Fun with Linux - Changing the root user name
So, here is the crazy thing that I have been doing lately - changing the root username! It may seem absurd to some and simple/straightforward to others, but it was one of the most fun and learning times I had with Linux for a long time. In this post, I’ll tell you how I approached the issue and screwed up badly multiple times until I finally got it right.
Before we start, I want you to keep a few things in mind.
Please note that
- First of all, it was all for fun. In my knowledge, no benefit can come from doing such a thing other than the fact that no one would be able to login as root because we just changed the name :P. But there are better methods to secure root logins than this. So, its really not way to go.
- Don’t try this on your own computer or a production machine unless you really know what you are doing. If you really want to try this out, use a Virtual Machine.
- Be very careful while configuring because the steps involved are not suggested as a good practice and you might end up breaking your system.
- If you are using virtualbox, make good use of its snapshot feature. This way if you break something, reverting back would be matter of seconds.
So, here’s how we’ll proceed. I’ll pin down a few assumptions and then do some tweaking around based on them. After a few of such cycles, deducing conclusions, we’ll reach the solution.
I knew the idea was weird from the beginning, but why make things complicated right away. So, I tried going down the easy road first.
- Since all the information about users and groups is based upon the ID(not the name) so, changing it shouldn’t break anything.
- Since its just another user, why not try usermod to change the username.
So, I logged in as root, ran the command and got the following error.
[root]# usermod -l king root
usermod: user root is currently logged in
And yes, the new username is going to be "king". The conclusion was clear enough - “can’t change the username with root logged in”. Here’s the next approach.
- Why not try sudo? As far as I know, it escalates the privilege to root, so technically root won’t be logged in and the command should work.
But I was very wrong somewhere. Still the same error.
[shredder12]$ sudo usermod -l king root
usermod: user root is currently logged in
The user root wasn’t logged in anywhere. May be he’s always up or may be privilege escalation by sudo is counted as logging in. I would really appreciate if someone could clear this up for me. I was all confused here and finally decided to make changes at the core level.
- The only source of username and UID mapping is /etc/passwd file(unless you use a directory-service like NIS etc.). If I can change the name there along with other locations - /etc/shadow & /etc/group. I might be able to pull this off.
- Usermod does the same thing safely. But since its not working, I decided to do it manually.
- Things should work fine later because UID is still the same, 0. So unless someone uses the exact term "root" somewhere, the method is flawless.
So, I logged in as root and changed the entry in /etc/passwd from root to king. If you open a new shell now, you can see that it actually works .
P.S. - I was using Ubuntu and was stuck while trying to do the following using sudo. The issue is discussed later in the article. Here we’ll use a root shell instead.
[root]# vim /etc/passwd
Please note that, I still haven’t changed the entry in /etc/shadow file. And since the mapping there takes place on the basis of name rather than UID, I won’t be able to login or change password until I change the username in it too.
[king]# vim /etc/shadow
re-enter new passwd:
One more thing, we don’t have to change the /etc/group file. That’s because the primary group of every user is specified in the form of gid in the /etc/passwd file(the 4th field). And assuming that group information is stored and checked with id rather than name, it should be fair to leave it as it is.
uid=0(king) gid=0(root) groups=0(root)
Be careful while using sudo
If you noticed, I used the root prompt before making changes to the files - /etc/passwd and /etc/shadow. This simplified a lot of things. But they were pretty messy when I tried to do the same using sudo.
You will easily be able to change the entry in /etc/passwd file using it. But the next time you run sudo it’ll throw a nasty error.
[shredder12]$ sudo vim /etc/shadow
sudo: unknown user: root
I thought it might be because of a reference to the name “Root” in its configuration file, /etc/sudoers. I tried to fix it by changing the name to king, remember I am still logged in as root on another shell. But unfortunately, that didn’t work either.
# User privilege specification
king ALL=(ALL) ALL
This is another problem I haven’t been able to solve. Once again, I'd really appreciate if someone could help me figure this out.
I hope this little adventure of mine helped you learn something new too. Seriously! Who says linux is boring? ;) Please do share some of your crazy stunts on Linux.