From owner-freebsd-stable Fri Sep 22 17:19:55 2000 Delivered-To: freebsd-stable@freebsd.org Received: from static.unixfreak.org (static.unixfreak.org [63.198.170.139]) by hub.freebsd.org (Postfix) with ESMTP id C8A2437B42C for ; Fri, 22 Sep 2000 17:19:48 -0700 (PDT) Received: by static.unixfreak.org (Postfix, from userid 1000) id CD93E1F20; Fri, 22 Sep 2000 17:19:47 -0700 (PDT) Subject: Re: Request for change to /etc/rc script In-Reply-To: <20000922094252.C66178@carroll.com> from Damien Tougas at "Sep 22, 2000 09:42:52 am" To: Damien Tougas Date: Fri, 22 Sep 2000 17:19:47 -0700 (PDT) Cc: Dima Dorfman , freebsd-stable@freebsd.org From: Dima Dorfman Reply-To: dima@unixfreak.org X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: <20000923001947.CD93E1F20@static.unixfreak.org> Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > On Thu, Sep 21, 2000 at 05:26:43PM -0700, Dima Dorfman wrote: > >How about leaving the 'root' entry in master.passwd intact (so you can > >still boot single user, etc.), and adding a 'toor' or 'nisroot' (call > >it whatever you want) user to the NIS maps. This way, your machine > >can function without an NIS server should the need arise, but you > >still have a global superuser account. You can even disable the local > >root account if you wish (use '*' in the password field). As Lyndon > >said, and I agree, "not having local entries for root and wheel is > >just asking for trouble." > > It's all about password management. I don't want to manually > distribute the master.passwd file to every workstation every time we > decide to change the password. You don't have to. You'd only have to do it once (ideally, you would've done this when you set them up). What you'd do is make a local entry for 'root' with '*' (disabled account) in the password field. Then, make a root-level account in your NIS master.passwd with a name *other than* 'root'. This way, your workstations have a local entry for 'root', 'wheel', etc., but you still have a global superuser account. You'll never need to touch the local master.passwd again since its only purpose is for the machine to be able to recognize the 'root' account without contacting a NIS server. Hope this helps -- Dima Dorfman Finger dima@unixfreak.org for my public PGP key. "He who laughs last obviously didn't get the joke." -- Bazooka Joe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message