From owner-freebsd-questions@FreeBSD.ORG Tue May 6 06:10:50 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A027E106566B for ; Tue, 6 May 2008 06:10:50 +0000 (UTC) (envelope-from jonathan+freebsd-questions@hst.org.za) Received: from hermes.hst.org.za (onix.hst.org.za [209.203.2.133]) by mx1.freebsd.org (Postfix) with ESMTP id BEB8D8FC1F for ; Tue, 6 May 2008 06:10:48 +0000 (UTC) (envelope-from jonathan+freebsd-questions@hst.org.za) Received: from sysadmin.hst.org.za (sysadmin.int.dbn.hst.org.za [10.1.1.20]) (authenticated bits=0) by hermes.hst.org.za (8.13.8/8.13.8) with ESMTP id m4669QgR007522 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for ; Tue, 6 May 2008 08:09:27 +0200 (SAST) (envelope-from jonathan+freebsd-questions@hst.org.za) From: Jonathan McKeown Organization: Health Systems Trust To: freebsd-questions@freebsd.org Date: Tue, 6 May 2008 08:12:54 +0200 User-Agent: KMail/1.7.2 References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200805060812.55271.jonathan+freebsd-questions@hst.org.za> X-Spam-Score: -4.369 () ALL_TRUSTED,AWL,BAYES_00 X-Scanned-By: MIMEDefang 2.61 on 209.203.2.133 Subject: Re: Question about a recent installation X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 May 2008 06:10:50 -0000 On Tuesday 06 May 2008 00:08, Mario Vazquez wrote: > I have been using different Linux distributions for some years, and decided > to give FreeBSD a try. The install was successful, but have a question > about how the root account is made. Found that the root folder was created > with the user/group privileges root:wheel. Is not that a kind of security > risk? I know that usually only the account used by the administrator is > the one, in addition to root, that belongs to the wheel group. But also I > know that sometimes admins get lazy and give for limited time extra > privileges just to allow someone to do something, and that's where the > danger can come. Btw, that's just my opinion. Not sure why it would be a security risk. wheel is the group for people who are allowed to su to root, so you should probably expect members of group wheel to have (or be able to get) root privs anyway. I'm not sure whether by ``root folder'' you mean / or /root , but in either case the wheel group doesn't have write access, at least on my system,and root's umask is 022, so created files aren't writable by members of wheel either. Lazy admins, of course, are a security risk. No-one should ever be given more privileges than they need, and as others have pointed out, sudo is a good answer to this problem. (In fact the first four ports that go on every box I set up, before I even think about what the box is for, are www/lynx, sysutils/screen, ports-mgmt/portupgrade and security/sudo ). Jonathan