theoretical question - can root's username be changed?

Fri Dec 2 20:20:14 UTC 2005

Scot L. Harris wrote:
> On Fri, 2005-12-02 at 14:22, Mike McCarty wrote:
> 
>>Scot L. Harris wrote:
>>
>>>On Fri, 2005-12-02 at 00:17, Mike McCarty wrote:
>>>
>>>
>>>>John Summerfied wrote:
>>>>
>>>>
>>>>>Mike McCarty wrote:
>>>>>

[ack, getting too deep!]

[snip]

>>>Windows suffers because by default most users have admin or super user
>>>capabilities.  This in turn becomes the conduit that so many of the
>>>viruses use to gain complete control of the system.
>>
>>Eh? Not on any machine I administer, they don't.
>>
> 
> Which is as it should be.  But then you are a good administrator.  :)
> I doubt you will find that many users, other than at your site, that
> don't have full admin capabilities on their standard user account.  And

*I* don't have admin capabilities on my standard user account.

> most likely they never login as administrator because they have no need
> to.  This allows them to blindly install software by just clicking on
> it.

Ugh. I'm not disagreeing with you. One of the greatest things about
Windows was that it put the computer into the hands of the "ordinary"
user. BUT, one of the worst things is that the "ordinary" user is
not actually capable of administering a computer. This is also
true for automobiles. But we have, on every corner, dealerships
which do the admin maintenance for the users of automobiles.

Computers haven't gotten there, yet.

> Under linux you can use sudo to allow a user to execute specific things
> with elevated privileges when needed.  In most cases that is not even
> required.  But it does allow you to grant new admins limited
> capabilities until they learn the ropes and you learn to trust them. 
> This can be done on a command by command basis.

Yes. But we were discussing models, not work arounds.

>>>If they used the least privilege rule viruses would not be as easy to
>>>spread since they would not run with super user like privileges in most
>>>cases.
>>>
>>>Both systems can be run securely by using best practices.  Unfortunately
>>>most windows systems by default do not use such practices.  And many new
>>>linux users use root as their day to day login instead of setting up a
>>>normal user.  In the long run that will come back to bite them.
>>
>>ANY security system can be abused.
> 
> 
> No argument with that statement.  :)

:-)

Mike
-- 
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!