Date: Tue, 31 Oct 2000 04:04:27 -0600 (CST) From: Ryan Thompson <ryan@sasknow.com> To: Sean Kelly <smkelly@zombie.org> Cc: questions@FreeBSD.ORG Subject: Re: toor Message-ID: <Pine.BSF.4.21.0010310356130.14845-100000@ren.sasknow.com> In-Reply-To: <20001031012526.A12381@edgemaster.zombie.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Sean Kelly wrote to questions@FreeBSD.ORG: > I was talking with some people who were installing FreeBSD, and they were > instructed to remove the 'toor' entry in the password file. I was just > curious, what exactly is the point to having a 'toor' with uid 0? I remember somewhat of a religious war on this topic a month or two (or more) ago. Tread softly with this thread, my friend :-) I'll summarize. toor can be used to a) Provide an alternate account for root access under a different name. Actually, it doesn't have to be called toor. Toor is just root spelled backwards.. no-brainer, there... Most people recommend removing toor because not a lot of people use toor, and it just represents another (potential) point of access into the system. In other words, "don't enable what you don't use" paradigm. b) Provide the system administrator with a comfortable working environment (i.e., an alternate login shell). It is good to leave root's shell alone--i.e., leave it point to a shell in /bin/ such as sh, [t]csh, etc, so that it can be used in single user mode when other partitions (containing libraries that aren't statically linked, and other useful partitions, such as /usr) are not mounted. toor, on the other hand, can have any shell under the sun. Administrators who prefer, say, bash, over sh or csh can simply set toor's shell to /usr/bin/bash and use toor for all system admin duties in multi-user mode. Some would argue that you should use ``su -m'' from a regular user account instead of toor. This is debatable (and HAS been debated). If you want more information, I encourage you to search the mailing list archives for 'toor'. You'll find a lot of information. - Ryan -- Ryan Thompson <ryan@sasknow.com> Network Administrator, Accounts Phone: +1 (306) 664-1161 SaskNow Technologies http://www.sasknow.com #106-380 3120 8th St E Saskatoon, SK S7H 0W2 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0010310356130.14845-100000>