Toor

Toor

Toor, the word "root" spelled backwards, is an alternative superuser account in Unix-like operating systems, particularly BSD and variants.

Purpose

In Unix, it is traditional to keep the root filesystem as small as reasonably possible, moving larger, fancier programs and rapidly-changing data to other, optional parts of the system. This increases the likelihood that the system can be brought to a semi-usable state in the case of a partial system failure. It also means that the superuser account, necessary for repairing a broken system, should not depend on any programs outside of this small core. So the 'root' account is often configured with a shell which is small, efficient, and dependable, but awkward for daily use.

The 'toor' account is intended as a solution to this problem. It is exactly equivalent to the normal 'root' superuser account, but is configured to use a different, more featureful shell.

Alternately, since they are equivalent accounts, 'toor' may be configured with the emergency shell, allowing 'root' the freedom to use the featureful one.

Implementation

In a Unix-like system, each user has a user ID number, which is what the kernel uses to distinguish users and to manage user permissions. User ID #0 is reserved as the superuser account, and is given permission to do anything on the system.

Users log in by username, not by ID number, and a user's choice of login shell is also managed by name. This separation between name and number allows a given user ID to be associated with more than one username, each having its own shell.

ecurity Considerations

The presence of a 'toor' account (or the presence of more than one account with a user ID of 0) triggers a warning in many security auditing systems. This is valuable, since if the system administrator did not intend for a second superuser account, then it may mean that the system has been compromised.

It may be argued that even an intentional 'toor' account is a security risk, since it provides a second point of attack for someone trying to illicitly gain superuser privileges on the system. However, if passwords are chosen and guarded carefully, the risk increase is minimal. For more information, see password.

For example, NetBSD ships with a disabled 'toor' account, meaning that there is no password with which one can log into the system as 'toor'. This is not a security risk in itself, though it may generate security warnings as previously described. However, if the system is compromised, an administrator may be less likely to notice the enabling of a disabled account than the creation of a new one, especially if he has become accustomed to ignoring warnings about 'toor' from his (arguably misconfigured) security program.

Some Unix variants have been known to ship with a default configuration in which the 'toor' account is enabled, but does not require a password. This is a serious security concern, since it provides an easy way for anyone to become the superuser.

ee also

*Password
*User identifier (Unix)
*User name


Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • toor — toor, toore var. tor a., Obs., difficult …   Useful english dictionary

  • Toor — Der Root Account oder Superuser ist das Benutzerkonto, das bei der Installation eines Betriebssystems angelegt werden muss und mit größtmöglichen Zugriffsrechten ausgestattet ist. Inhaltsverzeichnis 1 Unix 1.1 Mac OS X 1.2 Ubuntu 1.3 toor …   Deutsch Wikipedia

  • toor — dus·toor; toor·ie; …   English syllables

  • Toor — Recorded in the spellings such as Toor, Tour, Tower, Towers, De la Tour, Latour, de la Torre, Torre, Torres, and diminutives such as Touret, Torricina etc, this is a surname which has to be described as European . In origin it can be said to be… …   Surnames reference

  • toor — lunf. Bolsillo trasero del pantalón …   Diccionario Lunfardo

  • Toor — tour Flandre. Var.: torre …   Glossaire des noms topographiques en France

  • Toor — Tour …   Hunsrückisch-Hochdeutsch

  • Maria Toor Pakay — File:Maria toor pakay.jpg Country  Pakistan Born November 22, 1990 (1990 11 22) (age 20) …   Wikipedia

  • Garry Toor — Données clés Nationalité  Canada Né le 10 juin 1979, Vancouver (Canada) Taille 1,78  …   Wikipédia en Français

  • san|toor — san|toor, san|tour, or san|tur «sahn TUR, san », noun. = santir. (Cf. ↑santir) …   Useful english dictionary

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”