Date: Wed, 25 Jul 2001 09:53:26 -0400 From: "Dan Langille" <dan@langille.org> To: doc@freebsd.org Subject: handbook: securing root and staff account Message-ID: <200107251353.f6PDrS428325@lists.unixathome.org>
next in thread | raw e-mail | index | archive | help
Does anyone else think that this excerpt is not very clear? What is trying to be said here? ### One way to make root accessible is to add appropriate staff accounts to the wheel group (in /etc/group). The staff members placed in the wheel group are allowed to su to root. You should never give staff members native wheel access by putting them in the wheel group in their password entry. Staff accounts should be placed in a staff group, and then added to the wheel group via the /etc/group file. Only those staff members who actually need to have root access should be placed in the wheel group. ### There was some discussion about this. I suspect what is trying to be said above is: Don't do this: mike:*:1009:0::0:0:Mike Rumsey:/home/mike:/usr/local/bin/bash i.e. group id =0 do this: mike:*:1009:1009::0:0:Mike Rumsey:/home/mike:/usr/local/bin/bash wheel:*:0:root,mike It has been said they are saying this: wheel:*:0:root,staff staff:*:20:root,mike Comments? -- Dan Langille pgpkey - finger dan@unixathome.org | http://unixathome.org/finger.php To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107251353.f6PDrS428325>