theoretical question - can root's username be changed?

Mike McCarty mike.mccarty at sbcglobal.net
Fri Dec 2 19:22:56 UTC 2005 

Scot L. Harris wrote:
> On Fri, 2005-12-02 at 00:17, Mike McCarty wrote:
> 
>>John Summerfied wrote:
>>
>>>Mike McCarty wrote:
>>>


[snip]

>>>The windows model is, to my mind better; where it falls down is the 
>>>implementation.
>>
>>The Windows NT (and hence XP) model is superior, yes.
>>
> 
> 
> Is it?  Best practice is to use the least privilege possible to get the
> job done.  By creating users that login with super user privileges you
> break that best practice.  You still need a user that can admin the
> box.  But individual users under linux or any unix like OS can be
> granted all or some of roots capabilities via sudo or similar
> utilities.  Users should not be encouraged to login directly as root to
> prevent several of the problems you listed above.  By logging in as a
> normal user and then using su or sudo an audit trail is left so things
> can be tracked down if needed and traced to a particular users account. 
> Logging in directly as root leaves it open as to which user did
> something on the system.

Nothing you said disagrees with what I wrote.

> Windows suffers because by default most users have admin or super user
> capabilities.  This in turn becomes the conduit that so many of the
> viruses use to gain complete control of the system.

Eh? Not on any machine I administer, they don't.

> If they used the least privilege rule viruses would not be as easy to
> spread since they would not run with super user like privileges in most
> cases.
> 
> Both systems can be run securely by using best practices.  Unfortunately
> most windows systems by default do not use such practices.  And many new
> linux users use root as their day to day login instead of setting up a
> normal user.  In the long run that will come back to bite them.

ANY security system can be abused.

Mike
-- 
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!

More information about the users mailing list