user toor ???
Hyunseog Ryu at Norlight
hyun at staff.norlight.net
Thu Apr 17 14:59:10 PDT 2003
I guess it depends on your situation.
"toor" user can be used for back-door or bourne-shell access to the system
by system administrator.
Normally script kiddy who doesn't know much about UNIX will just concerned
about "root" account, and he might do something with "root" account only.
In that case, "toor" user account can be used to break into system and
change the system back to original configuration by system administrator.
Or in case of forgetting the password. ^.^
Remember, security is not fixed system.
It is dynamic with company and user requirement.
Sometimes how you are doing is more important than what you have in place.
Everything has pros and cons.
So if you use wisely, and keep the system tighten, it's good for security.
But it might cause inconvenience, and user doesn't follow the rule
essentially.
That's something you think about, too.
For an example, you implement different difficult password rule for every
system, then some user might stick with post-it to remember the
username/password. ^.^
Post-it with password will be good for security? ^.^
Let's think about that. ^.^
Hyun
=====================================================
Hyunseog Ryu
Senior Network Engineer, Applications Engineering
Norlight Telecommunications
275 North Corporate Drive
Brookfield, WI 53045
U.S.A.
phone: +1-262-792-7965
fax: +1-262-792-7733
e-mail: hryu at norlight.com or hyun at staff.norlight.net
-----Original Message-----
From: owner-freebsd-questions at freebsd.org
[mailto:owner-freebsd-questions at freebsd.org] On Behalf Of Brent Bailey
Sent: Thursday, April 17, 2003 2:45 PM
To: freebsd-questions at FreeBSD.ORG
Subject: user toor ???
Can anyone tell me what function does the user "toor" that is put in by
default by FBSD install do ?
im told its a security risk ...but unsure what it does ??
thanx
B
_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list