- Copy stable/10 (r259064) to releng/10.0 as part of the
10.0-RELEASE cycle.
- Update __FreeBSD_version [1]
- Set branch name to -RC1

[1] 10.0-CURRENT __FreeBSD_version value ended at '55', so
start releng/10.0 at '100' so the branch is started with
a value ending in zero.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

MFC 256365
Remove most of the ATF tools and the _atf user.

Approved by: re

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Build and install the Unbound caching DNS resolver daemon.

Approved by: re (blanket)

Add ATF to the build. This is may be a bit rought around the egdes,
but committing it helps to get everyone on the same page and makes
sure we make progress.

Tinderbox breakages that are the result of this commit are entirely
the committer's fault -- in other words: buildworld testing on amd64
only.

Credits follow:

Submitted by: Garrett Cooper <yanegomi@gmail.com>
Sponsored by: Isilon Systems
Based on work by: keramida@
Thanks to: gnn@, mdf@, mlaier@, sjg@
Special thanks to: keramida@

Add 'hast' user and 'hast' group that will be used by hastd (and maybe hastctl)
to drop privileges.

MFC after: 1 week

Create group ftp by default. This is gid 14 as this is the historical
id used by sysinstall when enabling anonymous FTP.

Change the default group used by sysinstall for setting up anonymous FTP
from operator to ftp; there is no reason to use operator and there are
potential security issues when doing so.

PR: 93284
Approved by: ru (mentor)
Reviewed by: simon

Assign gid 77 to audit instead of gid 73. The ports group list did not
include '73', which was assigned in a ports passwd entry to ircservices.

Pointed out by: ceri

Allocate an 'audit' group, membership in which will grant the audit
review right by virtue of read file permission on /var/audit and its
contents.

Obtained from: TrustedBSD Project

Add _dhcp user/group as required by the OpenBSD dhclient.

Add "privsep" user/group _pflogd:_pflogd (64:64) to make pflogd(8) work
again. This user/group is not required for install* targets, hence do not
add them to CHECK_UIDS/CHECK_GIDS in Makefile.inc1 (no need to annoy
people).

Discussed-on: -current

Add trailing collon

Noticed by: dwhite
Approved by: bms(mentor)

Link pf to the build and install:
This adds the former ports registered groups: proxy and authpf as well as
the proxy user. Make sure to run mergemaster -p in oder to complete make
installworld without errors.

This also provides the passive OS fingerprints from OpenBSD (pf.os) and an
example pf.conf.

For those who want to go without pf; it provides a NO_PF knob to make.conf.

__FreeBSD_version will be bumped soon to reflect this and to be able to
change ports accordingly.

Approved by: bms(mentor)

xten isn't needed after tw is gone.

Approved by: re@ (scottl)

Remove root from the 'guest' group: missed in a previous pass.

Spotted by: jhb

Remove root from the kmem, sys, tty, and staff groups in the default
configuration. Root privileges override DAC on local file systems and
therefore root does not generally need to be a member of a group to
access files owned by that group. In the NFS case, require explicit
authorization for root to have these privileges.

Leave root in operator for dump/restore broadcast reasons; leave root
in wheel until discrepencies in the "no users in wheel means any user
can su" policy are resolved (possibly indefinitely).

For consistency with other entries in group, don't put the daemon or
xten users in their groups explicitly--we pick that up from the gid
field in master.passwd.

Add an sshd user and group for the OpenSSH privilege separation code.

Add two new accounts/groups for sendmail:

smmsp - sendmail 8.12 operates as a set-group-ID binary (instead of
set-user-ID). This new user/group will be used for command line
submissions. UID/GID 25 is suggested in the sendmail documentation and has
been adopted by other operating systems such as OpenBSD and Solaris 9.

mailnull - The default value for DefaultUser is now set to the uid and gid
of the first existing user mailnull, sendmail, or daemon that has a
non-zero uid. If none of these exist, sendmail reverts back to the old
behavior of using uid 1 and gid 1. Currently FreeBSD uses daemon for
DefaultUser but I would prefer not to use an account used by other
programs, hence the addition of mailnull. UID/GID 26 has been chosen for
this user.

This was discussed on -arch on October 18-19, 2001.

MFC after: 1 week

Re-commit www:www
If anybody wants to remove them for some reason, please consider "pop"
removing first.

Approved by: arch discussion from Oct 20
MFC after: 3 days

Back previous revision out until it has been discussed on -arch and
motivated. Currently, it is under dispute.

Add www:www (80:80) for upcoming Apache changes

$Id$ -> $FreeBSD$

Added group bind(53), added sandbox users tty(4), kmem(5), and bind(53),
adjustd inetd.conf to run comsat and ntalk from tty sandbox, and
the (commented out) ident from the kmem sandbox.

Note that it is necessary to give each group access it's own uid to
prevent programs running under a single uid from being able to gdb
or otherwise mess with other programs (with different group perms) running
under the same uid.

Add Id keyword

ppp => network
As discussed on cvs-committers

Add group ppp (gid 69)

Add mail group.

Move "dialer" to gid == 68.

Move user & group "xten" from [ug]id == 100 to 67.
This is less likely to collide with site policies.

Remove ingres user.

nogroup 32766 -> 65533 to go with nobody's change to 65534.

change nobody master.passwd entry to 65534:65534
change nobody group entry to 65534
Suggested-by: pst

Add xten user/group.
Submitted by: Gene Stark <gene@starkhome.cs.sunysb.edu>

Intruduce new group for uucp, gid 66

As per Rod's wishes, man uses uid/gid 9 now.

Remove man group - no longer necessary (that was quick! :). I'll let Rod
pick the uid for the `man' user, since he staked a claim on that, but he'd
better not forget or the make install will break badly! :)

Added a man group ID.

>From: Andreas Schulz <ats@g386bsd.first.gmd.de>
Subject: failure in /usr/src/etc/group

The /usr/src/etc/group file is missing a colon in the line
"dialer:*:117" at the end.

Removed bill and lynne from group file, this was a security hole in the
0.1 distribution, as they had accounts in the password file with out passwords,
and were in group wheel!

This commit was generated by cvs2svn to compensate for changes in r37,
which included commits to RCS files with non-trunk default branches.

Initial import of 386BSD 0.1 othersrc/etc