From owner-freebsd-questions  Tue Oct 31  2: 0:38 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from ren.sasknow.com (ren.sasknow.com [207.195.92.131])
	by hub.freebsd.org (Postfix) with ESMTP id 7FD7637B4D7
	for <questions@FreeBSD.ORG>; Tue, 31 Oct 2000 02:00:35 -0800 (PST)
Received: from localhost (ryan@localhost)
	by ren.sasknow.com (8.9.3/8.9.3) with ESMTP id EAA34570;
	Tue, 31 Oct 2000 04:04:27 -0600 (CST)
	(envelope-from ryan@sasknow.com)
Date: Tue, 31 Oct 2000 04:04:27 -0600 (CST)
From: Ryan Thompson <ryan@sasknow.com>
To: Sean Kelly <smkelly@zombie.org>
Cc: questions@FreeBSD.ORG
Subject: Re: toor
In-Reply-To: <20001031012526.A12381@edgemaster.zombie.org>
Message-ID: <Pine.BSF.4.21.0010310356130.14845-100000@ren.sasknow.com>
Organization: SaskNow Technologies [www.sasknow.com]
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Sean Kelly wrote to questions@FreeBSD.ORG:

> I was talking with some people who were installing FreeBSD, and they were
> instructed to remove the 'toor' entry in the password file.  I was just
> curious, what exactly is the point to having a 'toor' with uid 0?

I remember somewhat of a religious war on this topic a month or two (or
more) ago.  Tread softly with this thread, my friend :-)

I'll summarize.  toor can be used to

 a) Provide an alternate account for root access under a different name.
	Actually, it doesn't have to be called toor.  Toor is just root
	spelled backwards.. no-brainer, there... Most people recommend
	removing toor because not a lot of people use toor, and it just
	represents another (potential) point of access into the system.
	In other words, "don't enable what you don't use" paradigm.

 b) Provide the system administrator with a comfortable working
	environment (i.e., an alternate login shell).  It is good to
	leave root's shell alone--i.e., leave it point to a shell
	in /bin/ such as sh, [t]csh, etc, so that it can be used in
	single user mode when other partitions (containing libraries
	that aren't statically linked, and other useful partitions,
	such as /usr) are not mounted.

	toor, on the other hand, can have any shell under the sun.
	Administrators who prefer, say, bash, over sh or csh can
	simply set toor's shell to /usr/bin/bash and use toor for
	all system admin duties in multi-user mode.

	Some would argue that you should use ``su -m'' from a regular
	user account instead of toor.  This is debatable (and HAS
	been debated).

If you want more information, I encourage you to search the mailing list
archives for 'toor'.  You'll find a lot of information.

- Ryan

-- 
  Ryan Thompson <ryan@sasknow.com>
  Network Administrator, Accounts
  Phone: +1 (306) 664-1161

  SaskNow Technologies     http://www.sasknow.com
  #106-380 3120 8th St E   Saskatoon, SK  S7H 0W2



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message