How to create a user account with the same permission as "root" ?

Daniel Bye freebsd-questions at slightlystrange.org
Thu Oct 11 06:22:49 PDT 2007 

On Thu, Oct 11, 2007 at 07:34:54PM +0800, Erich Dollansky wrote:
> Hi,
> 
> FreeBSD is not Windows.
> 
> You cannot have another "root" in the system.

Yeah, you can. It's just a really bad idea. root and toor both have UID
and GID of 0 - giving them both superuser privileges. There is nothing
to prevent you from adding as many more UID/GID 0 users as your madness
compels you to. The only stricture is that they must all have different
names.

> 
> What you can do is the creation of the group "wheel" and put "william" 
> into this group.

Group wheel already exists - it is root's (and toor's) primary group.

William: log in as root and run this:

 # pw user mod -n william -G wheel

william will now be a member of wheel, and able to su root.

> Allow then all members of "wheel" to access the files needed by the 
> group "wheel".

This step shouldn't be necessary on a standard install, as membership
of group wheel confers access rights to all files owned by wheel.

> I would not do this as it creates many security wholes.

Er..? It is a standard technique for allowing certain users to su root
to perform system maintenance tasks. If I misunderstand your point,
Erich, please do explain.

> If you just want to do something as root without being root, use su.

For which, in FreeBSD, you need to be a member of group wheel anyway...
security/sudo doesn't have this prerequirement, and is a much more
flexible tool. But, that flexibility comes with a cost - you must 
configure it correctly, or you could end up shooting yourself in the
foot.

Dan

> 
> williamkow wrote:
> >Finally, I manage to setup X.org and then KDE 3.5.4 running on FreeBSD 
> >6.2-Release.
> >I created a user account named "william" and do not assign any group as 
> >I do not know what are the list of group name for me to select. To start 
> >KDE, i use command "kdm" but I can only logon using the newly created 
> >user name "william", but it do not have same permission/access rights as 
> >"root" account.
> >Please show on how to enable this user account, with the same permission 
> >as root ?
> >Thank you.

-- 
Daniel Bye
                                                                     _
                                              ASCII ribbon campaign ( )
                                         - against HTML, vCards and  X
                                - proprietary attachments in e-mail / \
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20071011/bc280b8c/attachment.pgp

More information about the freebsd-questions mailing list