Commit Graph

45 Commits

Author SHA1 Message Date
rpaulo
33f3e6ab56 MFC 256365
Remove most of the ATF tools and the _atf user.

Approved by:	re
2013-10-12 06:08:18 +00:00
des
ea05e625ec Build and install the Unbound caching DNS resolver daemon.
Approved by:	re (blanket)
2013-09-15 14:51:23 +00:00
rwatson
991e942bf2 Merge a number of changes required to hook up OpenBSM 1.2-alpha2's
auditdistd (distributed audit daemon) to the build:

- Manual cross references
- Makefile for auditdistd
- rc.d script, rc.conf entrie
- New group and user for auditdistd; associated aliases, etc.

The audit trail distribution daemon provides reliable,
cryptographically protected (and sandboxed) delivery of audit tails
from live clients to audit server hosts in order to both allow
centralised analysis, and improve resilience in the event of client
compromises: clients are not permitted to change trail contents
after submission.

Submitted by:	pjd
Sponsored by:	The FreeBSD Foundation (auditdistd)
2012-12-01 15:11:46 +00:00
marcel
8412efbea8 Add ATF to the build. This is may be a bit rought around the egdes,
but committing it helps to get everyone on the same page and makes
sure we make progress.

Tinderbox breakages that are the result of this commit are entirely
the committer's fault -- in other words: buildworld testing on amd64
only.

Credits follow:

Submitted by:	Garrett Cooper <yanegomi@gmail.com>
Sponsored by:	Isilon Systems
Based on work by:	keramida@
Thanks to:	gnn@, mdf@, mlaier@, sjg@
Special thanks to:	keramida@
2012-10-22 01:18:41 +00:00
pjd
b285997797 Change hast user home directory to /var/empty.
MFC after:	1 week
2011-01-28 22:29:38 +00:00
pjd
ac947f4d40 Add 'hast' user and 'hast' group that will be used by hastd (and maybe hastctl)
to drop privileges.

MFC after:	1 week
2011-01-28 22:28:12 +00:00
brooks
c05aa0dd93 Add _dhcp user/group as required by the OpenBSD dhclient. 2005-06-06 20:19:56 +00:00
markm
b6d85a7112 UUCP's uucico(8) has not been in the base system for some time now,
so reflect this in the default. The uucp uid is a bit funny, and
is used by mtree in /var/spool for locks, so we can't remove it
without thinking about it a bit harder.
2004-08-01 21:33:47 +00:00
mlaier
01e37606dd It's /usr/sbin/nologin not /sbin/nologin
Found-by:	brueffer
Pointy-hat-to:	mlaier
2004-06-23 09:42:19 +00:00
mlaier
f42f4268ea Add "privsep" user/group _pflogd:_pflogd (64:64) to make pflogd(8) work
again. This user/group is not required for install* targets, hence do not
add them to CHECK_UIDS/CHECK_GIDS in Makefile.inc1 (no need to annoy
people).

Discussed-on:	-current
2004-06-23 01:32:28 +00:00
cperciva
32f32cef56 Synchronize with reality: nologin(8) is now in /usr/sbin
Reminded by:	trhodes
2004-03-30 19:19:02 +00:00
mlaier
6be47b725d Link pf to the build and install:
This adds the former ports registered groups: proxy and authpf as well as
the proxy user. Make sure to run mergemaster -p in oder to complete make
installworld without errors.

This also provides the passive OS fingerprints from OpenBSD (pf.os) and an
example pf.conf.

For those who want to go without pf; it provides a NO_PF knob to make.conf.

__FreeBSD_version will be bumped soon to reflect this and to be able to
change ports accordingly.

Approved by:	bms(mentor)
2004-03-08 22:03:29 +00:00
imp
ce6ed33017 xten user no longer needed. 2003-04-27 05:45:29 +00:00
des
049fabb373 Previous commit was just a tad too hasty, the sshd peudo-user's home
directory should be /var/empty.
2002-06-23 20:46:44 +00:00
des
9ffcd90b2f Add an sshd user and group for the OpenSSH privilege separation code. 2002-06-23 20:41:06 +00:00
ru
546c385a00 Tidy up gecos field for `bin'. 2002-01-29 14:00:03 +00:00
gshapiro
4e03d04c96 Add two new accounts/groups for sendmail:
smmsp - sendmail 8.12 operates as a set-group-ID binary (instead of
set-user-ID).  This new user/group will be used for command line
submissions.  UID/GID 25 is suggested in the sendmail documentation and has
been adopted by other operating systems such as OpenBSD and Solaris 9.

mailnull - The default value for DefaultUser is now set to the uid and gid
of the first existing user mailnull, sendmail, or daemon that has a
non-zero uid.  If none of these exist, sendmail reverts back to the old
behavior of using uid 1 and gid 1.  Currently FreeBSD uses daemon for
DefaultUser but I would prefer not to use an account used by other
programs, hence the addition of mailnull.  UID/GID 26 has been chosen for
this user.

This was discussed on -arch on October 18-19, 2001.

MFC after:	1 week
2001-11-17 21:24:45 +00:00
ache
ac4b6328fb Re-commit www:www
If anybody wants to remove them for some reason, please consider "pop"
removing first.

Approved by:	arch discussion from Oct 20
MFC after:	3 days
2001-10-25 03:27:16 +00:00
sheldonh
b2d6dbbcf9 Back previous revision out until it has been discussed on -arch and
motivated.  Currently, it is under dispute.
2001-10-18 16:41:58 +00:00
ache
4d4ca06f78 Add www:www (80:80) for upcoming Apache changes 2001-10-17 13:21:53 +00:00
peter
e3c81c54e1 Add/adjust some $FreeBSD$ tags.
Noted by:	Doug <Doug@gorean.org>
1999-09-13 17:09:08 +00:00
ache
81b412bec5 Use /sbin/nologin as shell for operator
Replace non-existent directory for operator with /
Supply by default operator with non-existent but can be created directory
and /bin/csh is kinda security risk
1998-12-02 15:17:10 +00:00
dillon
dd3c1b5f96 Added group bind(53), added sandbox users tty(4), kmem(5), and bind(53),
adjustd inetd.conf to run comsat and ntalk from tty sandbox, and
    the (commented out) ident from the kmem sandbox.

    Note that it is necessary to give each group access it's own uid to
    prevent programs running under a single uid from being able to gdb
    or otherwise mess with other programs (with different group perms) running
    under the same uid.
1998-12-01 21:19:49 +00:00
jkh
9b0682308d Put operator in its own group rather than "staff".
Submitted by:	"Yarema" <yds@ingress.com>
1998-05-31 15:47:52 +00:00
steve
2a35d9a031 Change shell from /nonexistent to /sbin/nologin.
PR:		6739
Submitted by:	Are Bryne <are.bryne@communique.no>
1998-05-25 03:19:37 +00:00
ache
e69d3597cb Back out moving nobody to daemon class, the problem fixed in another place:
inetd
1997-10-27 22:07:03 +00:00
ache
c722599af5 Move nobody to daemon class, otherwise it is impossible to start fingerd
while Apache is running, it effectively eats all default class limits for
nobody
1997-10-27 16:59:07 +00:00
ache
7418acc481 Add pop 1997-10-08 08:45:35 +00:00
ache
c1757b861b Move daemon from group 31 to group 1
One of the reasons: rwhod not work, because it got
1,31 instead of 1,1 on setuid(1) and require group 1 for directory access
1996-09-01 23:13:16 +00:00
pst
9396eb95c9 Set shells to nonexistent where appropriate 1996-07-11 21:23:22 +00:00
phk
c94797cc8d Move user & group "xten" from [ug]id == 100 to 67.
This is less likely to collide with site policies.
1996-03-12 15:17:29 +00:00
phk
78667a4c7d Remove ingres user. 1996-03-12 15:11:47 +00:00
ache
e8fd58285e change nobody master.passwd entry to 65534:65534
change nobody group entry to 65534
Suggested-by: pst
1995-05-15 19:24:57 +00:00
ache
c0e4693116 Change xten shell from /dev/null to /nonexistant, adduser
complaints instead.
Change nobody user group from non existent in /etc/group (9999) to
existent nobody (39).
1995-05-15 18:35:22 +00:00
jkh
b260bebb69 Add xten user/group.
Submitted by:	Gene Stark <gene@starkhome.cs.sunysb.edu>
1995-04-18 02:03:59 +00:00
dg
ad43fa83a6 Killed Mr. "Falcon". May he rest in peace. 1995-03-30 05:46:17 +00:00
ache
e3f8199c2f Add 'news' user, present in group, but missed in master.passwd 1995-01-03 21:02:01 +00:00
ache
c0b00d4db6 Intruduce new group for uucp, gid 66 1994-05-31 04:36:30 +00:00
wollman
9778c9811c /dev/null was not a very good choice of shell for login-disabled users.
Used the canonical non-existent file (/nonexistent) instead  This should
probably be documented somewhere, but it's unclear where the right
place is (passwd(5)? login(8)? hier(7)?  all three?).
1994-04-11 19:18:05 +00:00
jkh
f6c181c14e As per Rod's wishes, man uses uid/gid 9 now. 1994-03-19 23:31:39 +00:00
rgrimes
d3726af9cc A real good idea...
>From: "Chris G. Demetriou" <cgd@sun-lamp.cs.berkeley.edu>

Update of /b/source/CVS/src/etc
In directory sun-lamp.cs.berkeley.edu:/usr/src/etc

Modified Files:
        master.passwd
Log Message:
disable toor by default
1994-02-09 01:57:37 +00:00
wollman
1704269efa Remove more references to the U word. 1994-02-04 02:23:06 +00:00
rgrimes
88c5858767 Wrong path for uucp login, was /usr/lib instead of /usr/libexec. Fixed 1993-08-13 23:07:31 +00:00
rgrimes
64d6bf0568 Removed extranious names from master.passwd file, changed root and toor to
be in group 0 (was group 10).  Changed operator to be in group 20, was 28.
1993-07-19 18:52:51 +00:00
rgrimes
241ccdeaf3 Initial import of 386BSD 0.1 othersrc/etc 1993-06-20 13:41:45 +00:00