as root if you can help it.
I certainly offer that advice a lot
> I can't think of why logging in as root is a security problem,
> if you are logged in as `Joe', that doesn't prevent a Trojan
If root owns the login program (and it does), how shall they
get remote write access to trojan it?
> horse from sending your password to a guy named Lu (in China)
> that tenets into an open port
man securetty -- no remote logins as root except for at
the local console on most Linux implementations
> and logs in as root and E-mail
> your private thoughts to him. (or what ever)
>
> What has bothered me from my start is:
> I know the name of the super user on your box, everyone
> does.
The name is irrelevant; except for doing a lookup in
/etc/passwd (and /etc/shadow for comparing a hashed password
crypt [man 5 crypt]) for the account having userid 0 -- but at
the same tine, one may have several accounts with differing
passwords, and differing shells, all with rights and userid's
of 0 -- I have that in place at once site where the prior
admin did not understand 'sudo'
> That seems to me to make security twice as hard as it needs to be.
... naw -- network traffic is either in cleartext, or it is
not -- that is the major determinant
> Does anyone know of a way to have a name other than `root'
> being the super user? (In LINUX.)
sure: edit /etc/passwd and /etc/shadow for the userid 0 (see
man 3 passwd for the file layout) and change it as you will
> (I would also want to hide his directory among all `normal' users)
Won't help against a clueful attacker -- security through
obscurity is generally ineffective; the user name and content
are trivial to find:
SEARCH=`grep ':0:' /etc/passwd | awk -f ":" '{print $1}'`
echo "root is called: $SEARCH"
cd / ; find -u 0 -print
will do the trick.
-- Russ Herrold
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:05:39 EDT