theoretical question - can root's username be changed?
Guy Fraser
guy at incentre.net
Fri Dec 2 22:50:20 UTC 2005
On Fri, 2005-02-12 at 15:59 -0600, akonstam at trinity.edu wrote:
> >
> > One of the things I have learnt over the last two decades
> > administrating Unix and Linux systems, is that sometimes
> > there can be such a thing as too much security. I have
> > had intel based pc systems that were hardened so much that
> > even with physical access to the system it took a drill
> > to remove the case locking mechanism in order to access
> > the motherboard to erase the bios password before being able
> > to boot with a recovery disk. Once the recovery disk was
> > loaded I was able to change the "admin" users password to
> > gain access to the system, after the customer "lost" the
> > password, when an employee left. On that system I had
> > disabled root from being able to be logged in from all tty's
> > and the console, only the "admin" user was able to log in
> > from the console. That customer opted for less security on
> > the next system.
> >
> > If you want that kind of security, get a good steel case
> > and check out the Bastille Linux project.
> t reminds me of a day that will live in infamy when not realizing that
> they were using shadow passwds I erased the x in the passwd field of the
> root account. That cause the company I was consulting for $1,500. I know
> it was a zenith of my stupidity that day and it was on an At&T Unix box
> that had no way to boot to run level 1. I did a similar thing recently on
> an OS X box where booting to run level 1 is possible. That will teach
> people to allow me to administer an OS X box with mysterious commands
> that are not reversible.
>
> I am really not that incompetent but never try to administer a machine
> you do not understand.
Back in 1984, before I had any formal training in Unix Administration,
my boss put me in the awkward position of setting up an NFS system
on a customers Sun Microsystems machine. There wasn't enough room
on the /usr partition to install all the software, so we got a
second drive. I read what I could find, and figured out how to
configure the system to use the new drive, and proceeded to copy
/usr to the new drive. Once it was done, I decided to remove
the files from /usr before mounting the new partition... It wasn't
too long before I realized some of the commands I would need to
finish the job were in /usr/bin and or /usr/sbin, by then it was
too late, I hit control-c but most of the commands I needed had
already been deleted. I then quickly learned how to boot off a
tape drive and reinstall SunOS, by 03:00 the next morning I had
a functional system rebuilt and was able to install get the NFS
server running. The very next week I was sent to Sun to get
Advanced Administration training. If it wasn't for the fact that
my boss sent me even after I told him I did not feel I knew
enough and only had operator level training, I likely would not
have been working there long enough to get Administrator Training.
The moral of my story is; If you don't know what your doing, make
sure you make it understood before fumbling into the unknown, if
you succeed your a hero, if you don't then at least you weren't
misrepresenting your abilities and will not be looked upon as an
incapable liar.
More information about the users
mailing list