A security question pertaining to disabling the root login. [SOLVED]

I've recently been configuring sudo and came across the following piece of advice:
https://wiki.archlinux.org/index.php/Su … root_login
After making my normal user a full fledged sudoer I followed the advice in the link above.
passwd -l root
worked beautifully without problems in spite of the warnings.
However on a hunch after going
ls -l /etc/passwd
I was dismayed to see that the permission of the file was 644 with owner root. Shouldn't the permission be 640? Otherwise why would a cracker try to guess who is a sudoer when you can look at /etc/passwd and see myname in the entries and go like "OK root's disabled this is the only other human user lemme see if I can crack this..."
Like I would have changed the permission on etc/passwd to 640 but since I'm far from an expert I want to know if this is safe to do/are there any unintended consequences for doing so. Furthermore even if I can do that the cracker will then proceed to search for all users who are members of the wheel group. I don't know what command would do this but clearly there must be a way the OS keeps track of which group has which members. Even if it's possible to safely change the permission of etc/group to 640 or 600 I don't think it's a good idea cause the cracker will still attempt to find all members of the wheel group because wheel is universal to Linux.
My next worry is /etc/shadow. The good news is the permission there is 600. However there may be other files which can give away my username to the cracker besides /etc/passwd and /etc/group. If so what are they. Can they be safetyed?
All in all was disabling root a good idea. I still want my normal user to have sudo powers for convenience. But even so if I am right about /etc/passwd then following the advice there simply makes the job one step longer for el cracker muy malo. Can you guys clue me in as to whether or not /etc/passwd can be safetyed without consequence and what is going on with this whole thing.
Last edited by hiushoz (2011-01-10 05:08:03)

I don't think you'll be able to change the permissions without error.  If I'm not very much mistaken, several user-space programs (like xterms) read that to determine what your preferred shell is.
But if I understand the permissions system correctly doesn't the third number dictate access for people that aren't the owner or part of the owners group?
Yes, that's correct.  However, there's no mechanism for them to view the files. Users can't execute processes (including the shell and its commands) unless they've either logged into your computer or found an exploit somewhere. In the event that they've found the exploit, they're most likely already running in either kernel mode or as root, so your security has already been compromised.
You're probably confused because of the oft-used terminology 'world readable'. In reality, that means any local user.
Why would you allow a cracker to login in the first place?
I think this about sums it up, though I would like to elaborate on what's really being said here. There are several ways to give a cracker access to your computer; the most obvious being granting them a user account and letting them sit at your keyboard.  When you run a script or binary written by someone else, it's very close to the same thing. The program you're running can do everything you can.
Just as you wouldn't let someone you don't trust sit at your keyboard, you should only run scripts and binaries from users you trust, at least until you've gathered enough skill to scrutinize their contents. By installing the Arch distribution, it seems you already trust Arch and its repositories, so I wouldn't worry so much about those binaries.
Otherwise why would a cracker try to guess who is a sudoer when you can look at /etc/passwd and see myname in the entries and go like "OK root's disabled this is the only other human user lemme see if I can crack this..."
This is silly, for a number of reasons:
1) As above, the user would need to already be logged in as a local user.
2) There are dozens of other places where you can find lists of local users. Even if you were to change the permissions there, a cracker could easily find a list of probable human users by:
    -Listing the contents of /home/.
    -Reading the file /etc/group; this if anything is even more dangerous, as it hints at which users have administrative rights.
3) You're trying for security through obscurity. Instead of hiding the usernames, you should attempt to remove any vulnerabilities that would make knowing a username useful.
Perhaps you'd be better off preventing a brute force attack by monitoring /var/log/auth.log, perhaps with something like Fail2Ban?
Last edited by ktemkin (2011-01-10 02:23:38)

Similar Messages

  • I can't disable the root user

    The OS X says:
    "You should disable the root user if you have no further need of it. A root user can modify and delete any file in the system including system files not available to other users. Having an enabled root user on your system eliminates an important layer of security for your system."
    In order to disable the root user (System Administrator), the OS X says:
    Open Directory Utility, located in the Utilities folder in the Applications folder.
    Open Directory Utility
    Click the lock to make changes, and then enter an administrator name and password.
    Choose Edit > Disable Root User.
    The problem is that the option Disable Root User is not displayed. There is only: Enable Root User
    Is there any other way for removing the System Administrator from the users log in options, when the computer starts?

    Hello Kappy.
    There is something weird about this issue.
    When I bought the machine, the vendor opened it and initiated the system for the first time at the store.
    He typed some random stuff and told me I could change it at home.
    Later, when I tried to open Safary, a keychain asking for a password always appeared, but It wouldn't block the access. It was just annoying. I didn't know any password, so I followed the manual to change the original password.
    I don't remember exactly what happened, but after initiating the system with the start up disk 1, and setting a password for the "My Account" user, that password still didn't work for unlocking the keychain.
    Then I started again with disk 1 and selected the other option: System Administrator (root), setting a password for it.
    After that I could operate the access to keychain.
    In System Preferences > Accounts display, the only available user is the original one that the vendor typed at the store, and under its name, referring to it, there is: "Admin"
    So it seems that there is two Administrators, but the root one is the most powerful, and it always appears in the login options under the name "Other..."
    I'm puzzled

  • I got an 15 dollar iTunes card for Christmas. I took a picture of the card code to redem the card I accomplished that but when I try to download an app that cost money it asks me two security questions  that I forgot the awnsers to.what do I do?

    I got an 15 dollar iTunes card for Christmas. I took a picture of the card code to redem the card I accomplished that but when I try to download an app that cost money it asks me two security questions  that I forgot the awnsers to. Than I click the forgot security questions than it sends it to my email but that's the problem I do not get any email.

    You need to ask Apple to reset your security questions; ways of doing so include clicking here and picking a method for your country, and filling out and submitting this form.
    (96048)

  • HT5312 I didn't make a rescue e-mail and now i forgot the answers of my security questions!!' And the apple support contact wont open???

    I didn't make a rescue e-mail and now i forgot the answers of my security questions!!' And the apple support contact wont open???

    I'm not sure what you mean by the 'apple support contact wont open' (?). If you mean the 'contact iTunes Store support' link on the page that you posted from I've just tried it and it seems to wok ok for me, though I haven't gone as far as to actually contact them.
    You can contact either iTunes Support or Apple to get the questions reset.
    e.g. you can try contacting iTunes Support : http://www.apple.com/support/itunes/contact/ - click on Contact iTunes Store Support on the right-hand side of the page, then Account Management , and then 'Forgotten Apple ID security questions'
    or try ringing Apple in your country and ask to talk to the Accounts Security Team : http://support.apple.com/kb/HE57
    When they've been reset you can then use the steps on the page that you posted from to add a rescue email address for potential future use, or if it's available in your country you could change to 2-step verification : http://support.apple.com/kb/HT5570

  • Can't seem to download any app despite entering the correct password and answering 3 security question but still in the end it comes up the message that my session has timed out no matter what! Please help, many thanks in adv!!

    Can't seem to download any app despite entering the correct password and answering 3 security question but still in the end it comes up the message that my session has timed out no matter what! Please help, many thanks in adv!!

    Try doing it on your computer with iTunes and then sync to your iPad to see if it clears the problem.

  • HT201363 i Want To Buy a Game On The phone but the security Questions i forgot and the Email

    I Have a Iphone 5c i Want To Buy a Game On The phone but the security Questions i forgot and the Email To Change Them i forgot can you please help me with the email i sent them To?
    <Edited by Host>

    Welcome to the user to User Technical Support Forum provided by Apple.
    Please do not post personal information on a Public Forum.
    I have requested the Hosts remove it for you.
    For your issue...
    See Here > Apple ID: Contacting Apple for help with Apple ID account security
              Ask to speak with the Account Security Team...
    Or Email Here  >  Apple  Support  iTunes Store  Contact
    More Info >  Apple ID: All about Apple ID security questions
    Note:
    You can only set up and/or change a Rescue Email Before you forget the questions/answers.

  • HT201363 Good evening ...  I have an account in appel and I have purchased a card  But I can not buy applications because the applications you want to push it under the answers to security questions and I forgot the answers to these questions  How can I c

    Good evening ...
    I have an account in appel and I have purchased a card
    But I can not buy applications because the applications you want to push it under the answers to security questions and I forgot the answers to these questions
    How can I change my answers to security questions??

    Hello, yazanalmasri0.
    If you need to reset your security questions and have a rescue email attached to your Apple ID, this article will help you with this issue.
    Rescue email address and how to reset Apple ID security questions
    http://support.apple.com/kb/HT5312
    If you are still unable to reset your security questions or do not have a rescue email associated with your account, you will need to reach out to our account security team. 
    Apple ID: Contacting Apple for help with Apple ID account security
    http://support.apple.com/kb/HT5699
    Cheers,
    Jason H.

  • How can i figure out the answers to my security questions if i forgot the answers

    how can i figure out the answers to my security questions if i forgot the answers

    Welcome to the Apple Community.
    Start here, and reset your password, you will receive an email with your new password, then go tomanage your account > Password and Security and change your security questions.
    If that doesn't help you might try contacting Apple through iTunes Store Support

  • Hi, recently I have been making a list of songs and now that I have all of the songs that I want my iTunes is telling me to answer security questions that I forget the answers to, is it possible to get rid if this?

    Hi, recently I have been making a list of songs and now that I have all of the songs that I want my iTunes is telling me to answer security questions that I forget the answers to, is it possible to get rid if this?

    Damian_2087 wrote:
    ... I forget the answers... is it possible to get rid if this?
    No.
    Contact iTunes Customer Service and request assistance
    Use this Link  >  Apple  Support  iTunes Store  Contact

  • How to reset my security question if i forgot the answers

    how to reset my security question if i forgot the answers

    You need to ask Apple to reset your security questions; this can be done by clicking here and picking a method, or if your country isn't listed, filling out and submitting this form.
    They wouldn't be security questions if they could be bypassed without Apple verifying your identity.
    (108969)

  • Helo. How to get my security questions because i forget the question.

    Helo, How to get my security question because i forget the answer. Please help me.

    Go to https://getsupport.apple.com ; click 'See all products and services', then 'More Products and Services, then 'Apple ID', then 'Other Apple ID Topics' then 'Forgotten Apple ID security questions'.

  • Hi i need help please . when i want to buy app from store ask me the security question but i forgot the answer  so i need to the link to rest answer of security question

    hi
    i need help please . when i want to buy app from store ask me the security question
    but i forgot the answer
    so i need to the link to rest answer of security question

    The Best Alternatives for Security Questions and Rescue Mail
        a. Send Apple an email request at: Apple - Support - iTunes Store - Contact Us.
        b. Call Apple Support in your country: Customer Service: Contact Apple support.
        c. Rescue email address and how to reset Apple ID security questions.

  • How can I change the security question because I forget the answers ?

    How can I change the security question because I forget the answers ?

    Security questions:
    https://discussions.apple.com/docs/DOC-4551
    http://support.apple.com/kb/HT5312

  • How do I update security questions. I forgot the answers

    How do I update security questions? I forgot the answers and when I attempt to purchase something it is asking for them

    Apple ID: Contacting Apple for help with Apple ID account security
    http://support.apple.com/kb/HT5665

  • Hi i have i problem with my iphone and the problem is the security question i have forgot the answers

    Hi i have i problem with my iphone and the problem is the security question i have forgot the answers
    I understand German and Italian i littlebit English

    You need to ask Apple to reset your security questions; this can be done by phoning AppleCare and asking for the Account Security team, or clicking here and picking a method, or if your country isn't listed in either article, filling out and submitting this form.
    They wouldn't be security questions if they could be bypassed without Apple verifying your identity.
    (106626)

Maybe you are looking for