Subject: Re: Root, toor accounts.
To: Marc Baudoin <firstname.lastname@example.org>
From: Michael K. Sanders <email@example.com>
Date: 03/12/1999 13:28:13
In message <19990312205357.A287@skiff.babafou.eu.org>, Marc Baudoin writes:
>Richard Rauch <firstname.lastname@example.org> écrit :
>> When I installed my system, there were two UID 0 accounts: root and toor.
>> Is there a reason to include both?
>No, there's not. As a security principle, you should restrict
>uid 0 accounts to one: root. If you need several people to be
>given root privileges, give them the root password or use a tool
>such as sudo that can also control what commands they can access
>(everybody doesn't need a root shell).
There _is_ a valid reason for 'toor', though. It can be useful to
have a backup root account with '/bin/sh' as the shell, especially if
you've changed root's shell to something that is not statically linked
and/or not on the root filesystem.