user toor ???

Jimi Thompson jimit at
Thu Apr 17 16:42:31 PDT 2003

"toor" is no more and no less of a risk that "root".  Secure it as 
you would root.  Oh, and given sufficient opportunity, I can crack 
ANY password that uses characters from the ASCII set.  It's just not 
that difficult.  If you are going to expose this system the internet, 
I STRONGLY recommend that you use two-factor authentication and DO 
NOT RELY on passwords alone.

At 1:16 PM -0700 4/17/03, Jim Mock wrote:
>On Thursday, April 17, 2003, at 12:45  PM, Brent Bailey wrote:
>>Can anyone tell me what function does the user "toor" that is put 
>>in by default by FBSD install  do?
>It's a backup root user.
>>im told its a security risk ...but unsure what it does ??
>I'm told a lot of things too, but that doesn't mean I believe all of 
>them :-)  If you're excessively paranoid, you can remove the user, 
>but if someone can get into your machine and crack root/toor's 
>password, you've got bigger issues to worry about.
>- jim
>- jim mock  mij@{soupnazi|opendarwin}.org  jim@{bsdnews|FreeBSD}.org -
>- editor in chief, BSD News: -
>freebsd-questions at mailing list
>To unsubscribe, send any mail to "freebsd-questions-unsubscribe at"


Ms. Jimi Thompson, CISSP, Rev.

"I'm a great believer in luck, and I find the harder I work, the more 
I have of it." -- Thomas Jefferson

More information about the freebsd-questions mailing list