Professional Web Applications Themes

toor account, what is the advantage ? - Sun Solaris

Hi, i have seen on one Solaris machine the toor account with user id 0 , the same as the root account. What is the reason to have 2 root accounts ?? Regards Frank...

  1. #1

    Default toor account, what is the advantage ?

    Hi,

    i have seen on one Solaris machine the toor account with user id 0 , the
    same as the root account.
    What is the reason to have 2 root accounts ??

    Regards
    Frank


    Frank Guest

  2. #2

    Default Re: toor account, what is the advantage ?

    Frank Zimmer wrote: 

    Some possible reasons:

    1. Being able to set the shell to something different, without
    disturbing anything that depends on root's shell being /bin/sh.
    (Maybe not necessary to be this conservative but some people
    would rather be safe than sorry.)

    2. Allowing some administrators to use different administrators
    than others.

    3. Being able to still access the machine but set root's password
    to something invalid, so that any attempt to login as "root"
    will always fail, no matter what password you try.

    4. Being able to have two separate passwords in case two sets of
    people have access to the same system but shouldn't share the
    same password.

    Personally, if I were doing this, I'd prefer to call it "roto",
    but I guess that's just because it's more fun (to me). Well,
    and easier to type.

    - Logan

    Logan Guest

  3. #3

    Default Re: toor account, what is the advantage ?

    On Wed, 24 Sep 2003 08:01:16 GMT, Logan Shaw <rr.com>
    wrote:
     
    >
    >Some possible reasons:[/ref]
    ....

    It's a BSD'ism, standard with FreeBSD - for the reasons that Logan mentions
    I think. Primarily so you can set the account's shell to whatever you like.

    %head -4 /etc/passwd
    # $FreeBSD: src/etc/master.passwd,v 1.25 1999/09/13 17:09:07 peter Exp $
    #
    root:*:0:0:Charlie &:/root:/bin/csh
    toor:*:0:0:Bourne-again Superuser:/root:

    --
    Roger Williams, Institute of Geological & Nuclear Sciences, New Zealand
    R.Williams
    gns.cri.nz : DEC 3000/300 AXP - OpenVMS v6.2
    Roger Guest

  4. #4

    Default Re: toor account, what is the advantage ?

    Logan Shaw <rr.com> wrote: [/ref]
     
     
     
     

    I wonder if that makes logging in into single-user mode impossible..


    --
    Akop Pogosian

    This space has been accidentally left blank.
    Akop Guest

  5. #5

    Default Re: toor account, what is the advantage ?

    In article <com>,
    Roger Williams <the.sig> wrote:
     
    > >
    > >Some possible reasons:[/ref]
    > ...
    >
    > It's a BSD'ism, standard with FreeBSD - for the reasons that Logan mentions
    > I think. Primarily so you can set the account's shell to whatever you like.
    >
    > %head -4 /etc/passwd
    > # $FreeBSD: src/etc/master.passwd,v 1.25 1999/09/13 17:09:07 peter Exp $
    > #
    > root:*:0:0:Charlie &:/root:/bin/csh
    > toor:*:0:0:Bourne-again Superuser:/root:[/ref]

    In Solaris, you're not allowed to have comments in
    /etc/{passwd,shadow,group}, so the above lines would be invalid. Nor
    would you be able to login with the "toor" account unless you're running
    Solaris 9. Everything before that requires a valid shell, which the
    toor account does not have.

    --
    DeeDee, don't press that button! DeeDee! NO! Dee...



    Michael Guest

  6. #6

    Default Re: toor account, what is the advantage ?

    "Michael Vilain " wrote: 
    >
    >
    > In Solaris, you're not allowed to have comments in
    > /etc/{passwd,shadow,group}, so the above lines would be invalid.[/ref]


    True
     

    Untrue. If no shell is specified (which is the case above for the "toor"
    account) the default shell (/bin/sh) is used.

    That's as true for a UID 0 user as it is for anyone else.

    --
    Tony

    Tony Guest

  7. #7

    Default Re: toor account, what is the advantage ?

    On Wed, 24 Sep 2003 16:34:58 +0100, Tony Walton wrote:
     

    /bin/sh ???

    And if /usr cannot be mounted?

    Dave Guest

  8. #8

    Default Re: toor account, what is the advantage ?

    Dave Uhring wrote: 
    >
    >
    > /bin/sh ???
    >
    > And if /usr cannot be mounted?
    >[/ref]

    You can't log in. That wasn't Michael's point.

    --
    Tony

    Tony Guest

  9. #9

    Default Re: toor account, what is the advantage ?

    Tony Walton <com> writes: 
    >>[/ref]
    >
    >Untrue. If no shell is specified (which is the case above for the "toor"
    >account) the default shell (/bin/sh) is used.
    >[/ref]

    You mean /sbin/sh.

    -Greg
    --
    Do NOT reply via e-mail.
    Reply in the newsgroup.
    Greg Guest

  10. #10

    Default Re: toor account, what is the advantage ?

    In article <bkso7e$n29$panix.com>,
    com (Greg Andrews) writes: 
    >>
    >>Untrue. If no shell is specified (which is the case above for the "toor"
    >>account) the default shell (/bin/sh) is used.
    >>[/ref]
    >
    > You mean /sbin/sh.[/ref]

    RTFM.

    From passwd(4):

    login-shell
    is the user's initial shell program. If this field is
    empty, the default shell is /usr/bin/sh.


    login(1) says the same thing.

    But because a strings on /usr/bin/login has 3 occurrences of /usr/bin/sh
    as well as 2 of /sbin/sh (and man pages aren't _always_ correct), I
    actually created (temporarily) such an account and tried it - $$ was one
    of the pids shown by running fuser on /usr/bin/sh. Also, if you take
    /sbin/sh off of the passwd file entry for root, it too defaults to
    /usr/bin/sh (meaning neither uid 0 nor the name root is hardcoded in
    /usr/bin/login to alter the choice of default shells). And on Solaris 9,
    pargs -x $$ also shows /usr/bin/sh for the AT_SUN_EXECNAME in the
    auxiliary vector (what getexecname(3c) would show). So I think that
    definitely settles it.

    If you want /sbin/sh, you have to specify it explicitly.

    --
    mailto:smart.net http://www.smart.net/~rlhamil
    Richard Guest

  11. #11

    Default Re: toor account, what is the advantage ?

    On Wed, 24 Sep 2003 17:09:23 +0100, Tony Walton wrote:
     
     
    >
    > You can't log in. That wasn't Michael's point.[/ref]

    http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=finfodoc/40773

    Dave Guest

  12. #12

    Default Re: toor account, what is the advantage ?

    Dave Uhring wrote: 
    >

    >>
    >>You can't log in. That wasn't Michael's point.[/ref]
    >
    >
    > http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=finfodoc/40773
    >[/ref]

    Interesting... In Solaris Express, /lib is no longer a symlink to
    /usr/lib (thus it now resides in the root filesystem), and /sbin/sh is
    now a dynamically linked object, but only refers to objects under /lib
    and /platform, thus you now can run ldd on /sbin/sh. Bcoz of this, the
    size of /sbin/sh has been reduced from 292K (in my latest S9 version) to
    92K in s10_40.

    Another way of not having a /usr filesystem dependency on root's default
    shell...

    Beardy Guest

  13. #13

    Default Re: toor account, what is the advantage ?

    Frank Zimmer <lu> writes:
     
     

    Are you sure the person who added the account was supposed to?

    The "toor" account was often added by hackers.

    Casper
    --
    Expressed in this posting are my opinions. They are in no way related
    to opinions held by my employer, Sun Microsystems.
    Statements on Sun products included here are not gospel and may
    be fiction rather than truth.
    Casper Guest

  14. #14

    Default Re: toor account, what is the advantage ?

    Dave Uhring wrote: 
    >

    >>
    >> You can't log in. That wasn't Michael's point.[/ref]
    >
    >
    > http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=finfodoc/40773
    >[/ref]

    Which is still applicab;e. I think you've missed the point both of
    Michael's posting and my response. To un-snip:

    Michael said: 


    To which I responded:
     


    Michael stated that the "toor" line was invalid because it didn't
    specify a valid shell (which it doesn't). However it is not invalid -
    not specifying a shell (at all) means that /bin/sh will be used.
    Therefore /bin/sh would be used as a login shell for the "toor" account.
    So the statement that "you wouldn't be able to log in as it doesn't
    specify a valid shell" is not true.

    Certainly if /bin/sh were unusable (for instance if its libraries were
    unreachable) you wouldn't be able to log in (any more than you could log
    in if it specified an invalid shell (as opposed to not specifying a
    shell at all) prior to Solaris 9

    Cue the tedious tri-monthly religious argument on whether you should
    change root's system-speficied shell from /bin/sh...

    --
    Tony

    Tony Guest

  15. #15

    Default Re: toor account, what is the advantage ?

    Greg Andrews wrote: 
    >>Untrue. If no shell is specified (which is the case above for the "toor"
    >>account) the default shell (/bin/sh) is used.
    >>[/ref]
    >
    >
    > You mean /sbin/sh.[/ref]


    No I don't. a) see the manpage for passwd(4) and b) I tried it before
    posting.

    --
    Tony

    Tony Guest

  16. #16

    Default Re: toor account, what is the advantage ?


    "Tony Walton" <com> wrote in message
    news:com... [/ref][/ref]

    <snip>
     

    LOL! Splitters...
     

    --
    Noel R. Nihill
    UNIX® platform development
    Motorola NSS
    I *could* be arguing in my spare time.


    Noel Guest

  17. #17

    Default Re: toor account, what is the advantage ?

    In article <com>,
    Tony Walton <com> wrote:
     

    quite.

    [sometimes British English says some much with so little]

    --
    DeeDee, don't press that button! DeeDee! NO! Dee...



    Michael Guest

  18. #18

    Default Re: toor account, what is the advantage ?

    On Thu, 25 Sep 2003 11:30:08 +0100, Tony Walton wrote:
     

    [sbin]# cat /etc/passwd
    root:x:0:1:Super-User:/:/sbin/sh
    [ snip ]

    Dave Guest

  19. #19

    Default Re: toor account, what is the advantage ?

    Dave Uhring wrote: 
    >
    >
    > [sbin]# cat /etc/passwd
    > root:x:0:1:Super-User:/:/sbin/sh
    > [ snip ]
    >[/ref]

    ;-)

    --
    Tony

    Tony Guest

  20. #20

    Default Re: toor account, what is the advantage ?

    [Frank Zimmer]: 

    we add "toor" temporarily for service technicians who need access,
    that way we don't have to tell them our root password or change it to
    something none of us will remember.

    others use it to so that their superuser account can have a shell with
    job control and other new-fangled stuff. I prefer to type "exec bash"
    first thing after logging in.
    --
    Kjetil T. | read and make up your own mind
    | http://www.cactus48.com/truth.html
    Kjetil Guest

Page 1 of 2 12 LastLast

Similar Threads

  1. PHP5 - *ANY advantage??
    By mikel in forum PHP Development
    Replies: 27
    Last Post: December 5th, 11:44 AM
  2. Advantage of partitioning?
    By no body in forum Linux Setup, Configuration & Administration
    Replies: 48
    Last Post: July 29th, 09:57 PM
  3. Passport Advantage
    By Colin Bull in forum Informix
    Replies: 14
    Last Post: July 14th, 01:34 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139