user toor ???
Jimi Thompson
jimit at myrealbox.com
Thu Apr 17 16:42:31 PDT 2003
"toor" is no more and no less of a risk that "root". Secure it as
you would root. Oh, and given sufficient opportunity, I can crack
ANY password that uses characters from the ASCII set. It's just not
that difficult. If you are going to expose this system the internet,
I STRONGLY recommend that you use two-factor authentication and DO
NOT RELY on passwords alone.
At 1:16 PM -0700 4/17/03, Jim Mock wrote:
>On Thursday, April 17, 2003, at 12:45 PM, Brent Bailey wrote:
>>Can anyone tell me what function does the user "toor" that is put
>>in by default by FBSD install do?
>
>It's a backup root user.
>
>>im told its a security risk ...but unsure what it does ??
>
>I'm told a lot of things too, but that doesn't mean I believe all of
>them :-) If you're excessively paranoid, you can remove the user,
>but if someone can get into your machine and crack root/toor's
>password, you've got bigger issues to worry about.
>
>- jim
>
>--
>- jim mock mij@{soupnazi|opendarwin}.org jim@{bsdnews|FreeBSD}.org -
>- editor in chief, BSD News: http://bsdnews.org http://soupnazi.org -
>
>_______________________________________________
>freebsd-questions at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
--
Thanks,
Ms. Jimi Thompson, CISSP, Rev.
"I'm a great believer in luck, and I find the harder I work, the more
I have of it." -- Thomas Jefferson
More information about the freebsd-questions
mailing list