summaryrefslogtreecommitdiff
path: root/etc/master.passwd
Commit message (Collapse)AuthorAgeFilesLines
* Create and use a tests group for the tests user.Brooks Davis2020-03-271-1/+1
| | | | | | | | | | | | | No user (except nobody) should be a member of the nobody group. Reported by: rgrimes Reviewed by: rgrimes MFC after: 3 days Sponsored by: DARPA Differential Revision: https://reviews.freebsd.org/D24199 Notes: svn path=/head/; revision=359368
* Add the tests user, an unprivileged user from the default kyua config.Brooks Davis2020-03-231-0/+1
| | | | | | | | | | | | This is a preparatory commit for D24103. Reviewed by: emaste Obtained from: CheriBSD MFC after: 3 days Sponsored by: DARPA Notes: svn path=/head/; revision=359247
* Move back group, master.passwd and shells to etc directoryBaptiste Daroussin2019-05-231-0/+28
| | | | | | | | | | | | | Use the .PATH mechanism instead so keep installing them from lib/libc/gen While here revert 347961 and 347893 which are no longer needed Discussed with: manu Tested by: manu ok manu@ Notes: svn path=/head/; revision=348185
* Move master.passwd and group to lib/libc/gen/Brad Davis2019-05-161-28/+0
| | | | | | | | | | | libc was picked as the destination location for these because of the syscalls that use these files as the lowest level place they are referenced. Approved by: will (mentor), rgrimes, manu Differential Revision: https://reviews.freebsd.org/D16728 Notes: svn path=/head/; revision=347638
* Revert parts of r337849 and r337857Brad Davis2018-08-151-1/+1
| | | | | | | | | | | | This fixes the build and I will redo these changes as part of a future review that organizes them differently. The way I tried to do it here could be done better. Sorry for the noise. Approved by: will (mentor) Differential Revision: https://reviews.freebsd.org/D16737 Notes: svn path=/head/; revision=337882
* Fix build after r337849Brad Davis2018-08-151-1/+1
| | | | | | | | | | | | This moves the symlink creation to after where the files are installed. This also inverts the shell change so that it only happens if MK_TCSH is on. Approved by: will (mentor) Differential Revision: https://reviews.freebsd.org/D16725 Notes: svn path=/head/; revision=337857
* Make it possible to run ntpd as a non-root user, add ntpd uid and gid.Ian Lepore2018-07-191-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | Code analysis and runtime analysis using truss(8) indicate that the only privileged operations performed by ntpd are adjusting system time, and (re-)binding to privileged UDP port 123. These changes add a new mac(4) policy module, mac_ntpd(4), which grants just those privileges to any process running with uid 123. This also adds a new user and group, ntpd:ntpd, (uid:gid 123:123), and makes them the owner of the /var/db/ntp directory, so that it can be used as a location where the non-privileged daemon can write files such as the driftfile, and any optional logfile or stats files. Because there are so many ways to configure ntpd, the question of how to configure it to run without root privs can be a bit complex, so that will be addressed in a separate commit. These changes are just what's required to grant the limited subset of privs to ntpd, and the small change to ntpd to prevent it from exiting with an error if running as non-root. Differential Revision: https://reviews.freebsd.org/D16281 Notes: svn path=/head/; revision=336525
* Capitalize "LDAP" in the description field of the _ypldap entry.Benedict Reuschling2016-05-101-1/+1
| | | | | | | | | Reviewed by: bapt MFC after: 5 days Differential Revision: https://reviews.freebsd.org/D5267 Notes: svn path=/head/; revision=299365
* Fix regression introduced on r293801.Marcelo Araujo2016-01-271-1/+1
| | | | | | | | | | | | The UID/GID 93 is in using by jaber on PORTS, we will use UID/GID 160 for ypldap(8). Reported by: antoine Approved by: bapt (mentor) Differential Revision: https://reviews.freebsd.org/D5062 Notes: svn path=/head/; revision=294896
* ypldap(8) is a feature ready to be used to translate nis(8) database to ldap(3).Marcelo Araujo2016-01-131-0/+1
| | | | | | | | | | | | | | | | | | This commit, fix a core dump on ypldap(8) related with memory allocation. Also an example of how to set the ypldap.conf(5) properly is added to examples files. A new user _ypldap is required to be able to run ypldap(8) as well as in a chroot mode. Reviewed by: rodrigc (mentor), bjk Approved by: bapt (mentor) Relnotes: Yes Sponsored by: gandi.net Differential Revision: https://reviews.freebsd.org/D4744 Notes: svn path=/head/; revision=293801
* Step 1 of eliminating the "games" distribution: Move binaries to /usr/bin;Colin Percival2015-02-121-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | update paths; and include everything in the "base" distribution. The "games" distribution being optional made sense when there were more games and we had small disks; but the "games-like" games were moved into the ports tree a dozen years ago and the remaining "utility-like" games occupy less than 0.001% of my laptop's small hard drive. Meanwhile every new user is confronted by the question "do you want games installed" when they they try to install FreeBSD. The next steps will be: 2. Removing punch card (bcd, ppt), phase-of-moon (pom), clock (grdc), and caesar cipher (caesar, rot13) utilities. I intend to keep fortune, factor, morse, number, primes, and random, since there is evidence that those are still being used. 3. Merging src/games into src/usr.bin. This change will not be MFCed. Reviewed by: jmg Discussed at: EuroBSDCon Approved by: gjb (release-affecting changes) Notes: svn path=/head/; revision=278616
* Remove most of the ATF tools and the _atf user.Rui Paulo2013-10-121-1/+0
| | | | | | | | | | | This is necessary because ATF is deprecated and it will be replaced by Kyua. Submitted by: jmmv@netbsd.org Reviewed by: Garrett Cooper Approved by: re Notes: svn path=/head/; revision=256365
* Build and install the Unbound caching DNS resolver daemon.Dag-Erling Smørgrav2013-09-151-0/+1
| | | | | | | Approved by: re (blanket) Notes: svn path=/head/; revision=255597
* Merge a number of changes required to hook up OpenBSM 1.2-alpha2'sRobert Watson2012-12-011-0/+1
| | | | | | | | | | | | | | | | | | | | | | auditdistd (distributed audit daemon) to the build: - Manual cross references - Makefile for auditdistd - rc.d script, rc.conf entrie - New group and user for auditdistd; associated aliases, etc. The audit trail distribution daemon provides reliable, cryptographically protected (and sandboxed) delivery of audit tails from live clients to audit server hosts in order to both allow centralised analysis, and improve resilience in the event of client compromises: clients are not permitted to change trail contents after submission. Submitted by: pjd Sponsored by: The FreeBSD Foundation (auditdistd) Notes: svn path=/head/; revision=243752
* Add ATF to the build. This is may be a bit rought around the egdes,Marcel Moolenaar2012-10-221-0/+1
| | | | | | | | | | | | | | | | | | | | but committing it helps to get everyone on the same page and makes sure we make progress. Tinderbox breakages that are the result of this commit are entirely the committer's fault -- in other words: buildworld testing on amd64 only. Credits follow: Submitted by: Garrett Cooper <yanegomi@gmail.com> Sponsored by: Isilon Systems Based on work by: keramida@ Thanks to: gnn@, mdf@, mlaier@, sjg@ Special thanks to: keramida@ Notes: svn path=/head/; revision=241823
* Change hast user home directory to /var/empty.Pawel Jakub Dawidek2011-01-281-1/+1
| | | | | | | MFC after: 1 week Notes: svn path=/head/; revision=218047
* Add 'hast' user and 'hast' group that will be used by hastd (and maybe hastctl)Pawel Jakub Dawidek2011-01-281-0/+1
| | | | | | | | | to drop privileges. MFC after: 1 week Notes: svn path=/head/; revision=218046
* Add _dhcp user/group as required by the OpenBSD dhclient.Brooks Davis2005-06-061-0/+1
| | | | Notes: svn path=/head/; revision=147062
* UUCP's uucico(8) has not been in the base system for some time now,Mark Murray2004-08-011-1/+1
| | | | | | | | | so reflect this in the default. The uucp uid is a bit funny, and is used by mtree in /var/spool for locks, so we can't remove it without thinking about it a bit harder. Notes: svn path=/head/; revision=132981
* It's /usr/sbin/nologin not /sbin/nologinMax Laier2004-06-231-1/+1
| | | | | | | | Found-by: brueffer Pointy-hat-to: mlaier Notes: svn path=/head/; revision=130968
* Add "privsep" user/group _pflogd:_pflogd (64:64) to make pflogd(8) workMax Laier2004-06-231-0/+1
| | | | | | | | | | | again. This user/group is not required for install* targets, hence do not add them to CHECK_UIDS/CHECK_GIDS in Makefile.inc1 (no need to annoy people). Discussed-on: -current Notes: svn path=/head/; revision=130953
* Synchronize with reality: nologin(8) is now in /usr/sbinColin Percival2004-03-301-16/+16
| | | | | | | Reminded by: trhodes Notes: svn path=/head/; revision=127633
* Link pf to the build and install:Max Laier2004-03-081-0/+1
| | | | | | | | | | | | | | | | | | | This adds the former ports registered groups: proxy and authpf as well as the proxy user. Make sure to run mergemaster -p in oder to complete make installworld without errors. This also provides the passive OS fingerprints from OpenBSD (pf.os) and an example pf.conf. For those who want to go without pf; it provides a NO_PF knob to make.conf. __FreeBSD_version will be bumped soon to reflect this and to be able to change ports accordingly. Approved by: bms(mentor) Notes: svn path=/head/; revision=126756
* xten user no longer needed.Warner Losh2003-04-271-1/+0
| | | | Notes: svn path=/head/; revision=114114
* Previous commit was just a tad too hasty, the sshd peudo-user's homeDag-Erling Smørgrav2002-06-231-1/+1
| | | | | | | directory should be /var/empty. Notes: svn path=/head/; revision=98700
* Add an sshd user and group for the OpenSSH privilege separation code.Dag-Erling Smørgrav2002-06-231-0/+1
| | | | Notes: svn path=/head/; revision=98696
* Tidy up gecos field for `bin'.Ruslan Ermilov2002-01-291-1/+1
| | | | Notes: svn path=/head/; revision=89956
* Add two new accounts/groups for sendmail:Gregory Neil Shapiro2001-11-171-0/+2
| | | | | | | | | | | | | | | | | | | | | | smmsp - sendmail 8.12 operates as a set-group-ID binary (instead of set-user-ID). This new user/group will be used for command line submissions. UID/GID 25 is suggested in the sendmail documentation and has been adopted by other operating systems such as OpenBSD and Solaris 9. mailnull - The default value for DefaultUser is now set to the uid and gid of the first existing user mailnull, sendmail, or daemon that has a non-zero uid. If none of these exist, sendmail reverts back to the old behavior of using uid 1 and gid 1. Currently FreeBSD uses daemon for DefaultUser but I would prefer not to use an account used by other programs, hence the addition of mailnull. UID/GID 26 has been chosen for this user. This was discussed on -arch on October 18-19, 2001. MFC after: 1 week Notes: svn path=/head/; revision=86510
* Re-commit www:wwwAndrey A. Chernov2001-10-251-0/+1
| | | | | | | | | | | If anybody wants to remove them for some reason, please consider "pop" removing first. Approved by: arch discussion from Oct 20 MFC after: 3 days Notes: svn path=/head/; revision=85455
* Back previous revision out until it has been discussed on -arch andSheldon Hearn2001-10-181-1/+0
| | | | | | | motivated. Currently, it is under dispute. Notes: svn path=/head/; revision=85110
* Add www:www (80:80) for upcoming Apache changesAndrey A. Chernov2001-10-171-0/+1
| | | | Notes: svn path=/head/; revision=85056
* Add/adjust some $FreeBSD$ tags.Peter Wemm1999-09-131-0/+2
| | | | | | | Noted by: Doug <Doug@gorean.org> Notes: svn path=/head/; revision=51237
* Use /sbin/nologin as shell for operatorAndrey A. Chernov1998-12-021-1/+1
| | | | | | | | | Replace non-existent directory for operator with / Supply by default operator with non-existent but can be created directory and /bin/csh is kinda security risk Notes: svn path=/head/; revision=41457
* Added group bind(53), added sandbox users tty(4), kmem(5), and bind(53),Matthew Dillon1998-12-011-0/+3
| | | | | | | | | | | | | adjustd inetd.conf to run comsat and ntalk from tty sandbox, and the (commented out) ident from the kmem sandbox. Note that it is necessary to give each group access it's own uid to prevent programs running under a single uid from being able to gdb or otherwise mess with other programs (with different group perms) running under the same uid. Notes: svn path=/head/; revision=41441
* Put operator in its own group rather than "staff".Jordan K. Hubbard1998-05-311-1/+1
| | | | | | | Submitted by: "Yarema" <yds@ingress.com> Notes: svn path=/head/; revision=36499
* Change shell from /nonexistent to /sbin/nologin.Steve Price1998-05-251-8/+8
| | | | | | | | PR: 6739 Submitted by: Are Bryne <are.bryne@communique.no> Notes: svn path=/head/; revision=36346
* Back out moving nobody to daemon class, the problem fixed in another place:Andrey A. Chernov1997-10-271-1/+1
| | | | | | | inetd Notes: svn path=/head/; revision=30794
* Move nobody to daemon class, otherwise it is impossible to start fingerdAndrey A. Chernov1997-10-271-1/+1
| | | | | | | | while Apache is running, it effectively eats all default class limits for nobody Notes: svn path=/head/; revision=30787
* Add popAndrey A. Chernov1997-10-081-0/+1
| | | | Notes: svn path=/head/; revision=30222
* Move daemon from group 31 to group 1Andrey A. Chernov1996-09-011-1/+1
| | | | | | | | One of the reasons: rwhod not work, because it got 1,31 instead of 1,1 on setuid(1) and require group 1 for directory access Notes: svn path=/head/; revision=17996
* Set shells to nonexistent where appropriatePaul Traina1996-07-111-3/+3
| | | | Notes: svn path=/head/; revision=17105
* Move user & group "xten" from [ug]id == 100 to 67.Poul-Henning Kamp1996-03-121-1/+1
| | | | | | | This is less likely to collide with site policies. Notes: svn path=/head/; revision=14592
* Remove ingres user.Poul-Henning Kamp1996-03-121-1/+0
| | | | Notes: svn path=/head/; revision=14591
* change nobody master.passwd entry to 65534:65534Andrey A. Chernov1995-05-151-2/+2
| | | | | | | | change nobody group entry to 65534 Suggested-by: pst Notes: svn path=/head/; revision=8539
* Change xten shell from /dev/null to /nonexistant, adduserAndrey A. Chernov1995-05-151-2/+2
| | | | | | | | | complaints instead. Change nobody user group from non existent in /etc/group (9999) to existent nobody (39). Notes: svn path=/head/; revision=8536
* Add xten user/group.Jordan K. Hubbard1995-04-181-0/+1
| | | | | | | Submitted by: Gene Stark <gene@starkhome.cs.sunysb.edu> Notes: svn path=/head/; revision=7917
* Killed Mr. "Falcon". May he rest in peace.David Greenman1995-03-301-1/+0
| | | | Notes: svn path=/head/; revision=7486
* Add 'news' user, present in group, but missed in master.passwdAndrey A. Chernov1995-01-031-0/+1
| | | | Notes: svn path=/head/; revision=5365
* Intruduce new group for uucp, gid 66Andrey A. Chernov1994-05-311-1/+1
| | | | Notes: svn path=/head/; revision=1642
* /dev/null was not a very good choice of shell for login-disabled users.Garrett Wollman1994-04-111-2/+2
| | | | | | | | | Used the canonical non-existent file (/nonexistent) instead This should probably be documented somewhere, but it's unclear where the right place is (passwd(5)? login(8)? hier(7)? all three?). Notes: svn path=/head/; revision=1351
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-03 02:06:35 +0000