Date: Thu, 11 Oct 2007 14:22:45 +0100 From: Daniel Bye <freebsd-questions@slightlystrange.org> To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: How to create a user account with the same permission as "root" ? Message-ID: <20071011132245.GA1235@brick.slightlystrange.org> In-Reply-To: <470E0A5E.4070901@pacific.net.sg> References: <470E0667.7080000@yahoo.com> <470E0A5E.4070901@pacific.net.sg>
next in thread | previous in thread | raw e-mail | index | archive | help
--Kj7319i9nmIyA2yE
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Oct 11, 2007 at 07:34:54PM +0800, Erich Dollansky wrote:
> Hi,
>=20
> FreeBSD is not Windows.
>=20
> You cannot have another "root" in the system.
Yeah, you can. It's just a really bad idea. root and toor both have UID
and GID of 0 - giving them both superuser privileges. There is nothing
to prevent you from adding as many more UID/GID 0 users as your madness
compels you to. The only stricture is that they must all have different
names.
>=20
> What you can do is the creation of the group "wheel" and put "william"=20
> into this group.
Group wheel already exists - it is root's (and toor's) primary group.
William: log in as root and run this:
# pw user mod -n william -G wheel
william will now be a member of wheel, and able to su root.
> Allow then all members of "wheel" to access the files needed by the=20
> group "wheel".
This step shouldn't be necessary on a standard install, as membership
of group wheel confers access rights to all files owned by wheel.
> I would not do this as it creates many security wholes.
Er..? It is a standard technique for allowing certain users to su root
to perform system maintenance tasks. If I misunderstand your point,
Erich, please do explain.
> If you just want to do something as root without being root, use su.
For which, in FreeBSD, you need to be a member of group wheel anyway...
security/sudo doesn't have this prerequirement, and is a much more
flexible tool. But, that flexibility comes with a cost - you must=20
configure it correctly, or you could end up shooting yourself in the
foot.
Dan
>=20
> williamkow wrote:
> >Finally, I manage to setup X.org and then KDE 3.5.4 running on FreeBSD=
=20
> >6.2-Release.
> >I created a user account named "william" and do not assign any group as=
=20
> >I do not know what are the list of group name for me to select. To start=
=20
> >KDE, i use command "kdm" but I can only logon using the newly created=20
> >user name "william", but it do not have same permission/access rights as=
=20
> >"root" account.
> >Please show on how to enable this user account, with the same permission=
=20
> >as root ?
> >Thank you.
--=20
Daniel Bye
_
ASCII ribbon campaign ( )
- against HTML, vCards and X
- proprietary attachments in e-mail / \
--Kj7319i9nmIyA2yE
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)
iD8DBQFHDiOlixf5fBYiFmoRAnpqAKDFKdqvJI+L/H+G07Cojv9IBZN6fgCdHu1R
SqLNO8rSCPU92k7U746FR0s=
=2Z60
-----END PGP SIGNATURE-----
--Kj7319i9nmIyA2yE--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071011132245.GA1235>