Date: Fri, 18 Jan 2013 15:31:42 +0100 From: Polytropon <freebsd@edvax.de> To: Albert Shih <Albert.Shih@obspm.fr> Cc: freebsd-questions@freebsd.org Subject: Re: Account only on the console Message-ID: <20130118153142.7fca3738.freebsd@edvax.de> In-Reply-To: <20130118141924.GA8029@pcjas.obspm.fr> References: <20130118141924.GA8029@pcjas.obspm.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 18 Jan 2013 15:19:24 +0100, Albert Shih wrote: > Hi all, > > I would like to known how I can create a root-account (uid=0, login not=root) > but I want this account accessible only on the console. Not from ssh but > event not from su (other than root). Add a new account with UID 0 (comparable to "toor"). You can do this interactively with the "adduser" command. To prevent SSH login, use the "DenyUsers" keyword in /etc/ssh/sshd_config. Also make sure to put this account name into /etc/ftpusers in case you have FTP open. Regarding su, everyone who is in the "wheel" group _and_ knows the new account's password will be able to su; make sure the password is _not_ known to them. Users outside of "wheel" cannot su anyway. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130118153142.7fca3738.freebsd>