|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Actualy, if you set the uid to 0, it will be synonymous with the root
user. The other username will _be_ root.
I personaly wouldn't recommend doing this at all, under any circumstances.
There are a bunch of checks, and tests in libraries, and the kernel that
look to see if you are root. By making another user root, you will loose
out on some of these checks. One of these being things like telnet and ftp
(and ssh), which do not normally allow root to enter the box from across
the network (for the simple fact that someone may be sniffing the connection,
it also prevents remote brute force attacks against these accounts), the
checks [may] fail in the case that the user has a uid of zero.
A cracker would then have 2 passwords to try to attack -- and since the
other user who is root, but is not root, is not root, they may not use
their account with the same level of 'respect' and leave open more
holes than a user who is truly root. The whole permissions structure is
different for non-root users and things like their home directories -- they're
more likely to do stuff that's bad for system security.
As recommended eariler, I'd use a combination of groups and sudo to grant
the access you'd need. If you're going to need more than 1 administrator
for a box, they should all be in very close communiation with each other
or you run the risk of undoing/redoing changes, not knowing what the
configuration on the system is, and doing things that normally wouldn't
break thinks, but because of other changes do break things.
When you install your linux system, you start out logging in as root almost
all the time -- even against the advice of your seasoned unix friends who
tell you to never log in as root, and only su to it as infrequently as
possible. One day, unless your uber-lucky, you finally learn why -- and
as an added bonus, you get to practice installing your system again. From
that point on, you generaly realize that the advice of your friends was
good advice so you start practicing it (and telling your newbie friends
about it, and shaking your head when they don't follow it -- such is the
way of the world). Setting up a root synonym account goes against this
simple age old advice.
Bottom line, never do this.
Thanks for listening to my opinions, thanks for your questions, they
also help educate me.
k
------------------------------------------------------------------------------
All parts should go together without forcing. You must remember that the parts
you are reassembling were disassembled by you. Therefore, if you can't get
them together again, there must be a reason. By all means, do not use a
hammer.
-- IBM maintenance manual, 1925
mortis@voicenet.com http://www.voicenet.com/~mortis
------------------------------------------------------------------------------
On Wed, 13 Oct 1999, Michael Whitman wrote:
> If I want to create a user with all the power of the root user... but not
> call it root... can i do this?
> I am using rh 6.0.
>
>
> Michael P. Whitman
> Online Services Developer
> American Lawyer Media
> PaLAWnet - DeLAWnet
>
>
> mailto:michaelw@palawnet.com
>
> _______________________________________________
> Plug maillist - Plug@lists.nothinbut.net
> http://lists.nothinbut.net/mail/listinfo/plug
>
_______________________________________________
Plug maillist - Plug@lists.nothinbut.net
http://lists.nothinbut.net/mail/listinfo/plug
|
|