From owner-freebsd-questions@FreeBSD.ORG Thu Oct 11 13:22:49 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1F37E16A419 for ; Thu, 11 Oct 2007 13:22:49 +0000 (UTC) (envelope-from freebsd-questions@slightlystrange.org) Received: from catflap.slightlystrange.org (cpc5-cmbg1-0-0-cust497.cmbg.cable.ntl.com [86.6.1.242]) by mx1.freebsd.org (Postfix) with ESMTP id A9C3813C44B for ; Thu, 11 Oct 2007 13:22:48 +0000 (UTC) (envelope-from freebsd-questions@slightlystrange.org) Received: by catflap.slightlystrange.org (Postfix, from userid 106) id 957E86195; Thu, 11 Oct 2007 14:22:47 +0100 (BST) Received: from brick.slightlystrange.org (brick.slightlystrange.org [10.1.3.48]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by catflap.slightlystrange.org (Postfix) with ESMTP id 11ADF6152 for ; Thu, 11 Oct 2007 14:22:47 +0100 (BST) Received: (from danielby@localhost) by brick.slightlystrange.org (8.13.4/8.13.4/Submit) id l9BDMjG5001554 for freebsd-questions@freebsd.org; Thu, 11 Oct 2007 14:22:45 +0100 (BST) (envelope-from freebsd-questions@slightlystrange.org) Date: Thu, 11 Oct 2007 14:22:45 +0100 From: Daniel Bye To: "freebsd-questions@freebsd.org" Message-ID: <20071011132245.GA1235@brick.slightlystrange.org> Mail-Followup-To: "freebsd-questions@freebsd.org" References: <470E0667.7080000@yahoo.com> <470E0A5E.4070901@pacific.net.sg> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Kj7319i9nmIyA2yE" Content-Disposition: inline In-Reply-To: <470E0A5E.4070901@pacific.net.sg> User-Agent: Mutt/1.4.2.3i X-PGP-Fingerprint: D349 B109 0EB8 2554 4D75 B79A 8B17 F97C 1622 166A Subject: Re: How to create a user account with the same permission as "root" ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Daniel Bye List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Oct 2007 13:22:49 -0000 --Kj7319i9nmIyA2yE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Oct 11, 2007 at 07:34:54PM +0800, Erich Dollansky wrote: > Hi, >=20 > FreeBSD is not Windows. >=20 > You cannot have another "root" in the system. Yeah, you can. It's just a really bad idea. root and toor both have UID and GID of 0 - giving them both superuser privileges. There is nothing to prevent you from adding as many more UID/GID 0 users as your madness compels you to. The only stricture is that they must all have different names. >=20 > What you can do is the creation of the group "wheel" and put "william"=20 > into this group. Group wheel already exists - it is root's (and toor's) primary group. William: log in as root and run this: # pw user mod -n william -G wheel william will now be a member of wheel, and able to su root. > Allow then all members of "wheel" to access the files needed by the=20 > group "wheel". This step shouldn't be necessary on a standard install, as membership of group wheel confers access rights to all files owned by wheel. > I would not do this as it creates many security wholes. Er..? It is a standard technique for allowing certain users to su root to perform system maintenance tasks. If I misunderstand your point, Erich, please do explain. > If you just want to do something as root without being root, use su. For which, in FreeBSD, you need to be a member of group wheel anyway... security/sudo doesn't have this prerequirement, and is a much more flexible tool. But, that flexibility comes with a cost - you must=20 configure it correctly, or you could end up shooting yourself in the foot. Dan >=20 > williamkow wrote: > >Finally, I manage to setup X.org and then KDE 3.5.4 running on FreeBSD= =20 > >6.2-Release. > >I created a user account named "william" and do not assign any group as= =20 > >I do not know what are the list of group name for me to select. To start= =20 > >KDE, i use command "kdm" but I can only logon using the newly created=20 > >user name "william", but it do not have same permission/access rights as= =20 > >"root" account. > >Please show on how to enable this user account, with the same permission= =20 > >as root ? > >Thank you. --=20 Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ --Kj7319i9nmIyA2yE Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFHDiOlixf5fBYiFmoRAnpqAKDFKdqvJI+L/H+G07Cojv9IBZN6fgCdHu1R SqLNO8rSCPU92k7U746FR0s= =2Z60 -----END PGP SIGNATURE----- --Kj7319i9nmIyA2yE--