aboutsummaryrefslogtreecommitdiff
path: root/etc/group
Commit message (Collapse)AuthorAgeFilesLines
* Make it possible to run ntpd as a non-root user, add ntpd uid and gid.Ian Lepore2018-07-191-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | Code analysis and runtime analysis using truss(8) indicate that the only privileged operations performed by ntpd are adjusting system time, and (re-)binding to privileged UDP port 123. These changes add a new mac(4) policy module, mac_ntpd(4), which grants just those privileges to any process running with uid 123. This also adds a new user and group, ntpd:ntpd, (uid:gid 123:123), and makes them the owner of the /var/db/ntp directory, so that it can be used as a location where the non-privileged daemon can write files such as the driftfile, and any optional logfile or stats files. Because there are so many ways to configure ntpd, the question of how to configure it to run without root privs can be a bit complex, so that will be addressed in a separate commit. These changes are just what's required to grant the limited subset of privs to ntpd, and the small change to ntpd to prevent it from exiting with an error if running as non-root. Differential Revision: https://reviews.freebsd.org/D16281 Notes: svn path=/head/; revision=336525
* Fix regression introduced on r293801.Marcelo Araujo2016-01-271-0/+1
| | | | | | | | | | | | The UID/GID 93 is in using by jaber on PORTS, we will use UID/GID 160 for ypldap(8). Reported by: antoine Approved by: bapt (mentor) Differential Revision: https://reviews.freebsd.org/D5062 Notes: svn path=/head/; revision=294896
* Add a new group named 'video' with the id of 44. And make drm createKoop Mast2015-08-091-0/+1
| | | | | | | | | | | | | | devices in /dev/dri/ with this new group. This will allow ports and users to more easily access to these devices for OpenGL and OpenCL support. Reviewed by: dumbbell@ Approved by: dumbbell@ Differential Revision: https://reviews.freebsd.org/D1260 Notes: svn path=/head/; revision=286524
* Remove most of the ATF tools and the _atf user.Rui Paulo2013-10-121-1/+0
| | | | | | | | | | | This is necessary because ATF is deprecated and it will be replaced by Kyua. Submitted by: jmmv@netbsd.org Reviewed by: Garrett Cooper Approved by: re Notes: svn path=/head/; revision=256365
* Build and install the Unbound caching DNS resolver daemon.Dag-Erling Smørgrav2013-09-151-0/+1
| | | | | | | Approved by: re (blanket) Notes: svn path=/head/; revision=255597
* Add ATF to the build. This is may be a bit rought around the egdes,Marcel Moolenaar2012-10-221-0/+1
| | | | | | | | | | | | | | | | | | | | but committing it helps to get everyone on the same page and makes sure we make progress. Tinderbox breakages that are the result of this commit are entirely the committer's fault -- in other words: buildworld testing on amd64 only. Credits follow: Submitted by: Garrett Cooper <yanegomi@gmail.com> Sponsored by: Isilon Systems Based on work by: keramida@ Thanks to: gnn@, mdf@, mlaier@, sjg@ Special thanks to: keramida@ Notes: svn path=/head/; revision=241823
* Add 'hast' user and 'hast' group that will be used by hastd (and maybe hastctl)Pawel Jakub Dawidek2011-01-281-0/+1
| | | | | | | | | to drop privileges. MFC after: 1 week Notes: svn path=/head/; revision=218046
* Create group ftp by default. This is gid 14 as this is the historicalCeri Davies2007-06-111-0/+1
| | | | | | | | | | | | | | | id used by sysinstall when enabling anonymous FTP. Change the default group used by sysinstall for setting up anonymous FTP from operator to ftp; there is no reason to use operator and there are potential security issues when doing so. PR: 93284 Approved by: ru (mentor) Reviewed by: simon Notes: svn path=/head/; revision=170566
* Assign gid 77 to audit instead of gid 73. The ports group list did notRobert Watson2006-02-051-1/+1
| | | | | | | | | include '73', which was assigned in a ports passwd entry to ircservices. Pointed out by: ceri Notes: svn path=/head/; revision=155350
* Allocate an 'audit' group, membership in which will grant the auditRobert Watson2006-02-051-0/+1
| | | | | | | | | | review right by virtue of read file permission on /var/audit and its contents. Obtained from: TrustedBSD Project Notes: svn path=/head/; revision=155343
* Add _dhcp user/group as required by the OpenBSD dhclient.Brooks Davis2005-06-061-0/+1
| | | | Notes: svn path=/head/; revision=147062
* Add "privsep" user/group _pflogd:_pflogd (64:64) to make pflogd(8) workMax Laier2004-06-231-0/+1
| | | | | | | | | | | again. This user/group is not required for install* targets, hence do not add them to CHECK_UIDS/CHECK_GIDS in Makefile.inc1 (no need to annoy people). Discussed-on: -current Notes: svn path=/head/; revision=130953
* Add trailing collonMax Laier2004-03-101-2/+2
| | | | | | | | Noticed by: dwhite Approved by: bms(mentor) Notes: svn path=/head/; revision=126810
* Link pf to the build and install:Max Laier2004-03-081-0/+2
| | | | | | | | | | | | | | | | | | | This adds the former ports registered groups: proxy and authpf as well as the proxy user. Make sure to run mergemaster -p in oder to complete make installworld without errors. This also provides the passive OS fingerprints from OpenBSD (pf.os) and an example pf.conf. For those who want to go without pf; it provides a NO_PF knob to make.conf. __FreeBSD_version will be bumped soon to reflect this and to be able to change ports accordingly. Approved by: bms(mentor) Notes: svn path=/head/; revision=126756
* xten isn't needed after tw is gone.Warner Losh2003-04-271-1/+0
| | | | | | | Approved by: re@ (scottl) Notes: svn path=/head/; revision=114115
* Remove root from the 'guest' group: missed in a previous pass.Robert Watson2002-10-141-1/+1
| | | | | | | Spotted by: jhb Notes: svn path=/head/; revision=105131
* Remove root from the kmem, sys, tty, and staff groups in the defaultRobert Watson2002-10-131-4/+4
| | | | | | | | | | | | | | configuration. Root privileges override DAC on local file systems and therefore root does not generally need to be a member of a group to access files owned by that group. In the NFS case, require explicit authorization for root to have these privileges. Leave root in operator for dump/restore broadcast reasons; leave root in wheel until discrepencies in the "no users in wheel means any user can su" policy are resolved (possibly indefinitely). Notes: svn path=/head/; revision=105055
* For consistency with other entries in group, don't put the daemon orRobert Watson2002-10-131-2/+2
| | | | | | | | xten users in their groups explicitly--we pick that up from the gid field in master.passwd. Notes: svn path=/head/; revision=105053
* Add an sshd user and group for the OpenSSH privilege separation code.Dag-Erling Smørgrav2002-06-231-0/+1
| | | | Notes: svn path=/head/; revision=98696
* Add two new accounts/groups for sendmail:Gregory Neil Shapiro2001-11-171-0/+2
| | | | | | | | | | | | | | | | | | | | | | smmsp - sendmail 8.12 operates as a set-group-ID binary (instead of set-user-ID). This new user/group will be used for command line submissions. UID/GID 25 is suggested in the sendmail documentation and has been adopted by other operating systems such as OpenBSD and Solaris 9. mailnull - The default value for DefaultUser is now set to the uid and gid of the first existing user mailnull, sendmail, or daemon that has a non-zero uid. If none of these exist, sendmail reverts back to the old behavior of using uid 1 and gid 1. Currently FreeBSD uses daemon for DefaultUser but I would prefer not to use an account used by other programs, hence the addition of mailnull. UID/GID 26 has been chosen for this user. This was discussed on -arch on October 18-19, 2001. MFC after: 1 week Notes: svn path=/head/; revision=86510
* Re-commit www:wwwAndrey A. Chernov2001-10-251-0/+1
| | | | | | | | | | | If anybody wants to remove them for some reason, please consider "pop" removing first. Approved by: arch discussion from Oct 20 MFC after: 3 days Notes: svn path=/head/; revision=85455
* Back previous revision out until it has been discussed on -arch andSheldon Hearn2001-10-181-1/+0
| | | | | | | motivated. Currently, it is under dispute. Notes: svn path=/head/; revision=85111
* Add www:www (80:80) for upcoming Apache changesAndrey A. Chernov2001-10-171-0/+1
| | | | Notes: svn path=/head/; revision=85056
* $Id$ -> $FreeBSD$Peter Wemm1999-08-271-1/+1
| | | | Notes: svn path=/head/; revision=50472
* Added group bind(53), added sandbox users tty(4), kmem(5), and bind(53),Matthew Dillon1998-12-011-1/+2
| | | | | | | | | | | | | adjustd inetd.conf to run comsat and ntalk from tty sandbox, and the (commented out) ident from the kmem sandbox. Note that it is necessary to give each group access it's own uid to prevent programs running under a single uid from being able to gdb or otherwise mess with other programs (with different group perms) running under the same uid. Notes: svn path=/head/; revision=41441
* Add Id keywordBrian Somers1998-09-131-0/+2
| | | | Notes: svn path=/head/; revision=39145
* ppp => networkBrian Somers1997-09-041-1/+1
| | | | | | | As discussed on cvs-committers Notes: svn path=/head/; revision=29082
* Add group ppp (gid 69)Brian Somers1997-08-311-0/+1
| | | | Notes: svn path=/head/; revision=28964
* Add mail group.Jordan K. Hubbard1997-05-021-0/+1
| | | | Notes: svn path=/head/; revision=25376
* Move "dialer" to gid == 68.Poul-Henning Kamp1996-03-121-1/+1
| | | | Notes: svn path=/head/; revision=14594
* Move user & group "xten" from [ug]id == 100 to 67.Poul-Henning Kamp1996-03-121-1/+1
| | | | | | | This is less likely to collide with site policies. Notes: svn path=/head/; revision=14592
* Remove ingres user.Poul-Henning Kamp1996-03-121-1/+0
| | | | Notes: svn path=/head/; revision=14591
* nogroup 32766 -> 65533 to go with nobody's change to 65534.Rodney W. Grimes1995-05-171-1/+1
| | | | Notes: svn path=/head/; revision=8573
* change nobody master.passwd entry to 65534:65534Andrey A. Chernov1995-05-151-1/+1
| | | | | | | | change nobody group entry to 65534 Suggested-by: pst Notes: svn path=/head/; revision=8539
* Add xten user/group.Jordan K. Hubbard1995-04-181-0/+1
| | | | | | | Submitted by: Gene Stark <gene@starkhome.cs.sunysb.edu> Notes: svn path=/head/; revision=7917
* Intruduce new group for uucp, gid 66Andrey A. Chernov1994-05-311-0/+1
| | | | Notes: svn path=/head/; revision=1642
* As per Rod's wishes, man uses uid/gid 9 now.Jordan K. Hubbard1994-03-191-0/+1
| | | | Notes: svn path=/head/; revision=1280
* Remove man group - no longer necessary (that was quick! :). I'll let RodJordan K. Hubbard1994-03-191-1/+0
| | | | | | | | pick the uid for the `man' user, since he staked a claim on that, but he'd better not forget or the make install will break badly! :) Notes: svn path=/head/; revision=1279
* Added a man group ID.Jordan K. Hubbard1994-03-181-0/+1
| | | | Notes: svn path=/head/; revision=1269
* >From: Andreas Schulz <ats@g386bsd.first.gmd.de>Rodney W. Grimes1994-02-251-1/+1
| | | | | | | | | | Subject: failure in /usr/src/etc/group The /usr/src/etc/group file is missing a colon in the line "dialer:*:117" at the end. Notes: svn path=/head/; revision=1211
* Removed bill and lynne from group file, this was a security hole in theRodney W. Grimes1993-07-191-1/+1
| | | | | | | | 0.1 distribution, as they had accounts in the password file with out passwords, and were in group wheel! Notes: svn path=/head/; revision=149
* Initial import of 386BSD 0.1 othersrc/etcRodney W. Grimes1993-06-201-0/+15
Notes: svn path=/cvs2svn/branches/unlabeled-1.1.1/; revision=37
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-18 23:29:31 +0000