How to manage your privileged (root) accounts?

All Unix-type operating systems including Linux and FreeBSD have a very simple user privilege model. There are two types of users, normal users with limited privileges and super users with full system privileges. The standard super user account is known as root.

The advantages of this model is that the super user can do anything permitted by the system without restriction. This makes it a very powerful account to administrate the system. However it also makes it a large sledge hammer to crack a normally small nut. With such power comes responsibility and mistakes made with the root account can be very costly. It is very simple to delete whole parts of a system, format disks, stop services and change important system configuration files with just a few cryptic commands. How to manage your privileged (root) accounts?

Similarly it is a single point of weakness and thus attack. Gain access to the super user privileged account and the whole system is open. When considering web security it is important to manage the super user account correctly to avoid the situation where a hacker gains control of that account and so gains control of the whole system.

Unix-like systems fall into two categories when dealing with privileged accounts. The first category allow the root user to authenticate and login to the system. After login a command shell can be started with full system privileges. A normal user can switch to the root account by issuing the su command and entering the root account’s password.

The other type of Unix-like system disables all direct access to the root account and instead use the sudo command to execute privileged commands. Only users listed in /etc/sudoers are allowed to use the sudo command. It also forces all privileged commands to begin with sudo and so underline the gravity of the command.

With a sudo system the authentication automatically expires after a short time. This means that if a user leaves a terminal after running commands with sudo, then authentication will only be valid for a short time. On a su system an open terminal is authenticate all the time the login is valid (which could be indefinitely).

Since the root account is well known and every system has one, then this is normally the first account a hacker will attempt to crack. To break your web server security using another account, the hacker has to first find a valid username before any brute force or dictionary based attacks can be started.

For su type systems it is important that root logins via ssh are disabled. This can be done adding the following entry to the /etc/ssh/sshd_config:

# Prevent root logins:

PermitRootLogin no

The OpenSSH server then needs to be restarted with the service sshd restart command.

For both su and sudo systems it is essential for web security that strong unguessable passwords are used, not just for the root account but also for normal users and web users:

  • All passwords should be at least eight characters long.
  • Include letters, punctuation, symbols, and numbers.
  • Don’t use single words, words spelled backwards, sequences or repeated characters. (eg. 12345678, 222222, abcdefg, or adjacent letters on your keyboard like qwerty) or any personal information like birthdays, or driver’s license numbers.

© 2011 – ArtSec Group LLC