[TriLUG] to delete root, or not too?
mindcrime at cpphacker.co.uk
Mon Nov 13 18:08:36 EST 2006
jason watts wrote:
> yes, all this helps... is disabling root a common practice out in the
> real world? it just strikes me as something you wouldent want to do...
I don't know exactly how common it is, but there are (seemingly) valid
arguments for it. One involves a touch of "security through
obscurity." If everybody knows there is an account named 'root' that
has total access privileges, an attacker may focus in breaking
into the 'root' account. OTOH, if you create a new administrative user
(don't call it 'fakeroot' like I did) and make that your
admin user, a would be attacker doesn't have that known target now. How
important is that? Eeeeh, well, it depends
on your perspective, but it's at least one minor thing to consider.
Regardless of whether you delete root or not, it might be a good idea to
disable remote logins for root and force a remote
administrator to login first, then use su to become root.
> also, if root is deleted or disabled, dont you loose part of the
> functionality of su ... the part where you just type su - and you are
> now root, provideing you know the pw?
It would appear so. When I tried it on my munged up system just now, I
got the old "user root does not exist" when I tried 'su -'
However, 'su - falseroot' still worked as expected. Also, just a note
in case you want to experiment, once I recreated my
root user, 'su -' worked normally again.
More information about the TriLUG