http://www.freebsdwiki.net/index.php?title=Wheel&feed=atom&action=historyWheel - Revision history2024-03-28T19:48:19ZRevision history for this page on the wikiMediaWiki 1.18.0http://www.freebsdwiki.net/index.php?title=Wheel&diff=10833&oldid=prevJimbo: Reverted edits by 89.19.172.22 (Talk); changed back to last version by Jimbo2008-12-17T01:45:02Z<p>Reverted edits by <a href="/index.php/Special:Contributions/89.19.172.22" title="Special:Contributions/89.19.172.22">89.19.172.22</a> (<a href="/index.php?title=User_talk:89.19.172.22&action=edit&redlink=1" class="new" title="User talk:89.19.172.22 (page does not exist)">Talk</a>); changed back to last version by <a href="/index.php/User:Jimbo" title="User:Jimbo">Jimbo</a></p>
<table class='diff diff-contentalign-left'>
<tr valign='top'>
<td colspan='1' style="background-color: white; color:black;">← Older revision</td>
<td colspan='1' style="background-color: white; color:black;">Revision as of 01:45, 17 December 2008</td>
</tr></table>Jimbohttp://www.freebsdwiki.net/index.php?title=Wheel&diff=4566&oldid=prevJimbo at 15:54, 11 September 20042004-09-11T15:54:08Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 15:54, 11 September 2004</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 3:</td>
<td colspan="2" class="diff-lineno">Line 3:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>If you allow direct root login over [[ssh]], it becomes possible for [[script kiddie | script kiddies]] to use automated attack tools like John the Ripper to brute-force or dictionary-attack the password to the root account.  With direct root login disabled, your exposure is greatly decreased because any potential attacker would need to already know the name of a user account before even attempting to brute-force a password - and even then, would have to go through the brute force process AGAIN, this time while interactively logged in, in order to get the root password.   </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>If you allow direct root login over [[ssh]], it becomes possible for [[script kiddie | script kiddies]] to use automated attack tools like John the Ripper to brute-force or dictionary-attack the password to the root account.  With direct root login disabled, your exposure is greatly decreased because any potential attacker would need to already know the name of a user account before even attempting to brute-force a password - and even then, would have to go through the brute force process AGAIN, this time while interactively logged in, in order to get the root password.   </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>With FreeBSD's use of the special [[wheel]] group to limit the use of [[su]], security is enhanced even more by ensuring that the attacker would already need to know not only some random username, but a username that is a member of [[wheel]].  This also helps mitigate the liability of potentially having clueless shell users who may pick "password" or something equally <del class="diffchange diffchange-inline">clueless </del>as their password; even if a [[script kiddie | kiddie]] gains shell access by using such an ill-handled account, they at least won't be immediately able to proceed to attacking your root account because your clueless hacked user wasn't a member of [[wheel]].</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>With FreeBSD's use of the special [[wheel]] group to limit the use of [[su]], security is enhanced even more by ensuring that the attacker would already need to know not only some random username, but a username that is a member of [[wheel]].  This also helps mitigate the liability of potentially having clueless shell users who may pick "password" or something equally <ins class="diffchange diffchange-inline">obvious </ins>as their password; even if a [[script kiddie | kiddie]] gains shell access by using such an ill-handled account, they at least won't be immediately able to proceed to attacking your root account because your clueless hacked user wasn't a member of [[wheel]].</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>It is highly recommended that you do NOT make any hyper-obvious names like "administrator" members of [[wheel]], or you will defang much (though not all) of the security benefit inherent in this setup.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>It is highly recommended that you do NOT make any hyper-obvious names like "administrator" members of [[wheel]], or you will defang much (though not all) of the security benefit inherent in this setup.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:FreeBSD Terminology]]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:FreeBSD Terminology]]</div></td></tr>
<!-- diff cache key bsdwiki:diff:version:1.11a:oldid:391:newid:4566 -->
</table>Jimbohttp://www.freebsdwiki.net/index.php?title=Wheel&diff=391&oldid=prevJimbo at 15:53, 11 September 20042004-09-11T15:53:08Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 15:53, 11 September 2004</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 5:</td>
<td colspan="2" class="diff-lineno">Line 5:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>With FreeBSD's use of the special [[wheel]] group to limit the use of [[su]], security is enhanced even more by ensuring that the attacker would already need to know not only some random username, but a username that is a member of [[wheel]].  This also helps mitigate the liability of potentially having clueless shell users who may pick "password" or something equally clueless as their password; even if a [[script kiddie | kiddie]] gains shell access by using such an ill-handled account, they at least won't be immediately able to proceed to attacking your root account because your clueless hacked user wasn't a member of [[wheel]].</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>With FreeBSD's use of the special [[wheel]] group to limit the use of [[su]], security is enhanced even more by ensuring that the attacker would already need to know not only some random username, but a username that is a member of [[wheel]].  This also helps mitigate the liability of potentially having clueless shell users who may pick "password" or something equally clueless as their password; even if a [[script kiddie | kiddie]] gains shell access by using such an ill-handled account, they at least won't be immediately able to proceed to attacking your root account because your clueless hacked user wasn't a member of [[wheel]].</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>It is highly recommended that you do NOT make any hyper-obvious names like "administrator" members of [[wheel]], or you will defang much (though not all) of the security <del class="diffchange diffchange-inline">benefits </del>inherent in this setup.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>It is highly recommended that you do NOT make any hyper-obvious names like "administrator" members of [[wheel]], or you will defang much (though not all) of the security <ins class="diffchange diffchange-inline">benefit </ins>inherent in this setup.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:FreeBSD Terminology]]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:FreeBSD Terminology]]</div></td></tr>
<!-- diff cache key bsdwiki:diff:version:1.11a:oldid:390:newid:391 -->
</table>Jimbohttp://www.freebsdwiki.net/index.php?title=Wheel&diff=390&oldid=prevJimbo at 15:49, 11 September 20042004-09-11T15:49:34Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 15:49, 11 September 2004</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>'''wheel''' is a special user group.  By default, FreeBSD does not allow any user to [[su]] to [[root]] - even if the person operating that user account knows the root password - unless that user is a member of the wheel group.  This behavior can be changed, but it is very strongly recommended to leave it as-is; it provides a definite boost to security to only allow [[su]] privileges to root from a select few accounts.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>'''wheel''' is a special user group.  By default, FreeBSD <ins class="diffchange diffchange-inline">does not allow direct root login from remote locations, and </ins>does not allow any user to [[su]] to [[root]] - even if the person operating that user account knows the root password - unless that user is a member of the wheel group.  This behavior can be changed, but it is very strongly recommended to leave it as-is; it provides a definite boost to security to only allow [[su]] privileges to root from a select few accounts.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>If you allow direct root login over [[ssh]], it becomes possible for [[script kiddie | script kiddies]] to use automated attack tools like John the Ripper to brute-force or dictionary-attack the password to the root account.  With direct root login disabled, your exposure is greatly decreased because any potential attacker would need to already know the name of a user account <del class="diffchange diffchange-inline">that is a member of [[wheel]] </del>before even attempting to brute-force a password - and even then, would have to go through the brute force process AGAIN, this time while interactively logged in, in order to get the root password.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>If you allow direct root login over [[ssh]], it becomes possible for [[script kiddie | script kiddies]] to use automated attack tools like John the Ripper to brute-force or dictionary-attack the password to the root account.  With direct root login disabled, your exposure is greatly decreased because any potential attacker would need to already know the name of a user account before even attempting to brute-force a password - and even then, would have to go through the brute force process AGAIN, this time while interactively logged in, in order to get the root password<ins class="diffchange diffchange-inline">.  </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">With FreeBSD's use of the special [[wheel]] group to limit the use of [[su]], security is enhanced even more by ensuring that the attacker would already need to know not only some random username, but a username that is a member of [[wheel]].  This also helps mitigate the liability of potentially having clueless shell users who may pick "password" or something equally clueless as their password; even if a [[script kiddie | kiddie]] gains shell access by using such an ill-handled account, they at least won't be immediately able to proceed to attacking your root account because your clueless hacked user wasn't a member of [[wheel]]</ins>.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>It is highly recommended that you do NOT make any hyper-obvious names like "administrator" members of [[wheel]], or you will defang much (though not all) of the security benefits inherent in this setup.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>It is highly recommended that you do NOT make any hyper-obvious names like "administrator" members of [[wheel]], or you will defang much (though not all) of the security benefits inherent in this setup.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:FreeBSD Terminology]]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:FreeBSD Terminology]]</div></td></tr>
<!-- diff cache key bsdwiki:diff:version:1.11a:oldid:389:newid:390 -->
</table>Jimbohttp://www.freebsdwiki.net/index.php?title=Wheel&diff=389&oldid=prevJimbo at 15:45, 11 September 20042004-09-11T15:45:29Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 15:45, 11 September 2004</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>'''wheel''' is a special user group.  By default, FreeBSD does not allow any user to [[su]] to [[root]] - even if the person operating that user account knows the root password - unless that user is a member of the wheel group.  This behavior can be changed, but it is very strongly recommended to leave it as-is; it provides a definite boost to security to only allow [[su]] privileges to root from a select few accounts.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>'''wheel''' is a special user group.  By default, FreeBSD does not allow any user to [[su]] to [[root]] - even if the person operating that user account knows the root password - unless that user is a member of the wheel group.  This behavior can be changed, but it is very strongly recommended to leave it as-is; it provides a definite boost to security to only allow [[su]] privileges to root from a select few accounts.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">If you allow direct root login over [[ssh]], it becomes possible for [[script kiddie | script kiddies]] to use automated attack tools like John the Ripper to brute-force or dictionary-attack the password to the root account.  With direct root login disabled, your exposure is greatly decreased because any potential attacker would need to already know the name of a user account that is a member of [[wheel]] before even attempting to brute-force a password - and even then, would have to go through the brute force process AGAIN, this time while interactively logged in, in order to get the root password.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">It is highly recommended that you do NOT make any hyper-obvious names like "administrator" members of [[wheel]], or you will defang much (though not all) of the security benefits inherent in this setup.</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:FreeBSD Terminology]]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:FreeBSD Terminology]]</div></td></tr>
<!-- diff cache key bsdwiki:diff:version:1.11a:oldid:388:newid:389 -->
</table>Jimbohttp://www.freebsdwiki.net/index.php?title=Wheel&diff=388&oldid=prevJimbo at 06:22, 25 August 20042004-08-25T06:22:36Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 06:22, 25 August 2004</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>''wheel'' is a special user group.  By default, FreeBSD does not allow any user to [[su]] to [[root]] - even if the person operating that user account knows the root password - unless that user is a member of the wheel group.  This behavior can be changed, but it is very strongly recommended to leave it as-is; it provides a definite boost to security to only allow [[su]] privileges to root from a select few accounts.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">'</ins>''wheel<ins class="diffchange diffchange-inline">'</ins>'' is a special user group.  By default, FreeBSD does not allow any user to [[su]] to [[root]] - even if the person operating that user account knows the root password - unless that user is a member of the wheel group.  This behavior can be changed, but it is very strongly recommended to leave it as-is; it provides a definite boost to security to only allow [[su]] privileges to root from a select few accounts.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:FreeBSD Terminology]]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:FreeBSD Terminology]]</div></td></tr>
<!-- diff cache key bsdwiki:diff:version:1.11a:oldid:158:newid:388 -->
</table>Jimbohttp://www.freebsdwiki.net/index.php?title=Wheel&diff=158&oldid=prevJimbo at 06:21, 25 August 20042004-08-25T06:21:07Z<p></p>
<p><b>New page</b></p><div>''wheel'' is a special user group. By default, FreeBSD does not allow any user to [[su]] to [[root]] - even if the person operating that user account knows the root password - unless that user is a member of the wheel group. This behavior can be changed, but it is very strongly recommended to leave it as-is; it provides a definite boost to security to only allow [[su]] privileges to root from a select few accounts.<br />
<br />
[[Category:FreeBSD Terminology]]</div>Jimbo