Commit Graph

37 Commits

Author SHA1 Message Date
Max Laier
ae194ff619 It's /usr/sbin/nologin not /sbin/nologin
Found-by:	brueffer
Pointy-hat-to:	mlaier
2004-06-23 09:42:19 +00:00
Max Laier
8ee2ac9ef3 Add "privsep" user/group _pflogd:_pflogd (64:64) to make pflogd(8) work
again. This user/group is not required for install* targets, hence do not
add them to CHECK_UIDS/CHECK_GIDS in Makefile.inc1 (no need to annoy
people).

Discussed-on:	-current
2004-06-23 01:32:28 +00:00
Colin Percival
06dd89cd02 Synchronize with reality: nologin(8) is now in /usr/sbin
Reminded by:	trhodes
2004-03-30 19:19:02 +00:00
Max Laier
8d69c48be5 Link pf to the build and install:
This adds the former ports registered groups: proxy and authpf as well as
the proxy user. Make sure to run mergemaster -p in oder to complete make
installworld without errors.

This also provides the passive OS fingerprints from OpenBSD (pf.os) and an
example pf.conf.

For those who want to go without pf; it provides a NO_PF knob to make.conf.

__FreeBSD_version will be bumped soon to reflect this and to be able to
change ports accordingly.

Approved by:	bms(mentor)
2004-03-08 22:03:29 +00:00
Warner Losh
9fe74c43d0 xten user no longer needed. 2003-04-27 05:45:29 +00:00
Dag-Erling Smørgrav
677fccffa4 Previous commit was just a tad too hasty, the sshd peudo-user's home
directory should be /var/empty.
2002-06-23 20:46:44 +00:00
Dag-Erling Smørgrav
04b681a999 Add an sshd user and group for the OpenSSH privilege separation code. 2002-06-23 20:41:06 +00:00
Ruslan Ermilov
ec5e499155 Tidy up gecos field for `bin'. 2002-01-29 14:00:03 +00:00
Gregory Neil Shapiro
ca8b9ed373 Add two new accounts/groups for sendmail:
smmsp - sendmail 8.12 operates as a set-group-ID binary (instead of
set-user-ID).  This new user/group will be used for command line
submissions.  UID/GID 25 is suggested in the sendmail documentation and has
been adopted by other operating systems such as OpenBSD and Solaris 9.

mailnull - The default value for DefaultUser is now set to the uid and gid
of the first existing user mailnull, sendmail, or daemon that has a
non-zero uid.  If none of these exist, sendmail reverts back to the old
behavior of using uid 1 and gid 1.  Currently FreeBSD uses daemon for
DefaultUser but I would prefer not to use an account used by other
programs, hence the addition of mailnull.  UID/GID 26 has been chosen for
this user.

This was discussed on -arch on October 18-19, 2001.

MFC after:	1 week
2001-11-17 21:24:45 +00:00
Andrey A. Chernov
92277380c8 Re-commit www:www
If anybody wants to remove them for some reason, please consider "pop"
removing first.

Approved by:	arch discussion from Oct 20
MFC after:	3 days
2001-10-25 03:27:16 +00:00
Sheldon Hearn
99225c5d10 Back previous revision out until it has been discussed on -arch and
motivated.  Currently, it is under dispute.
2001-10-18 16:41:58 +00:00
Andrey A. Chernov
913b0e4e95 Add www:www (80:80) for upcoming Apache changes 2001-10-17 13:21:53 +00:00
Peter Wemm
6cabfb3832 Add/adjust some $FreeBSD$ tags.
Noted by:	Doug <Doug@gorean.org>
1999-09-13 17:09:08 +00:00
Andrey A. Chernov
559fcf9493 Use /sbin/nologin as shell for operator
Replace non-existent directory for operator with /
Supply by default operator with non-existent but can be created directory
and /bin/csh is kinda security risk
1998-12-02 15:17:10 +00:00
Matthew Dillon
ac48aa416a Added group bind(53), added sandbox users tty(4), kmem(5), and bind(53),
adjustd inetd.conf to run comsat and ntalk from tty sandbox, and
    the (commented out) ident from the kmem sandbox.

    Note that it is necessary to give each group access it's own uid to
    prevent programs running under a single uid from being able to gdb
    or otherwise mess with other programs (with different group perms) running
    under the same uid.
1998-12-01 21:19:49 +00:00
Jordan K. Hubbard
8936bcc46f Put operator in its own group rather than "staff".
Submitted by:	"Yarema" <yds@ingress.com>
1998-05-31 15:47:52 +00:00
Steve Price
6886183334 Change shell from /nonexistent to /sbin/nologin.
PR:		6739
Submitted by:	Are Bryne <are.bryne@communique.no>
1998-05-25 03:19:37 +00:00
Andrey A. Chernov
87b7ee4066 Back out moving nobody to daemon class, the problem fixed in another place:
inetd
1997-10-27 22:07:03 +00:00
Andrey A. Chernov
a7572a0143 Move nobody to daemon class, otherwise it is impossible to start fingerd
while Apache is running, it effectively eats all default class limits for
nobody
1997-10-27 16:59:07 +00:00
Andrey A. Chernov
a3b41bed2e Add pop 1997-10-08 08:45:35 +00:00
Andrey A. Chernov
192f27c84c Move daemon from group 31 to group 1
One of the reasons: rwhod not work, because it got
1,31 instead of 1,1 on setuid(1) and require group 1 for directory access
1996-09-01 23:13:16 +00:00
Paul Traina
46720cfc9e Set shells to nonexistent where appropriate 1996-07-11 21:23:22 +00:00
Poul-Henning Kamp
43e028e062 Move user & group "xten" from [ug]id == 100 to 67.
This is less likely to collide with site policies.
1996-03-12 15:17:29 +00:00
Poul-Henning Kamp
41bdbea720 Remove ingres user. 1996-03-12 15:11:47 +00:00
Andrey A. Chernov
efc05b2bdd change nobody master.passwd entry to 65534:65534
change nobody group entry to 65534
Suggested-by: pst
1995-05-15 19:24:57 +00:00
Andrey A. Chernov
e95be7ca34 Change xten shell from /dev/null to /nonexistant, adduser
complaints instead.
Change nobody user group from non existent in /etc/group (9999) to
existent nobody (39).
1995-05-15 18:35:22 +00:00
Jordan K. Hubbard
29fb81664f Add xten user/group.
Submitted by:	Gene Stark <gene@starkhome.cs.sunysb.edu>
1995-04-18 02:03:59 +00:00
David Greenman
97338af32f Killed Mr. "Falcon". May he rest in peace. 1995-03-30 05:46:17 +00:00
Andrey A. Chernov
de2b08724b Add 'news' user, present in group, but missed in master.passwd 1995-01-03 21:02:01 +00:00
Andrey A. Chernov
62936ec704 Intruduce new group for uucp, gid 66 1994-05-31 04:36:30 +00:00
Garrett Wollman
4439fb7423 /dev/null was not a very good choice of shell for login-disabled users.
Used the canonical non-existent file (/nonexistent) instead  This should
probably be documented somewhere, but it's unclear where the right
place is (passwd(5)? login(8)? hier(7)?  all three?).
1994-04-11 19:18:05 +00:00
Jordan K. Hubbard
553a59314c As per Rod's wishes, man uses uid/gid 9 now. 1994-03-19 23:31:39 +00:00
Rodney W. Grimes
9f808f21bf A real good idea...
>From: "Chris G. Demetriou" <cgd@sun-lamp.cs.berkeley.edu>

Update of /b/source/CVS/src/etc
In directory sun-lamp.cs.berkeley.edu:/usr/src/etc

Modified Files:
        master.passwd
Log Message:
disable toor by default
1994-02-09 01:57:37 +00:00
Garrett Wollman
0a1592b27a Remove more references to the U word. 1994-02-04 02:23:06 +00:00
Rodney W. Grimes
21ee46c794 Wrong path for uucp login, was /usr/lib instead of /usr/libexec. Fixed 1993-08-13 23:07:31 +00:00
Rodney W. Grimes
9319cacfd5 Removed extranious names from master.passwd file, changed root and toor to
be in group 0 (was group 10).  Changed operator to be in group 20, was 28.
1993-07-19 18:52:51 +00:00
Rodney W. Grimes
1bf9d5d951 Initial import of 386BSD 0.1 othersrc/etc 1993-06-20 13:41:45 +00:00