From owner-freebsd-questions@FreeBSD.ORG  Sat May 13 16:24:22 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7F9FE16A563
	for <freebsd-questions@freebsd.org>;
	Sat, 13 May 2006 16:24:22 +0000 (UTC) (envelope-from kdk@daleco.biz)
Received: from ezekiel.daleco.biz (southernuniform.com [66.76.92.18])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1677543D49
	for <freebsd-questions@freebsd.org>;
	Sat, 13 May 2006 16:24:21 +0000 (GMT) (envelope-from kdk@daleco.biz)
Received: from [192.168.2.2] ([69.27.149.254])
	by ezekiel.daleco.biz (8.13.4/8.13.1) with ESMTP id k4DGOFcH071662;
	Sat, 13 May 2006 11:24:16 -0500 (CDT) (envelope-from kdk@daleco.biz)
Message-ID: <4466082A.9090408@daleco.biz>
Date: Sat, 13 May 2006 11:24:10 -0500
From: Kevin Kinsey <kdk@daleco.biz>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US;
	rv:1.8.0.2) Gecko/20060509 SeaMonkey/1.0.1
MIME-Version: 1.0
To: maanjee@gmail.com
References: <OF24647A36.2E62108A-ON8025716D.0055DA65-8025716D.00573C11@nominet.org.uk>
In-Reply-To: <OF24647A36.2E62108A-ON8025716D.0055DA65-8025716D.00573C11@nominet.org.uk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org, John.Dickinson@nominet.org.uk
Subject: Re: Help: Unable to change to SU through SSH
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 13 May 2006 16:24:49 -0000

John.Dickinson@nominet.org.uk wrote:
> 
> I would recommend that you dont create an admin user. Create normal user 
> accounts named after the user who will be logging in. Add users who will 
> need to be able to do admin tasks to the wheel group. Then install sudo 
> and configure it to allow users in the wheel group to run commands as 
> root.
> 

The reason this is a Good Thing(tm):  a large number of "in the wild"
exploit scripts/bots/programs already attempt to use a "admin" username
in their attempts to break your security (also, 'root', 'administrator',
'webmaster', 'bob', 'joe', 'fred', 'test', etc.).

I've yet to see one that tries to log in as "manjee", though, unless
it has parsed the username as part of an e-mail address in a web site
or server error page.  In e-mail, "aliases" to actual user accounts
should rule the day.

Kevin Kinsey
-- 
It is through symbols that man consciously or unconsciously
lives, works and has his being.
		-- Thomas Carlyle