Verify Only Root Has UID 0






If any account other than root has a UID of 0, this misconfiguration should be investigated and the accounts other than root should be removed or have their UID changed.

If the account is associated with system commands or applications the UID should be changed to one greater than “0” but less than “1000.” Otherwise assign a UID greater than “1000” that has not already been assigned.


An account has root authority if it has a UID of 0. Multiple accounts with a UID of 0 afford more opportunity for potential intruders to guess a password for a privileged account. Proper configuration of sudo is recommended to afford multiple system administrators access to root privileges in an accountable manner.


Shell script

The following script can be run on the host to remediate the issue.

awk -F: '$3 == 0 && $1 != "root" { print $1 }' /etc/passwd | xargs --no-run-if-empty --max-lines=1 passwd -l