Subject: Re: Root, toor accounts.
To: Marc Baudoin <>
From: Michael K. Sanders <>
List: netbsd-users
Date: 03/12/1999 13:28:13
In message <>, Marc Baudoin writes:
>Richard Rauch <> crit :
>> When I installed my system, there were two UID 0 accounts: root and toor.
>> Is there a reason to include both?
>No, there's not.  As a security principle, you should restrict
>uid 0 accounts to one: root.  If you need several people to be
>given root privileges, give them the root password or use a tool
>such as sudo that can also control what commands they can access
>(everybody doesn't need a root shell).

There _is_ a valid reason for 'toor', though.  It can be useful to
have a backup root account with '/bin/sh' as the shell, especially if
you've changed root's shell to something that is not statically linked
and/or not on the root filesystem.