On Wed, Dec 3, 2008 at 9:14 AM, Nick Holland <[EMAIL PROTECTED]> wrote: > Jesse Zbikowski wrote: >> http://en.wikipedia.org/wiki/Toor > > Did you actually READ that article? say, maybe, end part under "Security > Considerations"?
Yup. Did you read it as well, or did you just assume that because there is a part called "Security Considerations" there is no way to do it securely? > IF you do as you propose, you will get warning messages out of the daily > security checks. True. I do not know if you can selectively disable the warning for a single "known good" toor account, or if you have to shut the warnings off entirely. I would hope the first case is true. Otherwise this is a bad design for the security check, and should be fixed. > The developers have decided to look for duplicate IDs as part of their daily > security checks. You have decided you know better. The OpenBSD developers do a good job producing a general purpose system which can be adapted by their users to their own particular needs. I have a particular need which requires a separate /etc/passwd entry for toor. I am curious if there is any real reason not to do this besides the fact that it triggers a meaningless warning. To give you more background about my use case, if you really want to know: I need not only a custom shell but a custom home directory. I ssh -X in to the remote host and run a program as root, and this program displays a window on my local X server. Therefore the program needs to create a $HOME/.Xauthority, but the root username has $HOME as /root which is mounted readonly. Obviously there are a million and one ways to script around this problem, but adding a toor account was straightforward.