What is the ‘toor’ user on FreeBSD?

What is the ‘toor’ user on FreeBSD?

Linux and *BSD systems have by default a root user installed. As it has a user ID of zero (0), it gains the highest level of permissions from the kernel. On FreeBSD systems, there is also the ‘toor’ user, with the equal high-level user ID of zero. It is simply the reversed version of ‘root’, and installed as a backup account. By default, it has no shell assigned, so it can’t log in.

Screenshot of /etc/passwd file with toor user entry in it

The toor user shares the same ID as root

Why keep the toor user?

Some BSD users strongly suggest keeping the toor user, as it can be used during system recovery. Others actually use this user instead of root and apply hardening to the root user, so that is only can be used on the console.

Tip: be careful with using bash or other shells on your high-privilege users. If the upgrade of such shell fails, you might be locked out. For that reason, it might be good to keep it at the default C shell.

Is there a good reason to remove it?

If you don’t use the toor user at all, simply remove it. A healthy security mantra says: everything unused should preferably be removed from the system. This helps to reduce the so-called attack surface of a system. Use vipw to edit your password file and remove the related entry.


The toor user is a piece of history on FreeBSD systems. Some people like it, others think it is unneeded. If you don’t use it, simply remove it.


Automate security audits with Lynis and Lynis Enterprise
Lynis Enterprise screenshot to help with system hardening

This blog post is part of our Linux security series to get Linux (and Unix-based) systems more secure.

Daily security checks

Want to go to the next level of security scanning and system hardening? Start with automated security scans for Linux: Lynis and Lynis Enterprise.

Automate Scanning »

Leave a Reply

Your email address will not be published. Required fields are marked *