From owner-freebsd-security Tue Jan 23 13:35: 9 2001 Delivered-To: freebsd-security@freebsd.org Received: from hex.databits.net (hex.databits.net [207.29.192.16]) by hub.freebsd.org (Postfix) with SMTP id 37C3037B69E for ; Tue, 23 Jan 2001 13:34:49 -0800 (PST) Received: (qmail 89604 invoked by uid 1001); 23 Jan 2001 21:36:05 -0000 Date: Tue, 23 Jan 2001 16:36:05 -0500 From: Pete Fritchman To: Guillermo Leandro Cc: freebsd-security@FreeBSD.org Subject: Re: Default users and the passwords Message-ID: <20010123163605.A89275@databits.net> References: <01012315244000.00612@aristoteles.local.galileo.or.cr> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <01012315244000.00612@aristoteles.local.galileo.or.cr>; from guille@galileo.or.cr on Tue, Jan 23, 2001 at 03:24:40PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org [ removed -hackers ] ++ 23/01/01 15:24 -0600 - Guillermo Leandro: >Hi everybody! > >FreeBSD, like almost all Unix OS, has other default users, like uucp, >operator, etc. Since this users cames with the FreeBSD distribution, where >can I find their passwords? As root, 'less /etc/master.passwd' (note - you should not edit this file directly, see the vipw(8) utility). Their password is '*' by default, which translates to being locked (ie: no crypt()'d password will EVER be a '*'). > >Another thing, why is there another uid 0 called toor? Isn't it a potential >security hole? No. Like the other default users, the 'toor' account is locked by default. IIRC, the purpose of toor is to have a different shell for root (ie: zsh, bash, etc). It's probably a bad idea to change root's shell unless you know what you are doing (you don't want to lock yourself out by accidentally specifying a wrong shell). I guess it's really not important anymore since you can specify a shell for single user mode, but it used to be a good idea to have root's shell statically compiled (in case you need to be root in single user, and /usr is on another partition that's not mounted, etc). So - if you prefer another shell, 'chsh -s /path/to/new/shell toor' and 'passwd toor'. It should probably be a different password than root, just for security's sake. Good luck. -pete > >Thank very much. >-- >Guillermo Leandro, FUNDACIÓN GALILEO >Correo electrónico: guille@galileo.or.cr >Sitio: http://www.galileo.or.cr >Tel. (506) 280 8683, telefax. (506) 280 8847 >[...] -- Pete Fritchman Databits Network Services, Inc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message