Date: Wed, 25 Jul 2001 17:34:02 +0200 From: Christoph Sold <so@server.i-clue.de> To: dan@langille.org Cc: doc@FreeBSD.ORG Subject: Re: handbook: securing root and staff account Message-ID: <3B5EE6EA.95EABFE0@i-clue.de> References: <200107251353.f6PDrS428325@lists.unixathome.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Dan Langille wrote: > > Does anyone else think that this excerpt is not very clear? What is > trying to be said here? > > ### > One way to make root accessible is to add appropriate staff accounts to > the wheel group (in /etc/group). The staff members placed in the wheel > group are allowed to su to root. You should never give staff members > native wheel access by putting them in the wheel group in their > password entry. Staff accounts should be placed in a staff group, and > then added to the wheel group via the /etc/group file. Only those staff > members who actually need to have root access should be > placed in the wheel group. > ### > > There was some discussion about this. I suspect what is trying to be > said above is: > > Don't do this: > > mike:*:1009:0::0:0:Mike Rumsey:/home/mike:/usr/local/bin/bash > > i.e. group id =0 > > do this: > > mike:*:1009:1009::0:0:Mike Rumsey:/home/mike:/usr/local/bin/bash > > wheel:*:0:root,mike > > It has been said they are saying this: > > wheel:*:0:root,staff > staff:*:20:root,mike > > Comments? I interpret this plainly as mike:*:1009:1000:0::0:0:Mike Rumsey:/home/mike:/usr/local/bin/bash me:*:1010:1000:0::0:0:Sysop Dummy:/home/me:/bin/sh wheel:*:0:mike,me staff:*:1000: Anyhow, both things will have their benefits. Just my EUR.02 -Christoph Sold To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B5EE6EA.95EABFE0>