Subject: Re: Root, toor accounts.
To: Marc Baudoin <babafou@babafou.eu.org>
From: Michael K. Sanders <msanders@confusion.net>
List: netbsd-users
Date: 03/12/1999 13:28:13
In message <19990312205357.A287@skiff.babafou.eu.org>, Marc Baudoin writes:
>Richard Rauch <rauch@eecs.ukans.edu> écrit :
>> When I installed my system, there were two UID 0 accounts: root and toor.
>> 
>> Is there a reason to include both?
>
>No, there's not.  As a security principle, you should restrict
>uid 0 accounts to one: root.  If you need several people to be
>given root privileges, give them the root password or use a tool
>such as sudo that can also control what commands they can access
>(everybody doesn't need a root shell).

There _is_ a valid reason for 'toor', though.  It can be useful to
have a backup root account with '/bin/sh' as the shell, especially if
you've changed root's shell to something that is not statically linked
and/or not on the root filesystem.