1

I am told that the most basic security to set up in Linux is to change the superuser name from root to something obscure

so I run these steps to add new user

$ /usr/sbin/adduser new_username
$ passwd new_usersname

then went to give ssh access to new user

$ /usr/sbin/visudo
root           ALL=(ALL)        ALL  // didn't modify this
new_username   ALL=(ALL)        ALL  //added this

Now despite the above change, my new user new_username does not have superuser privileges. I am always forced to change to root using su use root privileges.

So, what I want is to remove completely the root account, and give all root's power to my new_user

How do I accomplish this task ?

robue-a7119895
  • 561
  • 1
    Removing the root user is impossible (for a ton of good reasons). That is not what you want to do; you want to give your user permanent root permissions. But, you shouldn't do that either. You should learn how to use sudo safely and effectively. – HalosGhost Jul 24 '14 at 12:11
  • You write about giving ssh access, but you configure sudo... Did you check, wheather sudo works or not? (https://superuser.com/questions/553932/how-to-check-if-i-have-sudo-access) – Tobias Jul 24 '14 at 12:20
  • There is already a question about changing root's name, but that is a weird thing to do. If you want security it would make more sense to prevent directly login as superuser, and do everything through sudo. – Leiaz Jul 24 '14 at 12:21
  • 1
    You talk about renaming root, but your information shows you trying to add another sudo user, and your comments talk about using su not sudo. This all makes no sense. Then as mentioned, removing 'root' is a very bad idea. Where are you getting this info? – phemmer Jul 24 '14 at 12:40
  • Wow, I never knew changing root user was such an issue. @Tobias Yes. I can use sudo, but only after a password prompt. I am just trying (at-leasst) to deter an attacker from knowing there is a user called root – robue-a7119895 Jul 24 '14 at 12:41
  • @Patrick Well, I came up with it actually. I am trying to stick to the old advice that in the case of a login application, telling a user's email is ok, at-least gives half the information to a potential attacker. – robue-a7119895 Jul 24 '14 at 12:43
  • 2
    "I am told that the most basic security to set up in Linux is to change the superuser name from root to something obscure" This is garbage. G A R B A G E. Whoever told you that, don't listen to them again. It will be drop dead easy to get the new username anyway, it's the user with UID 0. And if it ain't uid 0, it's whoever owns all the system files. And if that ain't the superuser, you have just introduced a big security hole, not to mention broken things that may require it. Forget about this now. – goldilocks Jul 24 '14 at 13:20
  • Forget about this now DONE! – robue-a7119895 Jul 24 '14 at 15:01

2 Answers2

2

Your new user new_username will not have root privileges after editing the sudoers file. This change only allows new_username to run sudo in order to run a task with superuser privileges:

$touch testfile
$chown new_username testfile
chown: changing ownership of 'testfile': Operation not permitted
$sudo chown new_username testfile
[sudo] password for new_username:
$

There are various debates about renaming the root account. It would probably be better to make it secure instead of renaming it.

garethTheRed
  • 33,957
1

You can always disable a root account by setting his login prompt to nologin in /etc/passwd file. However, after setting this, you would not be able to use root account even using ssh or su. 

root:x:0:0:root:/root:/sbin/nologin

Now, as per this link, after setting sudo privileges to an user, the user must log off and log in back again for the effects to take place.

Community
  • 1
Ramesh
  • 39,297