Date: Sun, 10 Dec 2000 08:40:11 -0500 From: Bill Vermillion <bill@bilver.wjv.com> To: freebsd-security@freebsd.org Subject: Re: security-digest V4 #824 Message-ID: <20001210084011.B27198@wjv.com> In-Reply-To: <bulk.90008.20001209233608@hub.freebsd.org>; from owner-freebsd-security-digest@FreeBSD.ORG on Sat, Dec 09, 2000 at 11:36:08PM -0800 References: <bulk.90008.20001209233608@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Dec 09, 2000 at 11:36:08PM -0800, security-digest thus spoke: > ------------------------------ > Date: Fri, 8 Dec 2000 10:04:51 -0500 (Eastern Standard Time) > From: Forrest Houston <fhouston@east.isi.edu> > Subject: RE: toor account > Personally I've found the toor account helpful on "shared" > machines. So if there a group that has primary sysadmin > responsibility for the machine they get the root password. > However as the network admin there might be times things need to > change/fix something so the netadmin has the toor password. That > way each group can use their own password schemes, which will also > hopefully eliminate the need for password lists. I'd say that buys you absolutely nothing except a false sense of security. The user ID and group ID of root and toor are identical. Same account with two names. All anyone with the toor account has to do is type passwd toor and they can change it. Really only good - in my view [which may be a very limited view] for something that needs to be run under Bourne shell syntax instead of csh without spawning a new shell. Since I'm an Bourne shell user from systems of long ago that had no c-shell for them, I used the Korn shell for root. -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001210084011.B27198>