Commit Graph

36 Commits

Author SHA1 Message Date
pjd
ac947f4d40 Add 'hast' user and 'hast' group that will be used by hastd (and maybe hastctl)
to drop privileges.

MFC after:	1 week
2011-01-28 22:28:12 +00:00
ceri
1715307402 Create group ftp by default. This is gid 14 as this is the historical
id used by sysinstall when enabling anonymous FTP.

Change the default group used by sysinstall for setting up anonymous FTP
from operator to ftp; there is no reason to use operator and there are
potential security issues when doing so.

PR:		93284
Approved by:	ru (mentor)
Reviewed by:	simon
2007-06-11 18:36:39 +00:00
rwatson
a6de13a9ec Assign gid 77 to audit instead of gid 73. The ports group list did not
include '73', which was assigned in a ports passwd entry to ircservices.

Pointed out by:	ceri
2006-02-05 19:34:09 +00:00
rwatson
da1aa8f5a8 Allocate an 'audit' group, membership in which will grant the audit
review right by virtue of read file permission on /var/audit and its
contents.

Obtained from:	TrustedBSD Project
2006-02-05 18:04:39 +00:00
brooks
c05aa0dd93 Add _dhcp user/group as required by the OpenBSD dhclient. 2005-06-06 20:19:56 +00:00
mlaier
f42f4268ea Add "privsep" user/group _pflogd:_pflogd (64:64) to make pflogd(8) work
again. This user/group is not required for install* targets, hence do not
add them to CHECK_UIDS/CHECK_GIDS in Makefile.inc1 (no need to annoy
people).

Discussed-on:	-current
2004-06-23 01:32:28 +00:00
mlaier
a23e19f250 Add trailing collon
Noticed by:	dwhite
Approved by:	bms(mentor)
2004-03-10 15:04:29 +00:00
mlaier
6be47b725d Link pf to the build and install:
This adds the former ports registered groups: proxy and authpf as well as
the proxy user. Make sure to run mergemaster -p in oder to complete make
installworld without errors.

This also provides the passive OS fingerprints from OpenBSD (pf.os) and an
example pf.conf.

For those who want to go without pf; it provides a NO_PF knob to make.conf.

__FreeBSD_version will be bumped soon to reflect this and to be able to
change ports accordingly.

Approved by:	bms(mentor)
2004-03-08 22:03:29 +00:00
imp
1bf91a17ef xten isn't needed after tw is gone.
Approved by: re@ (scottl)
2003-04-27 05:49:53 +00:00
rwatson
ab086bb517 Remove root from the 'guest' group: missed in a previous pass.
Spotted by:	jhb
2002-10-14 20:55:49 +00:00
rwatson
e503981b22 Remove root from the kmem, sys, tty, and staff groups in the default
configuration.  Root privileges override DAC on local file systems and
therefore root does not generally need to be a member of a group to
access files owned by that group.  In the NFS case, require explicit
authorization for root to have these privileges.

Leave root in operator for dump/restore broadcast reasons; leave root
in wheel until discrepencies in the "no users in wheel means any user
can su" policy are resolved (possibly indefinitely).
2002-10-13 17:00:37 +00:00
rwatson
3f24148d9c For consistency with other entries in group, don't put the daemon or
xten users in their groups explicitly--we pick that up from the gid
field in master.passwd.
2002-10-13 16:26:26 +00:00
des
9ffcd90b2f Add an sshd user and group for the OpenSSH privilege separation code. 2002-06-23 20:41:06 +00:00
gshapiro
4e03d04c96 Add two new accounts/groups for sendmail:
smmsp - sendmail 8.12 operates as a set-group-ID binary (instead of
set-user-ID).  This new user/group will be used for command line
submissions.  UID/GID 25 is suggested in the sendmail documentation and has
been adopted by other operating systems such as OpenBSD and Solaris 9.

mailnull - The default value for DefaultUser is now set to the uid and gid
of the first existing user mailnull, sendmail, or daemon that has a
non-zero uid.  If none of these exist, sendmail reverts back to the old
behavior of using uid 1 and gid 1.  Currently FreeBSD uses daemon for
DefaultUser but I would prefer not to use an account used by other
programs, hence the addition of mailnull.  UID/GID 26 has been chosen for
this user.

This was discussed on -arch on October 18-19, 2001.

MFC after:	1 week
2001-11-17 21:24:45 +00:00
ache
ac4b6328fb Re-commit www:www
If anybody wants to remove them for some reason, please consider "pop"
removing first.

Approved by:	arch discussion from Oct 20
MFC after:	3 days
2001-10-25 03:27:16 +00:00
sheldonh
89037ce3ad Back previous revision out until it has been discussed on -arch and
motivated.  Currently, it is under dispute.
2001-10-18 16:53:20 +00:00
ache
4d4ca06f78 Add www:www (80:80) for upcoming Apache changes 2001-10-17 13:21:53 +00:00
peter
289c0d262f $Id$ -> $FreeBSD$ 1999-08-27 23:37:10 +00:00
dillon
dd3c1b5f96 Added group bind(53), added sandbox users tty(4), kmem(5), and bind(53),
adjustd inetd.conf to run comsat and ntalk from tty sandbox, and
    the (commented out) ident from the kmem sandbox.

    Note that it is necessary to give each group access it's own uid to
    prevent programs running under a single uid from being able to gdb
    or otherwise mess with other programs (with different group perms) running
    under the same uid.
1998-12-01 21:19:49 +00:00
brian
599fa37c05 Add Id keyword 1998-09-13 23:11:13 +00:00
brian
a69830cd9a ppp => network
As discussed on cvs-committers
1997-09-04 00:36:38 +00:00
brian
7e43595bb5 Add group ppp (gid 69) 1997-08-31 20:13:38 +00:00
jkh
1e115b9af5 Add mail group. 1997-05-02 00:06:09 +00:00
phk
34430e67f4 Move "dialer" to gid == 68. 1996-03-12 15:19:31 +00:00
phk
c94797cc8d Move user & group "xten" from [ug]id == 100 to 67.
This is less likely to collide with site policies.
1996-03-12 15:17:29 +00:00
phk
78667a4c7d Remove ingres user. 1996-03-12 15:11:47 +00:00
rgrimes
6a59740b8a nogroup 32766 -> 65533 to go with nobody's change to 65534. 1995-05-17 10:02:07 +00:00
ache
e8fd58285e change nobody master.passwd entry to 65534:65534
change nobody group entry to 65534
Suggested-by: pst
1995-05-15 19:24:57 +00:00
jkh
b260bebb69 Add xten user/group.
Submitted by:	Gene Stark <gene@starkhome.cs.sunysb.edu>
1995-04-18 02:03:59 +00:00
ache
c0b00d4db6 Intruduce new group for uucp, gid 66 1994-05-31 04:36:30 +00:00
jkh
f6c181c14e As per Rod's wishes, man uses uid/gid 9 now. 1994-03-19 23:31:39 +00:00
jkh
4d53f6a9e2 Remove man group - no longer necessary (that was quick! :). I'll let Rod
pick the uid for the `man' user, since he staked a claim on that, but he'd
better not forget or the make install will break badly! :)
1994-03-19 22:45:04 +00:00
jkh
a8c86507fa Added a man group ID. 1994-03-18 11:45:49 +00:00
rgrimes
d9de9c1745 >From: Andreas Schulz <ats@g386bsd.first.gmd.de>
Subject: failure in /usr/src/etc/group

The /usr/src/etc/group file is missing a colon in the line
"dialer:*:117" at the end.
1994-02-25 14:11:16 +00:00
rgrimes
1aecf4c182 Removed bill and lynne from group file, this was a security hole in the
0.1 distribution, as they had accounts in the password file with out passwords,
and were in group wheel!
1993-07-19 18:56:42 +00:00
rgrimes
241ccdeaf3 Initial import of 386BSD 0.1 othersrc/etc 1993-06-20 13:41:45 +00:00