On Die, 2011-11-15 at 08:03 +0100, Ulrich Windl wrote:
[...]
> I wonder how changing the permissions of root will make the system
What do you mean with the "changing the permissions of root"?
In the kernel, the user-id 0 is allowed to do everything (and there is
no "user name" in the kernel).
If you call the user with the user-id 0 "root" in user-space via
the /etc/passwd (or LDAP or ....) file doesn't really matter.
> more secure: If someone manages to break in as "root", he will find
> out what the real root is.
That is actually confusing (though everyone is used to it): "to become
root" technically means actually "assume the user-id 0".
Every user (who is logged in) can look into /etc/passwd (or LDAP or ...)
and see, which username is associated with 0 (otherwise `ls` can't
translate the uids from the filesystem into human-readable usernames).
I seriously doubt that renaming the "root" (and having a normal account
with the name "root") actually adds security. From the outside, you
shouldn't allow "root logins" anyway (read: a login where one ends up
with the user-id 0) and if you are on the system, you can look up the
user-name anyways.
So that will IMHO just add confusion .....
> Having multiple roots will not add anything
> to security IMHO, either. I agree with the permission check, but I'm
Well, you can have different passwords for the various user with user-id
0. But what can one do with that which can't be done with e.g. "sudo".
> worried about your security policies ;-)
[ Fullquote deleted ]
Bernd
--
Bernd Petrovitsch Email : [email protected]
LUGA : http://www.luga.at
--
You received this message because you are subscribed to the Google Groups
"open-iscsi" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/open-iscsi?hl=en.
