Re: Multiple login accounts with root privileges

[Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>]

On 2008-04-07 ganesh mahadevan wrote:
> I was testing a thin client box and found that I could login as Root,
> Administrator and Admin (all with the same password).  whoami
> indicated 'root' in all three cases.  Is this some sort of aliasing
> going on? I may not be entirely correct on this but shouldn't the
> number of users with root privileges be restricted?

Advice #1: always post the operating system.

Since you mention "root" and "whoami" I'm assuming that you're talking
about some Unix flavour. In that case take a look at /etc/passwd and
/etc/shadow. You most likely find that you have multiple accounts with
UID 0 and the same password (hash). When you have more than one admin
for a Unix or Linux system it's rather common to have multiple accounts
with UID 0. In your case, however, it looks rather like you don't have
several users, but only several different account names for the same
role, which doesn't make much sense IMHO.

> What is your advice on this issue?

Find out why there the additional root accounts exist, and if there's no
reason for them to be there: delete them.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq