Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 22 Sep 2000 17:19:47 -0700 (PDT)
From:      Dima Dorfman <dima@unixfreak.org>
To:        Damien Tougas <damien@carroll.com>
Cc:        Dima Dorfman <dima@unixfreak.org>, freebsd-stable@freebsd.org
Subject:   Re: Request for change to /etc/rc script
Message-ID:  <20000923001947.CD93E1F20@static.unixfreak.org>
In-Reply-To: <20000922094252.C66178@carroll.com> from Damien Tougas at "Sep 22, 2000 09:42:52 am"
next in thread | previous in thread | raw e-mail | index | archive | help 
> On Thu, Sep 21, 2000 at 05:26:43PM -0700, Dima Dorfman wrote:
> >How about leaving the 'root' entry in master.passwd intact (so you can
> >still boot single user, etc.), and adding a 'toor' or 'nisroot' (call
> >it whatever you want) user to the NIS maps.  This way, your machine
> >can function without an NIS server should the need arise, but you
> >still have a global superuser account.  You can even disable the local
> >root account if you wish (use '*' in the password field).  As Lyndon
> >said, and I agree, "not having local entries for root and wheel is
> >just asking for trouble."
> 
> It's all about password management. I don't want to manually
> distribute the master.passwd file to every workstation every time we
> decide to change the password.

You don't have to.  You'd only have to do it once (ideally, you
would've done this when you set them up).  What you'd do is make a
local entry for 'root' with '*' (disabled account) in the password
field.  Then, make a root-level account in your NIS master.passwd with
a name *other than* 'root'.  This way, your workstations have a local
entry for 'root', 'wheel', etc., but you still have a global superuser
account.  You'll never need to touch the local master.passwd again
since its only purpose is for the machine to be able to recognize the
'root' account without contacting a NIS server.

Hope this helps

-- 
Dima Dorfman <dima@unixfreak.org>
Finger dima@unixfreak.org for my public PGP key.

"He who laughs last obviously didn't get the joke."
	-- Bazooka Joe


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000923001947.CD93E1F20>