#
9d6049d5 |
|
22-Aug-2023 |
Mike Karels <karels@FreeBSD.org> |
etc: remove leftover leading empty comments, blank lines Remove leftover empty leading comments/blank lines that had been spacers between $FreeBSD$ and the following content in config files in src/etc. Reviewed by: imp Differential Revision: https://reviews.freebsd.org/D41548
|
#
d0b2dbfa |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line sh pattern Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
|
#
d0f1f382 |
|
18-Feb-2022 |
Ed Maste <emaste@FreeBSD.org> |
Reserve u2f group for FIDO/U2F key support (SSH, etc.) We have FIDO/U2F support in the base system now, so reserve a group ID for it (maching the security/u2f-devd port). Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D34341
|
#
a9545eed |
|
09-Dec-2021 |
Florian Walpen <dev@submerge.ch> |
Add idle priority scheduling privilege group to MAC/priority Add an idletime user group that allows non-root users to run processes with idle scheduling priority. Privileges are granted by a MAC policy in the mac_priority module. For this purpose, the kernel privilege PRIV_SCHED_IDPRIO was added to sys/priv.h (kernel module ABI change). Deprecate the system wide sysctl(8) knob security.bsd.unprivileged_idprio which lets any user run idle priority processes, regardless of context. While the knob is still working, it is marked as deprecated in the description and in the man pages. MFC after: 2 weeks Differential revision: https://reviews.freebsd.org/D33338
|
#
bf2fa8d9 |
|
04-Dec-2021 |
Florian Walpen <dev@submerge.ch> |
MAC/priority module for realtime privilege group This is a MAC policy module that grants scheduling privileges based on group membership. Users or processes in the group realtime (gid 47) are allowed to run threads and processes with realtime scheduling priority. For timing-sensitive, low-latency software like audio/jack, running with realtime priority helps to avoid stutter and gaps. PR: 239125 MFC after: 2 weeks Differential revision: https://reviews.freebsd.org/D33191
|
#
cfe7aad9 |
|
27-Mar-2020 |
Brooks Davis <brooks@FreeBSD.org> |
Create and use a tests group for the tests user. No user (except nobody) should be a member of the nobody group. Reported by: rgrimes Reviewed by: rgrimes MFC after: 3 days Sponsored by: DARPA Differential Revision: https://reviews.freebsd.org/D24199
|
#
45a13fd8 |
|
23-May-2019 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Move back group, master.passwd and shells to etc directory Use the .PATH mechanism instead so keep installing them from lib/libc/gen While here revert 347961 and 347893 which are no longer needed Discussed with: manu Tested by: manu ok manu@
|
#
3496c981 |
|
19-Jul-2018 |
Ian Lepore <ian@FreeBSD.org> |
Make it possible to run ntpd as a non-root user, add ntpd uid and gid. Code analysis and runtime analysis using truss(8) indicate that the only privileged operations performed by ntpd are adjusting system time, and (re-)binding to privileged UDP port 123. These changes add a new mac(4) policy module, mac_ntpd(4), which grants just those privileges to any process running with uid 123. This also adds a new user and group, ntpd:ntpd, (uid:gid 123:123), and makes them the owner of the /var/db/ntp directory, so that it can be used as a location where the non-privileged daemon can write files such as the driftfile, and any optional logfile or stats files. Because there are so many ways to configure ntpd, the question of how to configure it to run without root privs can be a bit complex, so that will be addressed in a separate commit. These changes are just what's required to grant the limited subset of privs to ntpd, and the small change to ntpd to prevent it from exiting with an error if running as non-root. Differential Revision: https://reviews.freebsd.org/D16281
|
#
1cf38d9e |
|
26-Jan-2016 |
Marcelo Araujo <araujo@FreeBSD.org> |
Fix regression introduced on r293801. The UID/GID 93 is in using by jaber on PORTS, we will use UID/GID 160 for ypldap(8). Reported by: antoine Approved by: bapt (mentor) Differential Revision: https://reviews.freebsd.org/D5062
|
#
34c7eb57 |
|
08-Aug-2015 |
Koop Mast <kwm@FreeBSD.org> |
Add a new group named 'video' with the id of 44. And make drm create devices in /dev/dri/ with this new group. This will allow ports and users to more easily access to these devices for OpenGL and OpenCL support. Reviewed by: dumbbell@ Approved by: dumbbell@ Differential Revision: https://reviews.freebsd.org/D1260
|
#
ec0e2ac6 |
|
12-Oct-2013 |
Rui Paulo <rpaulo@FreeBSD.org> |
Remove most of the ATF tools and the _atf user. This is necessary because ATF is deprecated and it will be replaced by Kyua. Submitted by: jmmv@netbsd.org Reviewed by: Garrett Cooper Approved by: re
|
#
8f8790cd |
|
15-Sep-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Build and install the Unbound caching DNS resolver daemon. Approved by: re (blanket)
|
#
c175365c |
|
21-Oct-2012 |
Marcel Moolenaar <marcel@FreeBSD.org> |
Add ATF to the build. This is may be a bit rought around the egdes, but committing it helps to get everyone on the same page and makes sure we make progress. Tinderbox breakages that are the result of this commit are entirely the committer's fault -- in other words: buildworld testing on amd64 only. Credits follow: Submitted by: Garrett Cooper <yanegomi@gmail.com> Sponsored by: Isilon Systems Based on work by: keramida@ Thanks to: gnn@, mdf@, mlaier@, sjg@ Special thanks to: keramida@
|
#
3468e4ce |
|
28-Jan-2011 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Add 'hast' user and 'hast' group that will be used by hastd (and maybe hastctl) to drop privileges. MFC after: 1 week
|
#
fe0506d7 |
|
09-Mar-2010 |
Marcel Moolenaar <marcel@FreeBSD.org> |
Create the altix project branch. The altix project will add support for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting is a two-module system, consisting of a base compute module and a CPU expansion module. SGI's NUMAFlex architecture can be an excellent platform to test CPU affinity and NUMA-aware features in FreeBSD.
|
#
d7f03759 |
|
19-Oct-2008 |
Ulf Lilleengen <lulf@FreeBSD.org> |
- Import the HEAD csup code which is the basis for the cvsmode work.
|
#
3213dc84 |
|
11-Jun-2007 |
Ceri Davies <ceri@FreeBSD.org> |
Create group ftp by default. This is gid 14 as this is the historical id used by sysinstall when enabling anonymous FTP. Change the default group used by sysinstall for setting up anonymous FTP from operator to ftp; there is no reason to use operator and there are potential security issues when doing so. PR: 93284 Approved by: ru (mentor) Reviewed by: simon
|
#
cd573a85 |
|
05-Feb-2006 |
Robert Watson <rwatson@FreeBSD.org> |
Assign gid 77 to audit instead of gid 73. The ports group list did not include '73', which was assigned in a ports passwd entry to ircservices. Pointed out by: ceri
|
#
bbcf7c36 |
|
05-Feb-2006 |
Robert Watson <rwatson@FreeBSD.org> |
Allocate an 'audit' group, membership in which will grant the audit review right by virtue of read file permission on /var/audit and its contents. Obtained from: TrustedBSD Project
|
#
7217408a |
|
06-Jun-2005 |
Brooks Davis <brooks@FreeBSD.org> |
Add _dhcp user/group as required by the OpenBSD dhclient.
|
#
8ee2ac9e |
|
22-Jun-2004 |
Max Laier <mlaier@FreeBSD.org> |
Add "privsep" user/group _pflogd:_pflogd (64:64) to make pflogd(8) work again. This user/group is not required for install* targets, hence do not add them to CHECK_UIDS/CHECK_GIDS in Makefile.inc1 (no need to annoy people). Discussed-on: -current
|
#
be3e0526 |
|
10-Mar-2004 |
Max Laier <mlaier@FreeBSD.org> |
Add trailing collon Noticed by: dwhite Approved by: bms(mentor)
|
#
8d69c48b |
|
08-Mar-2004 |
Max Laier <mlaier@FreeBSD.org> |
Link pf to the build and install: This adds the former ports registered groups: proxy and authpf as well as the proxy user. Make sure to run mergemaster -p in oder to complete make installworld without errors. This also provides the passive OS fingerprints from OpenBSD (pf.os) and an example pf.conf. For those who want to go without pf; it provides a NO_PF knob to make.conf. __FreeBSD_version will be bumped soon to reflect this and to be able to change ports accordingly. Approved by: bms(mentor)
|
#
e50dfdc9 |
|
26-Apr-2003 |
Warner Losh <imp@FreeBSD.org> |
xten isn't needed after tw is gone. Approved by: re@ (scottl)
|
#
190a0059 |
|
14-Oct-2002 |
Robert Watson <rwatson@FreeBSD.org> |
Remove root from the 'guest' group: missed in a previous pass. Spotted by: jhb
|
#
975819b7 |
|
13-Oct-2002 |
Robert Watson <rwatson@FreeBSD.org> |
Remove root from the kmem, sys, tty, and staff groups in the default configuration. Root privileges override DAC on local file systems and therefore root does not generally need to be a member of a group to access files owned by that group. In the NFS case, require explicit authorization for root to have these privileges. Leave root in operator for dump/restore broadcast reasons; leave root in wheel until discrepencies in the "no users in wheel means any user can su" policy are resolved (possibly indefinitely).
|
#
7b2c73b7 |
|
13-Oct-2002 |
Robert Watson <rwatson@FreeBSD.org> |
For consistency with other entries in group, don't put the daemon or xten users in their groups explicitly--we pick that up from the gid field in master.passwd.
|
#
04b681a9 |
|
23-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Add an sshd user and group for the OpenSSH privilege separation code.
|
#
ca8b9ed3 |
|
17-Nov-2001 |
Gregory Neil Shapiro <gshapiro@FreeBSD.org> |
Add two new accounts/groups for sendmail: smmsp - sendmail 8.12 operates as a set-group-ID binary (instead of set-user-ID). This new user/group will be used for command line submissions. UID/GID 25 is suggested in the sendmail documentation and has been adopted by other operating systems such as OpenBSD and Solaris 9. mailnull - The default value for DefaultUser is now set to the uid and gid of the first existing user mailnull, sendmail, or daemon that has a non-zero uid. If none of these exist, sendmail reverts back to the old behavior of using uid 1 and gid 1. Currently FreeBSD uses daemon for DefaultUser but I would prefer not to use an account used by other programs, hence the addition of mailnull. UID/GID 26 has been chosen for this user. This was discussed on -arch on October 18-19, 2001. MFC after: 1 week
|
#
92277380 |
|
24-Oct-2001 |
Andrey A. Chernov <ache@FreeBSD.org> |
Re-commit www:www If anybody wants to remove them for some reason, please consider "pop" removing first. Approved by: arch discussion from Oct 20 MFC after: 3 days
|
#
19aa5cdc |
|
18-Oct-2001 |
Sheldon Hearn <sheldonh@FreeBSD.org> |
Back previous revision out until it has been discussed on -arch and motivated. Currently, it is under dispute.
|
#
913b0e4e |
|
17-Oct-2001 |
Andrey A. Chernov <ache@FreeBSD.org> |
Add www:www (80:80) for upcoming Apache changes
|
#
9b7a44a6 |
|
27-Aug-1999 |
Peter Wemm <peter@FreeBSD.org> |
$Id$ -> $FreeBSD$
|
#
ac48aa41 |
|
01-Dec-1998 |
Matthew Dillon <dillon@FreeBSD.org> |
Added group bind(53), added sandbox users tty(4), kmem(5), and bind(53), adjustd inetd.conf to run comsat and ntalk from tty sandbox, and the (commented out) ident from the kmem sandbox. Note that it is necessary to give each group access it's own uid to prevent programs running under a single uid from being able to gdb or otherwise mess with other programs (with different group perms) running under the same uid.
|
#
965066d6 |
|
13-Sep-1998 |
Brian Somers <brian@FreeBSD.org> |
Add Id keyword
|
#
8a13ec3a |
|
03-Sep-1997 |
Brian Somers <brian@FreeBSD.org> |
ppp => network As discussed on cvs-committers
|
#
a393e39c |
|
31-Aug-1997 |
Brian Somers <brian@FreeBSD.org> |
Add group ppp (gid 69)
|
#
1ac310dd |
|
01-May-1997 |
Jordan K. Hubbard <jkh@FreeBSD.org> |
Add mail group.
|
#
887d19dd |
|
12-Mar-1996 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Move "dialer" to gid == 68.
|
#
43e028e0 |
|
12-Mar-1996 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Move user & group "xten" from [ug]id == 100 to 67. This is less likely to collide with site policies.
|
#
41bdbea7 |
|
12-Mar-1996 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Remove ingres user.
|
#
843f16dc |
|
17-May-1995 |
Rodney W. Grimes <rgrimes@FreeBSD.org> |
nogroup 32766 -> 65533 to go with nobody's change to 65534.
|
#
efc05b2b |
|
15-May-1995 |
Andrey A. Chernov <ache@FreeBSD.org> |
change nobody master.passwd entry to 65534:65534 change nobody group entry to 65534 Suggested-by: pst
|
#
29fb8166 |
|
17-Apr-1995 |
Jordan K. Hubbard <jkh@FreeBSD.org> |
Add xten user/group. Submitted by: Gene Stark <gene@starkhome.cs.sunysb.edu>
|
#
62936ec7 |
|
30-May-1994 |
Andrey A. Chernov <ache@FreeBSD.org> |
Intruduce new group for uucp, gid 66
|
#
553a5931 |
|
19-Mar-1994 |
Jordan K. Hubbard <jkh@FreeBSD.org> |
As per Rod's wishes, man uses uid/gid 9 now.
|
#
5dfaa173 |
|
19-Mar-1994 |
Jordan K. Hubbard <jkh@FreeBSD.org> |
Remove man group - no longer necessary (that was quick! :). I'll let Rod pick the uid for the `man' user, since he staked a claim on that, but he'd better not forget or the make install will break badly! :)
|
#
8f74b717 |
|
18-Mar-1994 |
Jordan K. Hubbard <jkh@FreeBSD.org> |
Added a man group ID.
|
#
0a0018c5 |
|
25-Feb-1994 |
Rodney W. Grimes <rgrimes@FreeBSD.org> |
>From: Andreas Schulz <ats@g386bsd.first.gmd.de> Subject: failure in /usr/src/etc/group The /usr/src/etc/group file is missing a colon in the line "dialer:*:117" at the end.
|
#
5db8869f |
|
19-Jul-1993 |
Rodney W. Grimes <rgrimes@FreeBSD.org> |
Removed bill and lynne from group file, this was a security hole in the 0.1 distribution, as they had accounts in the password file with out passwords, and were in group wheel!
|
#
1bf9d5d9 |
|
20-Jun-1993 |
Rodney W. Grimes <rgrimes@FreeBSD.org> |
Initial import of 386BSD 0.1 othersrc/etc
|