Commit Graph

35 Commits

Author SHA1 Message Date
Ceri Davies
3213dc8412 Create group ftp by default. This is gid 14 as this is the historical
id used by sysinstall when enabling anonymous FTP.

Change the default group used by sysinstall for setting up anonymous FTP
from operator to ftp; there is no reason to use operator and there are
potential security issues when doing so.

PR:		93284
Approved by:	ru (mentor)
Reviewed by:	simon
2007-06-11 18:36:39 +00:00
Robert Watson
cd573a850c Assign gid 77 to audit instead of gid 73. The ports group list did not
include '73', which was assigned in a ports passwd entry to ircservices.

Pointed out by:	ceri
2006-02-05 19:34:09 +00:00
Robert Watson
bbcf7c3697 Allocate an 'audit' group, membership in which will grant the audit
review right by virtue of read file permission on /var/audit and its
contents.

Obtained from:	TrustedBSD Project
2006-02-05 18:04:39 +00:00
Brooks Davis
7217408a65 Add _dhcp user/group as required by the OpenBSD dhclient. 2005-06-06 20:19:56 +00:00
Max Laier
8ee2ac9ef3 Add "privsep" user/group _pflogd:_pflogd (64:64) to make pflogd(8) work
again. This user/group is not required for install* targets, hence do not
add them to CHECK_UIDS/CHECK_GIDS in Makefile.inc1 (no need to annoy
people).

Discussed-on:	-current
2004-06-23 01:32:28 +00:00
Max Laier
be3e0526c2 Add trailing collon
Noticed by:	dwhite
Approved by:	bms(mentor)
2004-03-10 15:04:29 +00:00
Max Laier
8d69c48be5 Link pf to the build and install:
This adds the former ports registered groups: proxy and authpf as well as
the proxy user. Make sure to run mergemaster -p in oder to complete make
installworld without errors.

This also provides the passive OS fingerprints from OpenBSD (pf.os) and an
example pf.conf.

For those who want to go without pf; it provides a NO_PF knob to make.conf.

__FreeBSD_version will be bumped soon to reflect this and to be able to
change ports accordingly.

Approved by:	bms(mentor)
2004-03-08 22:03:29 +00:00
Warner Losh
e50dfdc9ab xten isn't needed after tw is gone.
Approved by: re@ (scottl)
2003-04-27 05:49:53 +00:00
Robert Watson
190a0059cf Remove root from the 'guest' group: missed in a previous pass.
Spotted by:	jhb
2002-10-14 20:55:49 +00:00
Robert Watson
975819b705 Remove root from the kmem, sys, tty, and staff groups in the default
configuration.  Root privileges override DAC on local file systems and
therefore root does not generally need to be a member of a group to
access files owned by that group.  In the NFS case, require explicit
authorization for root to have these privileges.

Leave root in operator for dump/restore broadcast reasons; leave root
in wheel until discrepencies in the "no users in wheel means any user
can su" policy are resolved (possibly indefinitely).
2002-10-13 17:00:37 +00:00
Robert Watson
7b2c73b73d For consistency with other entries in group, don't put the daemon or
xten users in their groups explicitly--we pick that up from the gid
field in master.passwd.
2002-10-13 16:26:26 +00:00
Dag-Erling Smørgrav
04b681a999 Add an sshd user and group for the OpenSSH privilege separation code. 2002-06-23 20:41:06 +00:00
Gregory Neil Shapiro
ca8b9ed373 Add two new accounts/groups for sendmail:
smmsp - sendmail 8.12 operates as a set-group-ID binary (instead of
set-user-ID).  This new user/group will be used for command line
submissions.  UID/GID 25 is suggested in the sendmail documentation and has
been adopted by other operating systems such as OpenBSD and Solaris 9.

mailnull - The default value for DefaultUser is now set to the uid and gid
of the first existing user mailnull, sendmail, or daemon that has a
non-zero uid.  If none of these exist, sendmail reverts back to the old
behavior of using uid 1 and gid 1.  Currently FreeBSD uses daemon for
DefaultUser but I would prefer not to use an account used by other
programs, hence the addition of mailnull.  UID/GID 26 has been chosen for
this user.

This was discussed on -arch on October 18-19, 2001.

MFC after:	1 week
2001-11-17 21:24:45 +00:00
Andrey A. Chernov
92277380c8 Re-commit www:www
If anybody wants to remove them for some reason, please consider "pop"
removing first.

Approved by:	arch discussion from Oct 20
MFC after:	3 days
2001-10-25 03:27:16 +00:00
Sheldon Hearn
19aa5cdc3d Back previous revision out until it has been discussed on -arch and
motivated.  Currently, it is under dispute.
2001-10-18 16:53:20 +00:00
Andrey A. Chernov
913b0e4e95 Add www:www (80:80) for upcoming Apache changes 2001-10-17 13:21:53 +00:00
Peter Wemm
9b7a44a60e $Id$ -> $FreeBSD$ 1999-08-27 23:37:10 +00:00
Matthew Dillon
ac48aa416a Added group bind(53), added sandbox users tty(4), kmem(5), and bind(53),
adjustd inetd.conf to run comsat and ntalk from tty sandbox, and
    the (commented out) ident from the kmem sandbox.

    Note that it is necessary to give each group access it's own uid to
    prevent programs running under a single uid from being able to gdb
    or otherwise mess with other programs (with different group perms) running
    under the same uid.
1998-12-01 21:19:49 +00:00
Brian Somers
965066d630 Add Id keyword 1998-09-13 23:11:13 +00:00
Brian Somers
8a13ec3a33 ppp => network
As discussed on cvs-committers
1997-09-04 00:36:38 +00:00
Brian Somers
a393e39cdf Add group ppp (gid 69) 1997-08-31 20:13:38 +00:00
Jordan K. Hubbard
1ac310ddf7 Add mail group. 1997-05-02 00:06:09 +00:00
Poul-Henning Kamp
887d19ddb2 Move "dialer" to gid == 68. 1996-03-12 15:19:31 +00:00
Poul-Henning Kamp
43e028e062 Move user & group "xten" from [ug]id == 100 to 67.
This is less likely to collide with site policies.
1996-03-12 15:17:29 +00:00
Poul-Henning Kamp
41bdbea720 Remove ingres user. 1996-03-12 15:11:47 +00:00
Rodney W. Grimes
843f16dc76 nogroup 32766 -> 65533 to go with nobody's change to 65534. 1995-05-17 10:02:07 +00:00
Andrey A. Chernov
efc05b2bdd change nobody master.passwd entry to 65534:65534
change nobody group entry to 65534
Suggested-by: pst
1995-05-15 19:24:57 +00:00
Jordan K. Hubbard
29fb81664f Add xten user/group.
Submitted by:	Gene Stark <gene@starkhome.cs.sunysb.edu>
1995-04-18 02:03:59 +00:00
Andrey A. Chernov
62936ec704 Intruduce new group for uucp, gid 66 1994-05-31 04:36:30 +00:00
Jordan K. Hubbard
553a59314c As per Rod's wishes, man uses uid/gid 9 now. 1994-03-19 23:31:39 +00:00
Jordan K. Hubbard
5dfaa17305 Remove man group - no longer necessary (that was quick! :). I'll let Rod
pick the uid for the `man' user, since he staked a claim on that, but he'd
better not forget or the make install will break badly! :)
1994-03-19 22:45:04 +00:00
Jordan K. Hubbard
8f74b71719 Added a man group ID. 1994-03-18 11:45:49 +00:00
Rodney W. Grimes
0a0018c5ce >From: Andreas Schulz <ats@g386bsd.first.gmd.de>
Subject: failure in /usr/src/etc/group

The /usr/src/etc/group file is missing a colon in the line
"dialer:*:117" at the end.
1994-02-25 14:11:16 +00:00
Rodney W. Grimes
5db8869fd9 Removed bill and lynne from group file, this was a security hole in the
0.1 distribution, as they had accounts in the password file with out passwords,
and were in group wheel!
1993-07-19 18:56:42 +00:00
Rodney W. Grimes
1bf9d5d951 Initial import of 386BSD 0.1 othersrc/etc 1993-06-20 13:41:45 +00:00