Re: Renaming root users causes problems!

Sat, 26 Mar 2005 09:53:05 -0800

another measure would be to make sure your not using des or 3des. Maybe use md5 or even blowfish. and make sure you have a decent password. I played with changing the root name as well and getting rid of it and creating a user with an uid of less than 10. Less than 10 means that you have the same level of privs as root if I remember right.
I'd recommend
better encryption
better password
disable root ssh login - if you disable and someone breaks in you will be able to tell through which user they broke in.

-Stephen



Corey Edwards wrote:

On Sat, 2005-03-26 at 08:17, Kenneth Burgener wrote:


I had heard that one security measure you can do for your Linux machine is rename the root username. The system booted fine, but I found that several services (including xinetd, and iptables) require the root user to be named root. Is there a way around this, or is it not a good idea to rename the root user.



I personally don't see much point in it. Disable root ssh login if
you're paranoid. SELinux would probably be a better route to limit what
root can actually do. It's not a trivial task.



I have a second question. When I realized that there were problems I went back and renamed the root user back to root in the /etc/passwd and /etc/group, but I forgot to fix it in /etc/shadow. So my next question is how do you recover from that? I assumed that it would just list my password as blank, but this didn't work. Any suggestion on fixing this? How can you reset the root password? I had heard in earlier threads about booting to "single" user mode. I tried that but it prompts me for the "root password for maintenance".



Add the boot option "init=/bin/sh" in grub. That will skirt the whole
boot up process and dump you to a root shell. You may need to remount
the / filesystem with "mount -o remount,rw /". Edit /etc/shadow and
save. Since you didn't start /sbin/init, you can't shutdown. Instead,
remount / ro again to flush any changes and hit the power button.

Corey



------------------------------------------------------------------------

.===================================.
| This has been a P.L.U.G. mailing. |
|      Don't Fear the Penguin.      |
|  IRC: #utah at irc.freenode.net   |
`==================================='

.===================================.
| This has been a P.L.U.G. mailing. |
|      Don't Fear the Penguin.      |
|  IRC: #utah at irc.freenode.net   |
`==================================='

Reply via email to