Remove root from the kmem, sys, tty, and staff groups in the default

configuration. Root privileges override DAC on local file systems and therefore root does not generally need to be a member of a group to access files owned by that group. In the NFS case, require explicit authorization for root to have these privileges. Leave root in operator for dump/restore broadcast reasons; leave root in wheel until discrepencies in the "no users in wheel means any user can su" policy are resolved (possibly indefinitely).
2002-10-13 17:00:37 +00:00 · 2002-10-13 17:00:37 +00:00 · e503981b22
commit e503981b22
parent 274818ff2c
1 changed files with 4 additions and 4 deletions
--- a/etc/group
+++ b/etc/group
@ -2,16 +2,16 @@
 #
 wheel:*:0:root
 daemon:*:1:
-kmem:*:2:root
-sys:*:3:root
-tty:*:4:root
+kmem:*:2:
+sys:*:3:
+tty:*:4:
 operator:*:5:root
 mail:*:6:
 bin:*:7:
 news:*:8:
 man:*:9:
 games:*:13:
-staff:*:20:root
+staff:*:20:
 sshd:*:22:
 smmsp:*:25:
 mailnull:*:26: