On Mon, 5 May 2008, Mario Vazquez wrote:
I have been using different Linux distributions for some years, and decided to
give FreeBSD a try. The install was successful, but have a question about how
the root account is made. Found that the root folder was created with the
user/group privileges root:wheel. Is not that a kind of security risk? I
know that usually only the account used by the administrator is the one, in
addition to root, that belongs to the wheel group. But also I know that
sometimes admins get lazy and give for limited time extra privileges just to
allow someone to do something, and that's where the danger can come. Btw,
that's just my opinion.
_________________________________________________________________
To give limited priviledges I think sudo (as in linux??) would be used.
If that does not provide enough security then kerberos could be used.
In general I don't see how you main concern is unique to FreeBSD.
DougD
_________________________________________________________________
Make Windows Vista more reliable and secure with Windows Vista Service Pack 1.
http://www.windowsvista.com/SP1?WT.mc_id=hotmailvistasp1banner
yeah, sudo is. I don't have any issue in terms of functionality. But the
doubt I have is if having the root folder created with ownership root:wheel
can become a security issue or not. Also would like to know if there is no
problem changing my root folder ownership to root:root (which will require a
root group btw).
Please do not top post.
There is no reason for a root group. I think best practice is to have each admin
keep their data in their accounts which are either allocated as name:wheel or
they are defined as being in the wheel group. I do not know if sudo requires
wheel membership.
I do not understand the need for a root group. I think security liabilities from
having a wheel group have long been worked out. What do you see as a problem? Is
BSD different from linux in this regard? perhaps the latter question is an
off-list topic.
_____
Douglas Denault
http://www.safeport.com
[EMAIL PROTECTED]
Voice: 301-469-8766
Fax: 301-469-0601
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
