is it possible to delete root account?

is it possible to delete root account on a freebsd system?

I have this virtual machine with freebsd on it. We can't su to it but we can login with out user account. as I was looking around. I notice that history is missing

/etc/passwd contain 3 user account, 2 user created by us and another account called toor and the rest of the default account is gone as well and also /bin/su is gone.

that is why I'm asking is it possible to delete root account?

we tried to login as root and no we cant. saying about authentication error.
 
It might be possible, but I doubt the system would be usable afterwards. I think what you really want to do is reset the root password. Do you have access to the console? If so, you can boot into single user mode and reset the password for root. Step-by-step instructions at the end of this page:
 
It might be possible, but I doubt the system would be usable afterwards. I think what you really want to do is reset the root password. Do you have access to the console? If so, you can boot into single user mode and reset the password for root. Step-by-step instructions at the end of this page:
Hi thx for the reply. I actually did that as well. but I wasn't able to change its password, it really seems that the root account is gone. I can change the password of the 3 user on my /etc/passwd but not the root, I did this with single user mode.
 
/bin/su isn't gone - it never existed. But /usr/bin/su should exist. Also note that a default user cannot su to root - only users of the group "wheel" are allowed to switch to root.
oh I see, so that is never gone.

and yes I understand that a regular user should be on wheel and yes 2 of the account that I created is part of wheel. the thing is we are able to use us before without any problem and then after we logout and tried to log in again after 2 hrs we cant su any more.
 
toor is a recovery account - it’s root backwards. Not sure how it is used
passwd toor to set a password, then it can be used.

A common usage scenario of having two superuser accounts is that one can use a non-base shell without risk to get locked out of the system, as long as the other still uses a shell from base.

In fact, it's not really a second account (same uid 0), but just a second configuration (name, password, shell, ...) of the same account.
 
is it possible to delete root account on a freebsd system?

I have this virtual machine with freebsd on it. We can't su to it but we can login with out user account. as I was looking around. I notice that history is missing

/etc/passwd contain 3 user account, 2 user created by us and another account called toor and the rest of the default account is gone as well and also /bin/su is gone.

that is why I'm asking is it possible to delete root account?

we tried to login as root and no we cant. saying about authentication error.
Which FreeBSD version are you using?
 
The “toor” accounts exists purely for historic reasons. In my opinion it should be removed, bu that would probably hurt the feelings of BSD oldtimers.

Actually, the reason why the toor account was created is because – in ancient times – some admins preferred the bourne shell, while the C shell was the default login shell for the root account. So the toor account was created, with the bourne shell as its login shell. This is (was) the only difference; both root and toor have the UID 0, so they both have the same privileges.

Today, the login shell of the root (and toor) account is rather meaningless, because you should never log in as root directly. You can safely set root’s login shell to /usr/sbin/nologin and disable the password (set it to “*”), unless you have set the console to “insecure” in /etc/ttys (in this case you need the root password for single-user mode). If you need root privileges, use sudo(1), super(1) or a similar security tool, or open a root shell with “su -m”. If you need to recover in emergency situations, boot in single user mode – In this case, init(8) will ask you for the shell (the default here is /bin/sh). The login shell setting in /etc/passwd is ignored.

Removing the root account completely is probably not a good idea, because it would break all kinds of things. It might be possible to remove it from certain jails, provided that there are no scripts and other things inside the jail that expect a user “root” to be present. Note that, even if you remove the root account, there still can be processes running with root privileges (i.e. with UID 0) and files belonging to UID 0. You just can’t resolve the relationship between name “root” and UID 0 anymore. Although, there might be programs that have root = UID 0 hardcoded so they recognize it even if you remove the account.
 
Which FreeBSD version are you using?
freebsd 13

I also have no plan on deleting the root, I was surprised that when we login to that vps we can't su anymore, we normally can su after logging in to a user account. and even running the command history is no longer available to us. I ask this question if it is possible and it looks like it is possible. because we can't login to the root account anymore, even doing it with single-user mode. we end up with toor account and not root anymore. So yeah I end up setting up a password for toor so we can used it and investigate what happen. we are thinking that the vps is possibly got hacked.
 
anymore, we normally can su after logging in to a user account. and even running the command history is no longer available to us. I ask this question if it is possible and it looks like it is possible. because we can't login to the root account anymore, even doing it with single-user mode. we end up with toor account and not root anymore. So yeah I end up setting up a password for toor so we can used it and investigate what happen. we are thinking that the
And check grep wheel /etc/group to see if your user is in the wheel group.
 
freebsd 13

I also have no plan on deleting the root, I was surprised that when we login to that vps we can't su anymore, we normally can su after logging in to a user account. and even running the command history is no longer available to us. I ask this question if it is possible and it looks like it is possible. because we can't login to the root account anymore, even doing it with single-user mode. we end up with toor account and not root anymore. So yeah I end up setting up a password for toor so we can used it and investigate what happen. we are thinking that the vps is possibly got hacked.
Well the best way to fix something happens to vm or pc is re-installing OS but I see you guys using VPS so maybe you can want your VPS providers to reset it and if you have some important files in it they can resque them on runtime if encrypted or at runtime or closed if not encrypted. Whatever, Im not sure there is hackers hacking that perfect and then removing important things. Do you guys were set up a great ssh password? Great other passwords? They can crack with brute force attack very easly... And If its hacked, they could change the SSH and that kinda passwords too. su and sudo works if your user account added to wheel gourp. You can try to boot your system on single user mode if VPS providers letting something like that for securing your data ans adding user to wheel if not.

Or if you wanna play this game crazy you can wait for local root exploits on FreeBSD 13. They already found some exploits for FreeBSD 12.1. People trying to exploit FreeBSD for Netflix and PlayStations. They both using FreeBSD.

You can mount your driver on single user mode. You can use take a loot at this thread for adding wheel group with a sheel on root permissions:

At the end:
-> Make sure your user account added to wheel group on setup.
-> if you have data to recover try to boot on single user mode. It must stop SSH but it opens a shell and lets to change any root and normal file.
-> if you have data to recover contact your VPS provider or wait for root exploits.
-> if you dont have data to recover contact your VPS providers for formating your pc or do it yourself if VPS provider gives an admin panel to do something like that.

Good luck
 
even doing it with single-user mode. we end up with toor account and not root anymore..
So it looks like user 0 exists but there's nothing linking it to a username of 'root'.

Try grep root /etc/passwd /etc/master.passwd to check that the entries for root are correct. If they look OK run /usr/sbin/pwd_mkdb -p /etc/master.passwd to recreate the password database in case it has been corrupted.

If that doesn't fix the problem try /usr/sbin/vipw to correct or add the details for root.
 
Back
Top