Question about a recent installation
Jonathan McKeown
jonathan+freebsd-questions at hst.org.za
Tue May 6 06:10:50 UTC 2008
On Tuesday 06 May 2008 00:08, Mario Vazquez wrote:
> I have been using different Linux distributions for some years, and decided
> to give FreeBSD a try. The install was successful, but have a question
> about how the root account is made. Found that the root folder was created
> with the user/group privileges root:wheel. Is not that a kind of security
> risk? I know that usually only the account used by the administrator is
> the one, in addition to root, that belongs to the wheel group. But also I
> know that sometimes admins get lazy and give for limited time extra
> privileges just to allow someone to do something, and that's where the
> danger can come. Btw, that's just my opinion.
Not sure why it would be a security risk. wheel is the group for people who
are allowed to su to root, so you should probably expect members of group
wheel to have (or be able to get) root privs anyway.
I'm not sure whether by ``root folder'' you mean / or /root , but in either
case the wheel group doesn't have write access, at least on my system,and
root's umask is 022, so created files aren't writable by members of wheel
either.
Lazy admins, of course, are a security risk. No-one should ever be given more
privileges than they need, and as others have pointed out, sudo is a good
answer to this problem. (In fact the first four ports that go on every box I
set up, before I even think about what the box is for, are www/lynx,
sysutils/screen, ports-mgmt/portupgrade and security/sudo ).
Jonathan
More information about the freebsd-questions
mailing list