From owner-freebsd-questions@FreeBSD.ORG Mon Aug 16 15:15:42 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0B9A716A4CE for ; Mon, 16 Aug 2004 15:15:42 +0000 (GMT) Received: from clunix.cl.msu.edu (clunix.cl.msu.edu [35.9.2.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 86C6C43D1F for ; Mon, 16 Aug 2004 15:15:41 +0000 (GMT) (envelope-from jerrymc@clunix.cl.msu.edu) Received: (from jerrymc@localhost) by clunix.cl.msu.edu (8.11.7p1+Sun/8.11.7) id i7GFFXC28813; Mon, 16 Aug 2004 11:15:33 -0400 (EDT) From: Jerry McAllister Message-Id: <200408161515.i7GFFXC28813@clunix.cl.msu.edu> To: jacoulter@jacoulter.net (James A. Coulter) Date: Mon, 16 Aug 2004 11:15:30 -0400 (EDT) In-Reply-To: <20040816145737.GA3924@sara.mshome.net> from "James A. Coulter" at Aug 16, 2004 09:57:37 AM X-Mailer: ELM [version 2.5 PL2] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: jacoulter@jacoulter.net cc: freebsd-questions@freebsd.org Subject: Re: Security question - uids of 0 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Aug 2004 15:15:42 -0000 > > The following appeared in my latest daily security run output: > > Checking for uids of 0: > root 0 > toor 0 > > This is the first time I've seen this message. > > I checked /etc/passwd and found this: > > root:*:0:0:Charlie &:/root:/bin/csh > toor:*:0:0:Bourne-again Superuser:/root: > > I am running FreeBSD 4.10 as a gateway/router/firewall with IPFW for a small > home LAN. > > I ran ps -aux and looked for any processes owned by "toor" but didn't find any. > > Is this something to be concerned about? No. It is normal. It is one of the normal accounts put there in a standard install. It is essentially a root account by another name. Some things used to like to use it to own their installed stuff but avoid using root directly. I don't know if anything really does that any more. I sometimes use it as a model pw entry when in vipw for creating new accounts directly to help avoid missing a field. > > Sorry if this is an obvious question, but I am still very much a newbie > and trying to learn what I can about security. This has been brought up and answered numerous times in the past. You might try and search for information on toor account. You should be able to find something. ////jerry > > Thanks for your patience, > > Jim > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >