theoretical question - can root's username be changed?

[John Summerfied]

Mike McCarty wrote:

>> Let me put it differently. Root's UID is 0 - suppose I change UID 0's 
>> User Login to 'doorknob' - first, can this be done? Second, would I 
>> have to create a new home directory called 'doorknob'? Third, are 
>> there any implications, doing this, for other software and/or settings 
>> in a Linux PC? Fourth - if this shouldn't be done, can a new user, say 
>> UID 15, be created with all the same privileges as root, and can root 
>> then be purged?
> 
> 
> You may have as many user names associated with UID 0 as you like.
> The home directories may be set independently as you like.
> I would not "purge" UID 0, but I cannot think of how that would
> conflict.

There is another problem resolving UID=0 to a name

Which name?

At one point I had "john" and "summer" with the same UID and it did not 
work very well at all.

A really big flaw in Unix design is the fact one user has the inherent 
ability to do everything, the fact that the Unix security model is built 
round this.

The windows model is, to my mind better; where it falls down is the 
implementation.

I used to  be an MVS sysprog (20 years or so ago). The right/ability to 
create new accounts was given to individuals (sure, they can create 
users with any rights at all, but in fact there aren't many rights in 
MVS, and on those machines people cared about security and implemented 
audit trails).

Some of us sysprogs "owned" the system libraries, and it was the right 
of ownership that gave us the ability to install/udate programs. And 
they were protected by passwords and expiry dates, the latter requiring 
intervention from operators to okay.

It was way more complicated than that, of course, but it helps 
illustrate an alternative security model.




-- 

Cheers
John

-- spambait
1aaaaaaa at computerdatasafe.com.au  Z1aaaaaaa at computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/

do not reply off-list