[TriLUG] to delete root, or not too?

Phillip Rhodes mindcrime at cpphacker.co.uk
Mon Nov 13 18:08:36 EST 2006


jason watts wrote:
> yes, all this helps... is disabling root a common practice out in the 
> real world? it just strikes me as something you wouldent want to do...
>
I don't know exactly how common it is, but there are (seemingly) valid 
arguments for it.  One involves a touch of "security through
obscurity."  If everybody knows there is an account named 'root' that 
has total access privileges, an attacker may focus in breaking
into the 'root' account.  OTOH, if you create a new administrative user 
(don't call it 'fakeroot' like I did) and make that your
admin user, a would be attacker doesn't have that known target now.  How 
important is that? Eeeeh, well, it depends
on your perspective, but it's at least one minor thing to consider.

Regardless of whether you delete root or not, it might be a good idea to 
disable remote logins for root and force a remote
administrator to login first, then use su to become root. 

> also, if root is deleted or disabled, dont you loose part of the 
> functionality of su ... the part where you just type su - and you are 
> now root, provideing you know the pw?
It would appear so.  When I tried it on my munged up system just now, I 
got the old "user root does not exist" when I tried 'su -'
However, 'su - falseroot' still worked as expected.  Also, just a note 
in case you want to experiment, once I recreated my
root user, 'su -' worked normally again.


TTYL,

Phil




More information about the TriLUG mailing list