From owner-freebsd-security Sun Dec 10 5:43: 5 2000 From owner-freebsd-security@FreeBSD.ORG Sun Dec 10 05:43:03 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from bilver.wjv.com (dhcp-1-213.n01.orldfl01.us.ra.verio.net [157.238.210.213]) by hub.freebsd.org (Postfix) with ESMTP id CD14237B401 for ; Sun, 10 Dec 2000 05:43:01 -0800 (PST) Received: (from bill@localhost) by bilver.wjv.com (8.9.3/8.9.3) id IAA27414 for freebsd-security@freebsd.org; Sun, 10 Dec 2000 08:40:19 -0500 (EST) (envelope-from bill) Date: Sun, 10 Dec 2000 08:40:11 -0500 From: Bill Vermillion To: freebsd-security@freebsd.org Subject: Re: security-digest V4 #824 Message-ID: <20001210084011.B27198@wjv.com> Reply-To: bv@bilver.wjv.com References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from owner-freebsd-security-digest@FreeBSD.ORG on Sat, Dec 09, 2000 at 11:36:08PM -0800 Organization: W.J.Vermillion / Orlando - Winter Park Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Dec 09, 2000 at 11:36:08PM -0800, security-digest thus spoke: > ------------------------------ > Date: Fri, 8 Dec 2000 10:04:51 -0500 (Eastern Standard Time) > From: Forrest Houston > Subject: RE: toor account > Personally I've found the toor account helpful on "shared" > machines. So if there a group that has primary sysadmin > responsibility for the machine they get the root password. > However as the network admin there might be times things need to > change/fix something so the netadmin has the toor password. That > way each group can use their own password schemes, which will also > hopefully eliminate the need for password lists. I'd say that buys you absolutely nothing except a false sense of security. The user ID and group ID of root and toor are identical. Same account with two names. All anyone with the toor account has to do is type passwd toor and they can change it. Really only good - in my view [which may be a very limited view] for something that needs to be run under Bourne shell syntax instead of csh without spawning a new shell. Since I'm an Bourne shell user from systems of long ago that had no c-shell for them, I used the Korn shell for root. -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message