Date: Thu, 11 Oct 2007 14:22:45 +0100 From: Daniel Bye <freebsd-questions@slightlystrange.org> To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: How to create a user account with the same permission as "root" ? Message-ID: <20071011132245.GA1235@brick.slightlystrange.org> In-Reply-To: <470E0A5E.4070901@pacific.net.sg> References: <470E0667.7080000@yahoo.com> <470E0A5E.4070901@pacific.net.sg>
next in thread | previous in thread | raw e-mail | index | archive | help
--Kj7319i9nmIyA2yE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Oct 11, 2007 at 07:34:54PM +0800, Erich Dollansky wrote: > Hi, >=20 > FreeBSD is not Windows. >=20 > You cannot have another "root" in the system. Yeah, you can. It's just a really bad idea. root and toor both have UID and GID of 0 - giving them both superuser privileges. There is nothing to prevent you from adding as many more UID/GID 0 users as your madness compels you to. The only stricture is that they must all have different names. >=20 > What you can do is the creation of the group "wheel" and put "william"=20 > into this group. Group wheel already exists - it is root's (and toor's) primary group. William: log in as root and run this: # pw user mod -n william -G wheel william will now be a member of wheel, and able to su root. > Allow then all members of "wheel" to access the files needed by the=20 > group "wheel". This step shouldn't be necessary on a standard install, as membership of group wheel confers access rights to all files owned by wheel. > I would not do this as it creates many security wholes. Er..? It is a standard technique for allowing certain users to su root to perform system maintenance tasks. If I misunderstand your point, Erich, please do explain. > If you just want to do something as root without being root, use su. For which, in FreeBSD, you need to be a member of group wheel anyway... security/sudo doesn't have this prerequirement, and is a much more flexible tool. But, that flexibility comes with a cost - you must=20 configure it correctly, or you could end up shooting yourself in the foot. Dan >=20 > williamkow wrote: > >Finally, I manage to setup X.org and then KDE 3.5.4 running on FreeBSD= =20 > >6.2-Release. > >I created a user account named "william" and do not assign any group as= =20 > >I do not know what are the list of group name for me to select. To start= =20 > >KDE, i use command "kdm" but I can only logon using the newly created=20 > >user name "william", but it do not have same permission/access rights as= =20 > >"root" account. > >Please show on how to enable this user account, with the same permission= =20 > >as root ? > >Thank you. --=20 Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ --Kj7319i9nmIyA2yE Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFHDiOlixf5fBYiFmoRAnpqAKDFKdqvJI+L/H+G07Cojv9IBZN6fgCdHu1R SqLNO8rSCPU92k7U746FR0s= =2Z60 -----END PGP SIGNATURE----- --Kj7319i9nmIyA2yE--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071011132245.GA1235>