Date: Fri, 2 Nov 2001 03:11:15 -0600 From: Mike Meyer <mwm@mired.org> To: "Anthony Atkielski" <anthony@atkielski.com> Cc: <questions@FreeBSD.ORG> Subject: Re: Lockdown of FreeBSD machine directly on Net Message-ID: <15330.25395.443874.862944@guru.mired.org> In-Reply-To: <00d801c1637c$d3264640$0a00000a@atkielski.com> References: <15330.23714.263323.466739@guru.mired.org> <00b501c1637b$1cd2f880$0a00000a@atkielski.com> <20011102095554.A38169@student.uu.se> <00d801c1637c$d3264640$0a00000a@atkielski.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Anthony Atkielski <anthony@atkielski.com> types: > > This requires that the user you login as is > > in the 'wheel' group. > And if I add that user to wheel, does that open up any other holes? Doesn't > wheel have a lot of permissions on a lot of files? It shouldn't. First, the only reason to put someone in group wheel is to give them root access, which makes the point moot anyway. Second, a lot of files belong to group wheel, the group privileges on them are the same as for other users. Doing otherwise is a bad security practice, as it means that someone who breaks into a wheel account can change them without having to know the root password. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Q: How do you make the gods laugh? A: Tell them your plans. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15330.25395.443874.862944>