Date: Tue, 6 May 2008 13:05:06 -0400 (EDT) From: doug@safeport.com To: Mario Vazquez <mario_vazq@hotmail.com> Cc: freebsd-questions@FreeBSD.ORG Subject: RE: Question about a recent installation Message-ID: <20080506124939.N32039@pemaquid.safeport.com> In-Reply-To: <BAY116-W55910511180229E986D422F4D70@phx.gbl> References: <BAY116-W8C33EA1DE2EC5FB344BDDF4D70@phx.gbl> <20080505191223.U24925@fledge.watson.org> <BAY116-W55910511180229E986D422F4D70@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help
>> On Mon, 5 May 2008, Mario Vazquez wrote: >> >>> >>> I have been using different Linux distributions for some years, and decided to >>> give FreeBSD a try. The install was successful, but have a question about how >>> the root account is made. Found that the root folder was created with the >>> user/group privileges root:wheel. Is not that a kind of security risk? I >>> know that usually only the account used by the administrator is the one, in >>> addition to root, that belongs to the wheel group. But also I know that >>> sometimes admins get lazy and give for limited time extra privileges just to >>> allow someone to do something, and that's where the danger can come. Btw, >>> that's just my opinion. >>> _________________________________________________________________ >> >> To give limited priviledges I think sudo (as in linux??) would be used. >> If that does not provide enough security then kerberos could be used. >> >> In general I don't see how you main concern is unique to FreeBSD. >> >> DougD > > _________________________________________________________________ > Make Windows Vista more reliable and secure with Windows Vista Service Pack 1. > http://www.windowsvista.com/SP1?WT.mc_id=hotmailvistasp1banner > > yeah, sudo is. I don't have any issue in terms of functionality. But the > doubt I have is if having the root folder created with ownership root:wheel > can become a security issue or not. Also would like to know if there is no > problem changing my root folder ownership to root:root (which will require a > root group btw). Please do not top post. There is no reason for a root group. I think best practice is to have each admin keep their data in their accounts which are either allocated as name:wheel or they are defined as being in the wheel group. I do not know if sudo requires wheel membership. I do not understand the need for a root group. I think security liabilities from having a wheel group have long been worked out. What do you see as a problem? Is BSD different from linux in this regard? perhaps the latter question is an off-list topic. _____ Douglas Denault http://www.safeport.com doug@safeport.com Voice: 301-469-8766 Fax: 301-469-0601
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080506124939.N32039>