How to create a user account with the same permission as "root"
jerrymc at msu.edu
Fri Oct 12 08:09:07 PDT 2007
On Fri, Oct 12, 2007 at 08:11:56AM +0800, Erich Dollansky wrote:
> Jerry McAllister wrote:
> >On Thu, Oct 11, 2007 at 07:34:54PM +0800, Erich Dollansky wrote:
> >>FreeBSD is not Windows.
> >True statement - thank heaven.
> >>You cannot have another "root" in the system.
> >Unless I misunderstand what you are saying, this is NOT a true statement.
> >You can create as many ids with a '0' UID as you want. It may not be
> But they are the same as it is still the same UID. Under WIndows, you
> can create as many 'root' accounts you want.
I think you misunderstand what is being said.
An account with a UID of 0 in UNIX is root for all practical purposed.
The only difference is that it has a different name and it can have
a different home directory if you want to keep them separate - but
you don't have to.
To repeat, any account with a UID of 0 is root. It does not depend on
the name of the account, but the UID. You can call the account anything
and if its UID is 0, then it is root. UID (User ID) refers to the number
that the system uses internally to identify the account and its priviledges.
To be really complete, make it have a GID (Group ID) of 0 which is
the 'wheel' group in FreeBSD. Some UNIXes make wheel be 10, but FreeBSD
follows the original standard of it being 0.
> root is special.
Yes, because it has a UID of 0.
> >>Allow then all members of "wheel" to access the files needed by the
> >>group "wheel".
> >Not the best idea.
> Really not. But at least better than to work as root.
What you left out is the better way of doing it and that is to leave
the file GID be whatever it naturally should be. Then use su to
set your effective UID to 0 - eg give yourself root priviledge
and then work with the files. Don't set a lot of files to wheel GID
and then give a lot of people wheel GID, because that will make it
possible for all of them to become root and do more than just muck
with those files.
> >>I would not do this as it creates many security wholes.
More information about the freebsd-questions