From owner-freebsd-questions@FreeBSD.ORG Fri Jan 18 14:31:41 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 95C091CD for ; Fri, 18 Jan 2013 14:31:41 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx01.qsc.de (mx01.qsc.de [213.148.129.14]) by mx1.freebsd.org (Postfix) with ESMTP id 5B495B19 for ; Fri, 18 Jan 2013 14:31:41 +0000 (UTC) Received: from r56.edvax.de (port-92-195-45-17.dynamic.qsc.de [92.195.45.17]) by mx01.qsc.de (Postfix) with ESMTP id 9A4873CCBD; Fri, 18 Jan 2013 15:31:39 +0100 (CET) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id r0IEVgAq004858; Fri, 18 Jan 2013 15:31:42 +0100 (CET) (envelope-from freebsd@edvax.de) Date: Fri, 18 Jan 2013 15:31:42 +0100 From: Polytropon To: Albert Shih Subject: Re: Account only on the console Message-Id: <20130118153142.7fca3738.freebsd@edvax.de> In-Reply-To: <20130118141924.GA8029@pcjas.obspm.fr> References: <20130118141924.GA8029@pcjas.obspm.fr> Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: Polytropon List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jan 2013 14:31:41 -0000 On Fri, 18 Jan 2013 15:19:24 +0100, Albert Shih wrote: > Hi all, > > I would like to known how I can create a root-account (uid=0, login not=root) > but I want this account accessible only on the console. Not from ssh but > event not from su (other than root). Add a new account with UID 0 (comparable to "toor"). You can do this interactively with the "adduser" command. To prevent SSH login, use the "DenyUsers" keyword in /etc/ssh/sshd_config. Also make sure to put this account name into /etc/ftpusers in case you have FTP open. Regarding su, everyone who is in the "wheel" group _and_ knows the new account's password will be able to su; make sure the password is _not_ known to them. Users outside of "wheel" cannot su anyway. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...