Date: Fri, 12 Oct 2007 11:07:09 -0400 From: Jerry McAllister <jerrymc@msu.edu> To: Erich Dollansky <oceanare@pacific.net.sg> Cc: Jerry McAllister <jerrymc@msu.edu>, "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: How to create a user account with the same permission as "root" ? Message-ID: <20071012150709.GA27610@gizmo.acns.msu.edu> In-Reply-To: <470EBBCC.1030205@pacific.net.sg> References: <470E0667.7080000@yahoo.com> <470E0A5E.4070901@pacific.net.sg> <20071011150834.GD22422@gizmo.acns.msu.edu> <470EBBCC.1030205@pacific.net.sg>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Oct 12, 2007 at 08:11:56AM +0800, Erich Dollansky wrote: > Hi, > > Jerry McAllister wrote: > >On Thu, Oct 11, 2007 at 07:34:54PM +0800, Erich Dollansky wrote: > > > >>FreeBSD is not Windows. > > > >True statement - thank heaven. > > > >>You cannot have another "root" in the system. > > > >Unless I misunderstand what you are saying, this is NOT a true statement. > >You can create as many ids with a '0' UID as you want. It may not be > > But they are the same as it is still the same UID. Under WIndows, you > can create as many 'root' accounts you want. I think you misunderstand what is being said. An account with a UID of 0 in UNIX is root for all practical purposed. The only difference is that it has a different name and it can have a different home directory if you want to keep them separate - but you don't have to. To repeat, any account with a UID of 0 is root. It does not depend on the name of the account, but the UID. You can call the account anything and if its UID is 0, then it is root. UID (User ID) refers to the number that the system uses internally to identify the account and its priviledges. To be really complete, make it have a GID (Group ID) of 0 which is the 'wheel' group in FreeBSD. Some UNIXes make wheel be 10, but FreeBSD follows the original standard of it being 0. > > root is special. Yes, because it has a UID of 0. > >> > >>Allow then all members of "wheel" to access the files needed by the > >>group "wheel". > > > >Not the best idea. > > > Really not. But at least better than to work as root. What you left out is the better way of doing it and that is to leave the file GID be whatever it naturally should be. Then use su to set your effective UID to 0 - eg give yourself root priviledge and then work with the files. Don't set a lot of files to wheel GID and then give a lot of people wheel GID, because that will make it possible for all of them to become root and do more than just muck with those files. ////jerry > > >>I would not do this as it creates many security wholes. > >> > Erich
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071012150709.GA27610>