Re: [SLUG] WAS about Linux virii

From: Steven Johnson (alinuxguru@hotmail.com)
Date: Thu Feb 14 2002 - 18:51:31 EST


>>. . . don't run as root if you can help it.

>Does anyone know of a way to have a name other than `root'
>being the super user? (In LINUX.)

vipw?

I do not mean to trivialize this, but why couldn't you just change the user
ID root to whatever you want? Many apps use the UID 0 anyway. There are
some apps (/etc/inetd.conf comes to mind) that has "root" hard coded in but
how hard could it be to track these down on an open source platform?

Try this at home, create another user name with UID 0. voila, you now have
two super users. We used to do this to have a universal NIS user with root
priveleges (yeah, yeah, I know...) for distributed systems. Rather than
give 10 people the root password to 100 boxes, we gave them the one NIS
password with the same rights. There was some flexibility in this approach
that a single UID 0 user did not allow for.

<Disclaimer: I will deny ever saying this>
So, with your two root users, change the shell of the original root to
"/etc/noshell" and see what happens. </disclaimer>

>(I would also want to hide his directory among all `normal' users)

This would be "bad". The root user would need to have his home directory
mounted for lower run levels. So, unless your user accounts are in / there
is no nice way to obfuscate the user home directory.

_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail.
http://www.hotmail.com



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:07:01 EDT