From owner-freebsd-questions@FreeBSD.ORG Thu Apr 17 14:59:10 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8C8E937B401 for ; Thu, 17 Apr 2003 14:59:10 -0700 (PDT) Received: from server1.manmail.norlight.net (server1.manmail.norlight.net [207.170.4.2]) by mx1.FreeBSD.org (Postfix) with SMTP id 8F2D743F85 for ; Thu, 17 Apr 2003 14:59:09 -0700 (PDT) (envelope-from hyun@staff.norlight.net) Received: (qmail 16446 invoked from network); 17 Apr 2003 21:59:06 -0000 Received: from icarus.norlight.net (HELO hyun) (216.183.253.3) by server1.manmail.norlight.net with SMTP; 17 Apr 2003 21:59:06 -0000 From: "Hyunseog Ryu @ Norlight" To: "'Brent Bailey'" , Date: Thu, 17 Apr 2003 16:59:01 -0500 Organization: Norlight Telecommunications, Inc. Message-ID: <007401c3052c$8de857a0$1501a8c0@hyun> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4510 Importance: Normal In-Reply-To: <1737.66.63.99.171.1050608708.squirrel@bmyster.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Subject: RE: user toor ??? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Apr 2003 21:59:10 -0000 I guess it depends on your situation. "toor" user can be used for back-door or bourne-shell access to the = system by system administrator. Normally script kiddy who doesn't know much about UNIX will just = concerned about "root" account, and he might do something with "root" account = only.=20 In that case, "toor" user account can be used to break into system and change the system back to original configuration by system = administrator.=20 Or in case of forgetting the password. ^.^ Remember, security is not fixed system. It is dynamic with company and user requirement. Sometimes how you are doing is more important than what you have in = place. Everything has pros and cons.=20 So if you use wisely, and keep the system tighten, it's good for = security. But it might cause inconvenience, and user doesn't follow the rule essentially.=20 That's something you think about, too. For an example, you implement different difficult password rule for = every system, then some user might stick with post-it to remember the username/password. ^.^ Post-it with password will be good for security? ^.^ Let's think about that. ^.^ Hyun =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D Hyunseog Ryu=20 Senior Network Engineer, Applications Engineering Norlight Telecommunications 275 North Corporate Drive Brookfield, WI 53045 U.S.A. phone: +1-262-792-7965 fax: +1-262-792-7733 e-mail: hryu@norlight.com or hyun@staff.norlight.net -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Brent Bailey Sent: Thursday, April 17, 2003 2:45 PM To: freebsd-questions@FreeBSD.ORG Subject: user toor ??? Can anyone tell me what function does the user "toor" that is put in by default by FBSD install do ? im told its a security risk ...but unsure what it does ?? thanx B _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org"