[-- Outlook mutilation of text and top-posting manually fixed. --]
On 2004-08-25 19:03, Ara Avvali <[EMAIL PROTECTED]> wrote:
> Giorgos Keramidas [mailto:[EMAIL PROTECTED] wrote:
> > On 2004-08-25 18:50, Ara Avvali <[EMAIL PROTECTED]> wrote:
> > > Sorry if this might sound crazy, but is there anyway to rename
> > > root account to something else for extra security?
> >
> > No. At least, not as far as I know.
> >
> > Probably because it wouldn't provide any extra security unless you
> > tinkered with a hell of a lot of settings; [...]
>
> What I mean if someone wants to hack to machine or even get physical access
> half of the job is done by knowing the root user name. Although windows
> security blows but they have this feature renaming administrator user
> account name
Even if you rename the root user it's easy to find out the names of the
privileged accounts on a system by looking at /etc/passwd. The mapping of
username/userid is useful for many things besides knowing who the "root"
user is though, so it would break a lot of things if you just removed the
read permissions of /etc/passwd. For instance, ls(1) would have no way to
match the owner of files with a name in filename listings and would produce
output like this:
$ ls -ln | head -5
total 1804
drwxrwxr-x 2 1001 groupname 512 Aug 23 04:37 CVS
drwxrwxr-x 5 1001 groupname 512 Jan 12 2003 GNUstep
drwxrwxr-x 4 1001 groupname 512 Dec 26 2003 Mail
-rw------- 1 1001 groupname 46340 Aug 26 02:10 Mailbox
Not very nice...
Other parts of /etc that are now readable and provide potentially harmful
information are practically all the files in `/etc'. Instead of hacking
the permissions and owner of these files to avoid letting your users read
things that they should not be able to read, you might find it more useful
and more convenient to use chroot(8) or jail(8) to compartmentalize the
system and block the user from accessing the "outter" levels of the
installation.
> It would be like if you want to go in a street and steal a diamond ring.
> First you have to know the lot number of house which has it and second the
> key to get in. would make it harder to try every single house
Yeah, well. You wouldn't be able to steal the diamond if you were trapped
in a single neighborhood and the diamond happened to be in a safe downtown,
a few dozen neighborhoods away ;-)
> Anyway thank you for fast response
You're welcome.
- Giorgos
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
