Fun with Linux - Changing the root user name

So, here is the crazy thing that I have been doing lately - changing the root username! It may seem absurd to some and simple/straightforward to others, but it was one of the most fun and learning times I had with Linux for a long time. In this post, I’ll tell you how I approached the issue and screwed up badly multiple times until I finally got it right.

Before we start, I want you to keep a few things in mind.

Please note that

  1. First of all, it was all for fun. In my knowledge, no benefit can come from doing such a thing other than the fact that no one would be able to login as root because we just changed the name :P. But there are better methods to secure root logins than this. So, its really not way to go.
  2. Don’t try this on your own computer or a production machine unless you really know what you are doing. If you really want to try this out, use a Virtual Machine.
  3. Be very careful while configuring because the steps involved are not suggested as a good practice and you might end up breaking your system.
  4. If you are using virtualbox, make good use of its snapshot feature. This way if you break something, reverting back would be matter of seconds.

So, here’s how we’ll proceed. I’ll pin down a few assumptions and then do some tweaking around based on them. After a few of such cycles, deducing conclusions, we’ll reach the solution.

I knew the idea was weird from the beginning, but why make things complicated right away. So, I tried going down the easy road first.

Assumption(s) 1

  • Since all the information about users and groups is based upon the ID(not the name) so, changing it shouldn’t break anything.
  • Since its just another user, why not try usermod to change the username.

So, I logged in as root, ran the command and got the following error.

[root]# usermod -l king root
usermod: user root is currently logged in

And yes, the new username is going to be "king". The conclusion was clear enough - “can’t change the username with root logged in”. Here’s the next approach.

Assumption(s) 2

  • Why not try sudo? As far as I know, it escalates the privilege to root, so technically root won’t be logged in and the command should work.

But I was very wrong somewhere. Still the same error.

[shredder12]$ sudo usermod -l king root
usermod: user root is currently logged in

The user root wasn’t logged in anywhere. May be he’s always up or may be privilege escalation by sudo is counted as logging in. I would really appreciate if someone could clear this up for me. I was all confused here and finally decided to make changes at the core level.

Assumption(s) 3

  • The only source of username and UID mapping is /etc/passwd file(unless you use a directory-service like NIS etc.). If I can change the name there along with other locations - /etc/shadow & /etc/group. I might be able to pull this off.
  • Usermod does the same thing safely. But since its not working, I decided to do it manually.
  • Things should work fine later because UID is still the same, 0. So unless someone uses the exact term "root" somewhere, the method is flawless.

So, I logged in as root and changed the entry in /etc/passwd from root to king. If you open a new shell now, you can see that it actually works .

P.S. - I was using Ubuntu and was stuck while trying to do the following using sudo. The issue is discussed later in the article. Here we’ll use a root shell instead.

[root]# vim /etc/passwd

king:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh

[root]# bash
[king]#

Please note that, I still haven’t changed the entry in /etc/shadow file. And since the mapping there takes place on the basis of name rather than UID, I won’t be able to login or change password until I change the username in it too.

[king]# vim /etc/shadow

king:$6$9LexhmcH$or8rH2znzybB4ewxLOLBpkPkwadVcW9SLGZd1OudUkUSA.8kOIlE91T3HJuKfc.Ndpj2rFrj3qEAa2lFbxM.A/:14967:0:99999:7:::
daemon:*:14889:0:99999:7:::
bin:*:14889:0:99999:7:::
sys:*:14889:0:99999:7:::

[king]#passwd
new passwd:
re-enter new passwd:

One more thing, we don’t have to change the /etc/group file. That’s because the primary group of every user is specified in the form of gid in the /etc/passwd file(the 4th field). And assuming that group information is stored and checked with id rather than name, it should be fair to leave it as it is.

[king]# id
uid=0(king)  gid=0(root)  groups=0(root)

Be careful while using sudo

If you noticed, I used the root prompt before making changes to the files - /etc/passwd and /etc/shadow. This simplified a lot of things. But they were pretty messy when I tried to do the same using sudo.

You will easily be able to change the entry in /etc/passwd file using it. But the next time you run sudo it’ll throw a nasty error.

[shredder12]$ sudo vim /etc/shadow
sudo: unknown user: root

I thought it might be because of a reference to the name “Root” in its configuration file, /etc/sudoers. I tried to fix it by changing the name to king, remember I am still logged in as root on another shell. But unfortunately, that didn’t work either.

[root]# visudo

# User privilege specification
king    ALL=(ALL) ALL

This is another problem I haven’t been able to solve. Once again, I'd really appreciate if someone could help me figure this out.

I hope this little adventure of mine helped you learn something new too. Seriously! Who says linux is boring? ;) Please do share some of your crazy stunts on Linux.

2 Comments

rgawenda (not verified)
March 2nd, 2011 03:41 am
You must keep your root user. You'll find many things breaking. Bad coded scripts are easily fixable, but if you aren't wiling to fix non scripts like sudo, better do it this other way: Dupilcate supersuser (usually first) line in passwd/shadow, and rename the upper/first one. Then you can try putting an appropiately invalid shell for real root. You'll see your new superuser name in id and file listings.
Joao Sena Ribeiro (not verified)
March 2nd, 2011 05:00 am
You should be using the vipw command to edit /etc/passwd, since it verifies the file syntax, just like visudo for /etc/sudoers.

Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <img> <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote> <h1> <h2> <h3> <h4> <h5> <h6> <p> <br>
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.
  • Image links with 'rel="lightbox"' in the <a> tag will appear in a Lightbox when clicked on.

More information about formatting options

Type the characters you see in this picture. (verify using audio)
Type the characters you see in the picture above; if you can't read them, submit the form and a new image will be generated. Not case sensitive.