What is the ‘toor’ user on FreeBSD?

What is the ’toor’ user on FreeBSD?

Linux and *BSD systems have by default a root user installed. As it has a user ID of zero (0), it gains the highest level of permissions from the kernel. On FreeBSD systems, there is also the ’toor’ user, with the equal high-level user ID of zero. It is simply the reversed version of ‘root’, and installed as a backup account. By default, it has no shell assigned, so it can’t log in.

Why keep the toor user?

Some BSD users strongly suggest keeping the toor user, as it can be used during system recovery. Others actually use this user instead of root and apply hardening to the root user, so that is only can be used on the console.

Tip: be careful with using bash or other shells on your high-privilege users. If the upgrade of such shell fails, you might be locked out. For that reason, it might be good to keep it at the default C shell.

Is there a good reason to remove it?

If you don’t use the toor user at all, simply remove it. A healthy security mantra says: everything unused should preferably be removed from the system. This helps to reduce the so-called attack surface of a system. Use vipw to edit your password file and remove the related entry.

Conclusion

The toor user is a piece of history on FreeBSD systems. Some people like it, others think it is unneeded. If you don’t use it, simply remove it.

Take the next step!

Want to learn more about Linux security? Have a look at the open source tool Lynis and become a Linux security expert yourself.

Lynis is a battle-tested technical security audit tool. It is open source, freely available, and used by system administrators all over the world. Other users include IT auditors, security professionals, like pentesters.

Tool Information

Visit project page
Screenshot of Lynis security tool