Security question - uids of 0

Jerry McAllister jerrymc at clunix.cl.msu.edu
Mon Aug 16 08:15:42 PDT 2004


> 
> The following appeared in my latest daily security run output:
> 
> 	Checking for uids of 0:
> 	root 0
> 	toor 0
> 
> This is the first time I've seen this message.
> 
> I checked /etc/passwd and found this:
> 
> 	root:*:0:0:Charlie &:/root:/bin/csh
> 	toor:*:0:0:Bourne-again Superuser:/root:
> 
> I am running FreeBSD 4.10 as a gateway/router/firewall with IPFW for a small
> home LAN.  
> 
> I ran ps -aux and looked for any processes owned by "toor" but didn't find any.
> 
> Is this something to be concerned about?  

No.  It is normal.
It is one of the normal accounts put there in a standard install.
It is essentially a root account by another name.
Some things used to like to use it to own their installed stuff but
avoid using root directly.
I don't know if anything really does that any more.
I sometimes use it as a model pw entry when in vipw for
creating new accounts directly to help avoid missing a field.

> 
> Sorry if this is an obvious question, but I am still very much a newbie
> and trying to learn what I can about security.

This has been brought up and answered numerous times in the past.
You might try and search for information on toor account.  You 
should be able to find something.

////jerry

> 
> Thanks for your patience,
> 
> Jim
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
> 



More information about the freebsd-questions mailing list