freebsd-dev/etc/master.passwd

# $FreeBSD$
#
root::0:0::0:0:Charlie &:/root:/bin/csh
toor:*:0:0::0:0:Bourne-again Superuser:/root:
daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5::0:0:System &:/:/usr/sbin/nologin
bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin
tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin
kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin
games:*:7:13::0:0:Games pseudo-user:/:/usr/sbin/nologin
news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin
man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin
unbound:*:59:59::0:0:Unbound DNS Resolver:/var/unbound:/usr/sbin/nologin
proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
_pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin
_dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin
uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin
auditdistd:*:78:77::0:0:Auditdistd unprivileged user:/var/empty:/usr/sbin/nologin
www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
ntpd:*:123:123::0:0:NTP Daemon:/var/db/ntp:/usr/sbin/nologin
_ypldap:*:160:160::0:0:YP LDAP unprivileged user:/var/empty:/usr/sbin/nologin
hast:*:845:845::0:0:HAST unprivileged user:/var/empty:/usr/sbin/nologin
tests:*:977:977::0:0:Unprivileged user for tests:/nonexistent:/usr/sbin/nologin
nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin
Add/adjust some $FreeBSD$ tags. Noted by: Doug <Doug@gorean.org> 1999-09-13 17:09:08 +00:00			`# $FreeBSD$`
			`#`
Revert parts of r337849 and r337857 This fixes the build and I will redo these changes as part of a future review that organizes them differently. The way I tried to do it here could be done better. Sorry for the noise. Approved by: will (mentor) Differential Revision: https://reviews.freebsd.org/D16737 2018-08-15 23:18:34 +00:00			`root::0:0::0:0:Charlie &:/root:/bin/csh`
A real good idea... >From: "Chris G. Demetriou" <cgd@sun-lamp.cs.berkeley.edu> Update of /b/source/CVS/src/etc In directory sun-lamp.cs.berkeley.edu:/usr/src/etc Modified Files: master.passwd Log Message: disable toor by default 1994-02-09 01:57:37 +00:00			`toor:*:0:0::0:0:Bourne-again Superuser:/root:`
Synchronize with reality: nologin(8) is now in /usr/sbin Reminded by: trhodes 2004-03-30 19:19:02 +00:00			`daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin`
			`operator:*:2:5::0:0:System &:/:/usr/sbin/nologin`
			`bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin`
			`tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin`
			`kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin`
Step 1 of eliminating the "games" distribution: Move binaries to /usr/bin; update paths; and include everything in the "base" distribution. The "games" distribution being optional made sense when there were more games and we had small disks; but the "games-like" games were moved into the ports tree a dozen years ago and the remaining "utility-like" games occupy less than 0.001% of my laptop's small hard drive. Meanwhile every new user is confronted by the question "do you want games installed" when they they try to install FreeBSD. The next steps will be: 2. Removing punch card (bcd, ppt), phase-of-moon (pom), clock (grdc), and caesar cipher (caesar, rot13) utilities. I intend to keep fortune, factor, morse, number, primes, and random, since there is evidence that those are still being used. 3. Merging src/games into src/usr.bin. This change will not be MFCed. Reviewed by: jmg Discussed at: EuroBSDCon Approved by: gjb (release-affecting changes) 2015-02-12 05:35:00 +00:00			`games:*:7:13::0:0:Games pseudo-user:/:/usr/sbin/nologin`
Synchronize with reality: nologin(8) is now in /usr/sbin Reminded by: trhodes 2004-03-30 19:19:02 +00:00			`news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin`
			`man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin`
			`sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin`
			`smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin`
			`mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin`
			`bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin`
Build and install the Unbound caching DNS resolver daemon. Approved by: re (blanket) 2013-09-15 14:51:23 +00:00			`unbound:*:59:59::0:0:Unbound DNS Resolver:/var/unbound:/usr/sbin/nologin`
Synchronize with reality: nologin(8) is now in /usr/sbin Reminded by: trhodes 2004-03-30 19:19:02 +00:00			`proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin`
It's /usr/sbin/nologin not /sbin/nologin Found-by: brueffer Pointy-hat-to: mlaier 2004-06-23 09:42:19 +00:00			`_pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin`
Add _dhcp user/group as required by the OpenBSD dhclient. 2005-06-06 20:19:56 +00:00			`_dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin`
UUCP's uucico(8) has not been in the base system for some time now, so reflect this in the default. The uucp uid is a bit funny, and is used by mtree in /var/spool for locks, so we can't remove it without thinking about it a bit harder. 2004-08-01 21:33:47 +00:00			`uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico`
Synchronize with reality: nologin(8) is now in /usr/sbin Reminded by: trhodes 2004-03-30 19:19:02 +00:00			`pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin`
Merge a number of changes required to hook up OpenBSM 1.2-alpha2's auditdistd (distributed audit daemon) to the build: - Manual cross references - Makefile for auditdistd - rc.d script, rc.conf entrie - New group and user for auditdistd; associated aliases, etc. The audit trail distribution daemon provides reliable, cryptographically protected (and sandboxed) delivery of audit tails from live clients to audit server hosts in order to both allow centralised analysis, and improve resilience in the event of client compromises: clients are not permitted to change trail contents after submission. Submitted by: pjd Sponsored by: The FreeBSD Foundation (auditdistd) 2012-12-01 15:11:46 +00:00			`auditdistd:*:78:77::0:0:Auditdistd unprivileged user:/var/empty:/usr/sbin/nologin`
Synchronize with reality: nologin(8) is now in /usr/sbin Reminded by: trhodes 2004-03-30 19:19:02 +00:00			`www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin`
Make it possible to run ntpd as a non-root user, add ntpd uid and gid. Code analysis and runtime analysis using truss(8) indicate that the only privileged operations performed by ntpd are adjusting system time, and (re-)binding to privileged UDP port 123. These changes add a new mac(4) policy module, mac_ntpd(4), which grants just those privileges to any process running with uid 123. This also adds a new user and group, ntpd:ntpd, (uid:gid 123:123), and makes them the owner of the /var/db/ntp directory, so that it can be used as a location where the non-privileged daemon can write files such as the driftfile, and any optional logfile or stats files. Because there are so many ways to configure ntpd, the question of how to configure it to run without root privs can be a bit complex, so that will be addressed in a separate commit. These changes are just what's required to grant the limited subset of privs to ntpd, and the small change to ntpd to prevent it from exiting with an error if running as non-root. Differential Revision: https://reviews.freebsd.org/D16281 2018-07-19 23:55:29 +00:00			`ntpd:*:123:123::0:0:NTP Daemon:/var/db/ntp:/usr/sbin/nologin`
Capitalize "LDAP" in the description field of the _ypldap entry. Reviewed by: bapt MFC after: 5 days Differential Revision: https://reviews.freebsd.org/D5267 2016-05-10 12:47:36 +00:00			`_ypldap:*:160:160::0:0:YP LDAP unprivileged user:/var/empty:/usr/sbin/nologin`
Change hast user home directory to /var/empty. MFC after: 1 week 2011-01-28 22:29:38 +00:00			`hast:*:845:845::0:0:HAST unprivileged user:/var/empty:/usr/sbin/nologin`
Create and use a tests group for the tests user. No user (except nobody) should be a member of the nobody group. Reported by: rgrimes Reviewed by: rgrimes MFC after: 3 days Sponsored by: DARPA Differential Revision: https://reviews.freebsd.org/D24199 2020-03-27 16:05:37 +00:00			`tests:*:977:977::0:0:Unprivileged user for tests:/nonexistent:/usr/sbin/nologin`
Synchronize with reality: nologin(8) is now in /usr/sbin Reminded by: trhodes 2004-03-30 19:19:02 +00:00			`nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin`