From owner-freebsd-security@FreeBSD.ORG Fri Jul 9 16:55:40 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 823D516A4CE for ; Fri, 9 Jul 2004 16:55:40 +0000 (GMT) Received: from mx5.roble.com (mx5.roble.com [206.40.34.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7524D43D45 for ; Fri, 9 Jul 2004 16:55:40 +0000 (GMT) (envelope-from marquis@roble.com) Received: from localhost (localhost [127.0.0.1]) by mx5.roble.com (Postfix) with ESMTP id 2799D2C1CC for ; Fri, 9 Jul 2004 09:55:40 -0700 (PDT) Date: Fri, 9 Jul 2004 09:55:40 -0700 (PDT) From: Roger Marquis To: freebsd-security@freebsd.org In-Reply-To: <20040709120136.22FD216A4D1@hub.freebsd.org> References: <20040709120136.22FD216A4D1@hub.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Message-Id: <20040709165540.2799D2C1CC@mx5.roble.com> Subject: Re: Root users shell == no existant shell /bin/bash X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Jul 2004 16:55:40 -0000 "Peter C. Lai" wrote: > as a rule of thumb, you're probably superuser way too much if you > develop an urge to change it shell anyway. Where do people come up with these folk "rules"? I spend all day working in various root shells as part of my job. Couldn't do it otherwise. > toor has a disabled (*) password by default. What Brannon should have done was > set a password for toor in the beginning, without mucking around with root's > shell. In 8 years of BSD administration I've never seen the toor account used. IMO, as a matter of security, KIS, and for improved cross-platform compatibility it should be removed from the distribution. -- Roger Marquis Roble Systems Consulting http://www.roble.com/