Question about a recent installation

doug at safeport.com doug at safeport.com
Tue May 6 17:32:09 UTC 2008 

>> On Mon, 5 May 2008, Mario Vazquez wrote:
>>
>>>
>>> I have been using different Linux distributions for some years, and decided to
>>> give FreeBSD a try.  The install was successful, but have a question about how
>>> the root account is made.  Found that the root folder was created with the
>>> user/group privileges root:wheel.  Is not that a kind of security risk?  I
>>> know that usually only the account used by the administrator is the one, in
>>> addition to root, that belongs to the wheel group.  But also I know that
>>> sometimes admins get lazy and give for limited time extra privileges just to
>>> allow someone to do something, and that's where the danger can come.  Btw,
>>> that's just my opinion.
>>> _________________________________________________________________
>>
>> To give limited priviledges I think sudo (as in linux??) would be used.
>> If that does not provide enough security then kerberos could be used.
>>
>> In general I don't see how you main concern is unique to FreeBSD.
>>
>> DougD
>
> _________________________________________________________________
> Make Windows Vista more reliable and secure with Windows Vista Service Pack 1.
> http://www.windowsvista.com/SP1?WT.mc_id=hotmailvistasp1banner
>
> yeah, sudo is.  I don't have any issue in terms of functionality.  But the 
> doubt I have is if having the root folder created with ownership root:wheel 
> can become a security issue or not.  Also would like to know if there is no 
> problem changing my root folder ownership to root:root (which will require a 
> root group btw).

Please do not top post.

There is no reason for a root group. I think best practice is to have each admin 
keep their data in their accounts which are either allocated as name:wheel or 
they are defined as being in the wheel group. I do not know if sudo requires 
wheel membership.

I do not understand the need for a root group. I think security liabilities from 
having a wheel group have long been worked out. What do you see as a problem? Is 
BSD different from linux in this regard? perhaps the latter question is an 
off-list topic.


_____
Douglas Denault
http://www.safeport.com
doug at safeport.com
Voice: 301-469-8766
   Fax: 301-469-0601

More information about the freebsd-questions mailing list