theoretical question - can root's username be changed?

Fri Dec 2 14:12:07 UTC 2005

On Fri, 2005-12-02 at 00:17, Mike McCarty wrote:
> John Summerfied wrote:
> > Mike McCarty wrote:
> >
> > At one point I had "john" and "summer" with the same UID and it did not 
> > work very well at all.
> 
> Yes, I can believe that. I did some contract work for a company
> doing pharmeceutical control software, which had a user with
> UID 0 on UNIX like systems. There were three major flaws in
> security: (1) ordinary users were forced to log in with
> what was essentially root (yes, it was a different name,
> and the password was different, and they didn't even know
> they were logged in, but still, all the software ran with
> root access, and defects could be devastating), (2) it was
> difficult to ascertain just who and what actually did something
> to the system, since everything was reported as "root", and
> (3) remote access required security compromise when doing debug
> work, since one had to log in as essentially root to do
> any work.
> 
> > A really big flaw in Unix design is the fact one user has the inherent 
> > ability to do everything, the fact that the Unix security model is built 
> > round this.
> 
> I think it goes a little deeper than this. The entire security
> system is based on a very simple model: owner, trusted friends,
> everyone else. So root is just a "universal owner".
> 
> > The windows model is, to my mind better; where it falls down is the 
> > implementation.
> 
> The Windows NT (and hence XP) model is superior, yes.
> 

Is it?  Best practice is to use the least privilege possible to get the
job done.  By creating users that login with super user privileges you
break that best practice.  You still need a user that can admin the
box.  But individual users under linux or any unix like OS can be
granted all or some of roots capabilities via sudo or similar
utilities.  Users should not be encouraged to login directly as root to
prevent several of the problems you listed above.  By logging in as a
normal user and then using su or sudo an audit trail is left so things
can be tracked down if needed and traced to a particular users account. 
Logging in directly as root leaves it open as to which user did
something on the system.

Windows suffers because by default most users have admin or super user
capabilities.  This in turn becomes the conduit that so many of the
viruses use to gain complete control of the system.

If they used the least privilege rule viruses would not be as easy to
spread since they would not run with super user like privileges in most
cases.

Both systems can be run securely by using best practices.  Unfortunately
most windows systems by default do not use such practices.  And many new
linux users use root as their day to day login instead of setting up a
normal user.  In the long run that will come back to bite them.