What is the ‘toor’ user on FreeBSD?

What is the ‘toor’ user on FreeBSD?

Linux and *BSD systems have by default a root user installed. As it has a user ID of zero (0), it gains the highest level of permissions from the kernel. On FreeBSD systems, there is also the ‘toor’ user, with the equal high-level user ID of zero. It is simply the reversed version of ‘root’, and installed as a backup account. By default, it has no shell assigned, so it can’t log in.

Screenshot of /etc/passwd file with toor user entry in it

The toor user shares the same ID as root

Why keep the toor user?

Some BSD users strongly suggest keeping the toor user, as it can be used during system recovery. Others actually use this user instead of root and apply hardening to the root user, so that is only can be used on the console.

Tip: be careful with using bash or other shells on your high-privilege users. If the upgrade of such shell fails, you might be locked out. For that reason, it might be good to keep it at the default C shell.

Is there a good reason to remove it?

If you don’t use the toor user at all, simply remove it. A healthy security mantra says: everything unused should preferably be removed from the system. This helps to reduce the so-called attack surface of a system. Use vipw to edit your password file and remove the related entry.

Conclusion

The toor user is a piece of history on FreeBSD systems. Some people like it, others think it is unneeded. If you don’t use it, simply remove it.

 

Lynis Enterprise

Lynis Enterprise screenshot to help with system hardening

This blog post is part of our Linux security series and the mission to get Linux and Unix-based systems more secure.

Does system hardening take a lot of time, or do you have any compliance in your company? Have a look at Lynis Enterprise.

Or start today with the open source security scanner Lynis (GitHub)


Leave a Reply

Your email address will not be published. Required fields are marked *