Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 16 Aug 2004 11:15:30 -0400 (EDT)
From:      Jerry McAllister <jerrymc@clunix.cl.msu.edu>
To:        jacoulter@jacoulter.net (James A. Coulter)
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Security question - uids of 0
Message-ID:  <200408161515.i7GFFXC28813@clunix.cl.msu.edu>
In-Reply-To: <20040816145737.GA3924@sara.mshome.net> from "James A. Coulter" at Aug 16, 2004 09:57:37 AM
next in thread | previous in thread | raw e-mail | index | archive | help 
> 
> The following appeared in my latest daily security run output:
> 
> 	Checking for uids of 0:
> 	root 0
> 	toor 0
> 
> This is the first time I've seen this message.
> 
> I checked /etc/passwd and found this:
> 
> 	root:*:0:0:Charlie &:/root:/bin/csh
> 	toor:*:0:0:Bourne-again Superuser:/root:
> 
> I am running FreeBSD 4.10 as a gateway/router/firewall with IPFW for a small
> home LAN.  
> 
> I ran ps -aux and looked for any processes owned by "toor" but didn't find any.
> 
> Is this something to be concerned about?  

No.  It is normal.
It is one of the normal accounts put there in a standard install.
It is essentially a root account by another name.
Some things used to like to use it to own their installed stuff but
avoid using root directly.
I don't know if anything really does that any more.
I sometimes use it as a model pw entry when in vipw for
creating new accounts directly to help avoid missing a field.

> 
> Sorry if this is an obvious question, but I am still very much a newbie
> and trying to learn what I can about security.

This has been brought up and answered numerous times in the past.
You might try and search for information on toor account.  You 
should be able to find something.

////jerry

> 
> Thanks for your patience,
> 
> Jim
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200408161515.i7GFFXC28813>