On Mon, 5 May 2008, Mario Vazquez wrote:

I have been using different Linux distributions for some years, and decided to
give FreeBSD a try.  The install was successful, but have a question about how
the root account is made.  Found that the root folder was created with the
user/group privileges root:wheel.  Is not that a kind of security risk?  I
know that usually only the account used by the administrator is the one, in
addition to root, that belongs to the wheel group.  But also I know that
sometimes admins get lazy and give for limited time extra privileges just to
allow someone to do something, and that's where the danger can come.  Btw,
that's just my opinion.

To give limited priviledges I think sudo (as in linux??) would be used.
If that does not provide enough security then kerberos could be used.

In general I don't see how you main concern is unique to FreeBSD.


Make Windows Vista more reliable and secure with Windows Vista Service Pack 1.

yeah, sudo is. I don't have any issue in terms of functionality. But the doubt I have is if having the root folder created with ownership root:wheel can become a security issue or not. Also would like to know if there is no problem changing my root folder ownership to root:root (which will require a root group btw).

Please do not top post.

There is no reason for a root group. I think best practice is to have each admin keep their data in their accounts which are either allocated as name:wheel or they are defined as being in the wheel group. I do not know if sudo requires wheel membership.

I do not understand the need for a root group. I think security liabilities from having a wheel group have long been worked out. What do you see as a problem? Is BSD different from linux in this regard? perhaps the latter question is an off-list topic.

Douglas Denault
Voice: 301-469-8766
  Fax: 301-469-0601
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to