How to create a user account with the same permission as "root"
?
Daniel Bye
freebsd-questions at slightlystrange.org
Thu Oct 11 06:22:49 PDT 2007
On Thu, Oct 11, 2007 at 07:34:54PM +0800, Erich Dollansky wrote:
> Hi,
>
> FreeBSD is not Windows.
>
> You cannot have another "root" in the system.
Yeah, you can. It's just a really bad idea. root and toor both have UID
and GID of 0 - giving them both superuser privileges. There is nothing
to prevent you from adding as many more UID/GID 0 users as your madness
compels you to. The only stricture is that they must all have different
names.
>
> What you can do is the creation of the group "wheel" and put "william"
> into this group.
Group wheel already exists - it is root's (and toor's) primary group.
William: log in as root and run this:
# pw user mod -n william -G wheel
william will now be a member of wheel, and able to su root.
> Allow then all members of "wheel" to access the files needed by the
> group "wheel".
This step shouldn't be necessary on a standard install, as membership
of group wheel confers access rights to all files owned by wheel.
> I would not do this as it creates many security wholes.
Er..? It is a standard technique for allowing certain users to su root
to perform system maintenance tasks. If I misunderstand your point,
Erich, please do explain.
> If you just want to do something as root without being root, use su.
For which, in FreeBSD, you need to be a member of group wheel anyway...
security/sudo doesn't have this prerequirement, and is a much more
flexible tool. But, that flexibility comes with a cost - you must
configure it correctly, or you could end up shooting yourself in the
foot.
Dan
>
> williamkow wrote:
> >Finally, I manage to setup X.org and then KDE 3.5.4 running on FreeBSD
> >6.2-Release.
> >I created a user account named "william" and do not assign any group as
> >I do not know what are the list of group name for me to select. To start
> >KDE, i use command "kdm" but I can only logon using the newly created
> >user name "william", but it do not have same permission/access rights as
> >"root" account.
> >Please show on how to enable this user account, with the same permission
> >as root ?
> >Thank you.
--
Daniel Bye
_
ASCII ribbon campaign ( )
- against HTML, vCards and X
- proprietary attachments in e-mail / \
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20071011/bc280b8c/attachment.pgp
More information about the freebsd-questions
mailing list