Solved

Change "root" user to others

Posted on 2004-09-30
13
1,316 Views
Last Modified: 2013-12-27
Can we change solaris user "root" to others? If so, How can I do?
How about other unix platforms, such as HPUX, Linux, etc?
0
Comment
Question by:sirator
  • 5
  • 2
  • 2
  • +2
13 Comments
 
LVL 38

Expert Comment

by:yuzh
ID: 12197603
>>>Can we change solaris user "root" to others? If so, How can I do?

when you login as root and you want to switch to another user, you can do:

              su - another-user

to run a command as another user you do:

              su - another-user -c "command"

man su
to learn more details.

IF you want to rename root to another user, bad idea, your system might stop functioning
without root ! In practical you can create another user have the same power as root (it create
a security hole in your system, I would not recommand to do it).

>>>How about other unix platforms, such as HPUX, Linux, etc?
the above comments apply to all *nix!

0
 
LVL 48

Expert Comment

by:Tintin
ID: 12198450
Do NOT change the root user to anything else as it will break your system.  Although most processes work off UID, there are still plenty of things that check for the actual user 'root'
0
 

Author Comment

by:sirator
ID: 12200863
That means it's absolutely IMPOSSIBLE to rename "root" to another name, right?
And if I create another user with the same power as root for example "admin" and then I delete user "root" out of the system, can I?
0
 
LVL 10

Expert Comment

by:Nukfror
ID: 12205397
Its not impossible - nothing stopping you from using vi and doing it - You just may *seriously* regret it later.

You should goto http://docs.sun.com and do some reading on RBAC.  RBAC can be used to effectively stop root from being god-of-the-box-for-everything and give that role to someone else if you wish.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 12205540
Let's go back a few steps.

Why do you want to change the root user?

I get a sneaking suspicion that sudo might be involved in the answer once we know your reasons.
0
 
LVL 10

Expert Comment

by:Nukfror
ID: 12205815
Tinin - stop being so correct to ask that question.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 3

Expert Comment

by:Mike R.
ID: 12252446
Actually, I regularly create a "root1" user on Solaris systems and associate it with the UID "0" (zero).  

It can hold its own password, such that you can allow other users to login with their own password and function as root.  The only snag you regularly run into is, if a user logs in as "root1", and then does a "passwd" (by itself) to change his password...it will change root's password (as "passwd" sees him as UID "0", and will associate "root" as UID "0" before "root1".)  However, if you run the command "passwd root1" (as either root or root1) it will change the correct users passwd.

"root1" can be any username...however, one thought is...if a user is trusted enough to have root access, they are probably trusted enough to have the root password.

"sudo", "suid" or appropriate access rights on files is probably a better way to control your system.

Best of Luck!
M
0
 
LVL 3

Expert Comment

by:Mike R.
ID: 12252544
P.S.  If you are looking to CHANGE root to something else (like Windows security guides recommend)...Tintin is correct in the sence that there are MANY scripts on the system which check the currently logged in user by the $LOGNAME variable, and take action based on if it's "root" or not.  If you change the name...these will break.  You COULD change "root" to something else, but it might be a bad idea.

M
0
 

Author Comment

by:sirator
ID: 12430148
Dear Rightmirem
     Thanks for your valuable info., I don't intend to change them, it's just my suspicion if I can rename it.
     Anyway, what is the sudo or suid? Are they Unix's command or anything? Please explain me.
0
 
LVL 38

Expert Comment

by:yuzh
ID: 12430206
You can download sudo from:
     http://sunfreeware.com/
to learn more details about sudo, see:
    http://www.sudo.ws/sudo/
or do a search at EE, answered many, many many times.

 What's SUID:
http://www.homepage.montana.edu/~unixuser/051602/SUID.html
http://www.unix.org.ua/orelly/networking/puis/ch05_05.htm
http://www.samag.com/documents/s=1149/sam0106a/
0
 
LVL 3

Expert Comment

by:Mike R.
ID: 12436108
Check the above links.  SuDo is actually a program package that allows other users (specified in a configuration file) to run items as if they were root.  Simply put, you canlet specified users run root stuff without knowing the root password.

suid (or "set UID") is a method by which you can allow a script to run as if it were called by the owner of the file, even if it is called by another.  Example...

1. You have a script called "runme".
2. It is owned by user "root", and group "users"
3. It has the standard permissions of -rwxr-x---, which allows root full control, the goup "users" to read and execute the file, and everyone else "no access".
4. When a user other than root, who belongs to the "users" group runs the command (I.E. user "mright") the script is identified by the system as having been run by "mright" and will only allow the script to do the things "mright" is allowed to do.  

Meaning, if the script says to "umount /directoryname", the umount will fail because "mright" does not have the system permissions to do a umount.

4. As root, you set the suid with the command "chmod o+s" such that now the permissions read "-rwsr-x---".  (Note, you have to first have the "x" permission turned on, to then set the suid.
5. The "-rwsr-x---" permission is now saying the script is owned by root, who has full control, and the "execute" permission is setuid.  The group "users" can still run the script, but when "mright" runs the script, the system will identify the user as the "setuid" owner, or in this case "root".  This will allow the "umount /directoryname" command in the script to function because the systems has identified the user running the script to be "root", even though "mright" called the script.

0
 
LVL 3

Expert Comment

by:Mike R.
ID: 12436161
Oops....hit send accidentally...

What I was about to say was...THIS IS A HUGE SECURITY RISK (setuid) because ...

A)  If someone can manage to modify the script, they now have the ability to run ANYTHING as root.  And...

B) If there is any place for user input, this can be abused by hackers to infiltrate the system.  Example...

SCRIPT***
#/bin/ksh
echo "Input item to search for"
read SEARCHLIST
find . -name $SEARCHLIST
exit 0
END SCRIPT ***

The script seems innocuous enough, BUT if it is "setuid" to root...a hacker could enter the following as the search list...

"filename; rm -rf /*"

... and the end result would be that the script would run the command "find . -name filename; rm -rf /*" which would be interpreted by the system as two commands...the "find . -name filename" and then the command "rm -rf /*".  Since the script is run as root...you lose your system.

Caution caution caution with suid.

Best of luck,
M
0
 
LVL 3

Accepted Solution

by:
Mike R. earned 125 total points
ID: 12436200
Ooops..another P.S. (this is what I get for answering questions before I finish my coffee)...

The command is "chmod u+s" (for user+setuid) NOT "chmod o+s" (which would mean "other+setuid"...easily confused with "owner+setuid".)

My booboo :-)
M
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Let's say you need to move the data of a file system from one partition to another. This generally involves dismounting the file system, backing it up to tapes, and restoring it to a new partition. You may also copy the file system from one place to…
A metadevice consists of one or more devices (slices). It can be expanded by adding slices. Then, it can be grown to fill a larger space while the file system is in use. However, not all UNIX file systems (UFS) can be expanded this way. The conca…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now