etc: remove leftover leading empty comments, blank lines

Remove leftover empty leading comments/blank lines that had been
spacers between $FreeBSD$ and the following content in config files
in src/etc.

Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D41548

Remove $FreeBSD$: one-line sh pattern

Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/

sh(1): make it the default shell for the root user

In the recent history sh(1) has gain the missing features for it to
become a usable interractive shell:
- command completion
- persistent history support
- improvements on the default bindings in emacs mode
- improvements in the vi mode (repect $EDITOR)
- print a newline when exiting via ^D
- default prompt and improvements on how PS1 can be configured
- and more.

This changes also simplifies making tiny freebsd images with only sh(1)
as a shell

Create and use a tests group for the tests user.

No user (except nobody) should be a member of the nobody group.

Reported by: rgrimes
Reviewed by: rgrimes
MFC after: 3 days
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D24199

Add the tests user, an unprivileged user from the default kyua config.

This is a preparatory commit for D24103.

Reviewed by: emaste
Obtained from: CheriBSD
MFC after: 3 days
Sponsored by: DARPA

Move back group, master.passwd and shells to etc directory

Use the .PATH mechanism instead so keep installing them from lib/libc/gen

While here revert 347961 and 347893 which are no longer needed

Discussed with: manu
Tested by: manu
ok manu@

Revert parts of r337849 and r337857

This fixes the build and I will redo these changes as part of a future review
that organizes them differently. The way I tried to do it here could be done
better. Sorry for the noise.

Approved by: will (mentor)
Differential Revision: https://reviews.freebsd.org/D16737

Fix build after r337849

This moves the symlink creation to after where the files are installed.

This also inverts the shell change so that it only happens if MK_TCSH is on.

Approved by: will (mentor)
Differential Revision: https://reviews.freebsd.org/D16725

Make it possible to run ntpd as a non-root user, add ntpd uid and gid.

Code analysis and runtime analysis using truss(8) indicate that the only
privileged operations performed by ntpd are adjusting system time, and
(re-)binding to privileged UDP port 123. These changes add a new mac(4)
policy module, mac_ntpd(4), which grants just those privileges to any
process running with uid 123.

This also adds a new user and group, ntpd:ntpd, (uid:gid 123:123), and makes
them the owner of the /var/db/ntp directory, so that it can be used as a
location where the non-privileged daemon can write files such as the
driftfile, and any optional logfile or stats files.

Because there are so many ways to configure ntpd, the question of how to
configure it to run without root privs can be a bit complex, so that will be
addressed in a separate commit. These changes are just what's required to
grant the limited subset of privs to ntpd, and the small change to ntpd to
prevent it from exiting with an error if running as non-root.

Differential Revision: https://reviews.freebsd.org/D16281

Capitalize "LDAP" in the description field of the _ypldap entry.

Reviewed by: bapt
MFC after: 5 days
Differential Revision: https://reviews.freebsd.org/D5267

Fix regression introduced on r293801.
The UID/GID 93 is in using by jaber on PORTS, we will use
UID/GID 160 for ypldap(8).

Reported by: antoine
Approved by: bapt (mentor)
Differential Revision: https://reviews.freebsd.org/D5062

ypldap(8) is a feature ready to be used to translate nis(8) database to ldap(3).

This commit, fix a core dump on ypldap(8) related with memory allocation.
Also an example of how to set the ypldap.conf(5) properly is added to
examples files.

A new user _ypldap is required to be able to run ypldap(8) as well as
in a chroot mode.

Reviewed by: rodrigc (mentor), bjk
Approved by: bapt (mentor)
Relnotes: Yes
Sponsored by: gandi.net
Differential Revision: https://reviews.freebsd.org/D4744

Step 1 of eliminating the "games" distribution: Move binaries to /usr/bin;
update paths; and include everything in the "base" distribution.

The "games" distribution being optional made sense when there were more
games and we had small disks; but the "games-like" games were moved into
the ports tree a dozen years ago and the remaining "utility-like" games
occupy less than 0.001% of my laptop's small hard drive. Meanwhile every
new user is confronted by the question "do you want games installed" when
they they try to install FreeBSD.

The next steps will be:

2. Removing punch card (bcd, ppt), phase-of-moon (pom), clock (grdc), and
caesar cipher (caesar, rot13) utilities. I intend to keep fortune, factor,
morse, number, primes, and random, since there is evidence that those are
still being used.

3. Merging src/games into src/usr.bin.

This change will not be MFCed.

Reviewed by: jmg
Discussed at: EuroBSDCon
Approved by: gjb (release-affecting changes)

Remove most of the ATF tools and the _atf user.

This is necessary because ATF is deprecated and it will be replaced by Kyua.

Submitted by: jmmv@netbsd.org
Reviewed by: Garrett Cooper
Approved by: re

Build and install the Unbound caching DNS resolver daemon.

Approved by: re (blanket)

Merge a number of changes required to hook up OpenBSM 1.2-alpha2's
auditdistd (distributed audit daemon) to the build:

- Manual cross references
- Makefile for auditdistd
- rc.d script, rc.conf entrie
- New group and user for auditdistd; associated aliases, etc.

The audit trail distribution daemon provides reliable,
cryptographically protected (and sandboxed) delivery of audit tails
from live clients to audit server hosts in order to both allow
centralised analysis, and improve resilience in the event of client
compromises: clients are not permitted to change trail contents
after submission.

Submitted by: pjd
Sponsored by: The FreeBSD Foundation (auditdistd)

Add ATF to the build. This is may be a bit rought around the egdes,
but committing it helps to get everyone on the same page and makes
sure we make progress.

Tinderbox breakages that are the result of this commit are entirely
the committer's fault -- in other words: buildworld testing on amd64
only.

Credits follow:

Submitted by: Garrett Cooper <yanegomi@gmail.com>
Sponsored by: Isilon Systems
Based on work by: keramida@
Thanks to: gnn@, mdf@, mlaier@, sjg@
Special thanks to: keramida@

Change hast user home directory to /var/empty.

MFC after: 1 week

Add 'hast' user and 'hast' group that will be used by hastd (and maybe hastctl)
to drop privileges.

MFC after: 1 week

Create the altix project branch. The altix project will add support
for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting
is a two-module system, consisting of a base compute module and a
CPU expansion module. SGI's NUMAFlex architecture can be an excellent
platform to test CPU affinity and NUMA-aware features in FreeBSD.

- Import the HEAD csup code which is the basis for the cvsmode work.

Add _dhcp user/group as required by the OpenBSD dhclient.

UUCP's uucico(8) has not been in the base system for some time now,
so reflect this in the default. The uucp uid is a bit funny, and
is used by mtree in /var/spool for locks, so we can't remove it
without thinking about it a bit harder.

It's /usr/sbin/nologin not /sbin/nologin

Found-by: brueffer
Pointy-hat-to: mlaier

Add "privsep" user/group _pflogd:_pflogd (64:64) to make pflogd(8) work
again. This user/group is not required for install* targets, hence do not
add them to CHECK_UIDS/CHECK_GIDS in Makefile.inc1 (no need to annoy
people).

Discussed-on: -current

Synchronize with reality: nologin(8) is now in /usr/sbin

Reminded by: trhodes

Link pf to the build and install:
This adds the former ports registered groups: proxy and authpf as well as
the proxy user. Make sure to run mergemaster -p in oder to complete make
installworld without errors.

This also provides the passive OS fingerprints from OpenBSD (pf.os) and an
example pf.conf.

For those who want to go without pf; it provides a NO_PF knob to make.conf.

__FreeBSD_version will be bumped soon to reflect this and to be able to
change ports accordingly.

Approved by: bms(mentor)

xten user no longer needed.

Previous commit was just a tad too hasty, the sshd peudo-user's home
directory should be /var/empty.

Add an sshd user and group for the OpenSSH privilege separation code.

Tidy up gecos field for `bin'.

Add two new accounts/groups for sendmail:

smmsp - sendmail 8.12 operates as a set-group-ID binary (instead of
set-user-ID). This new user/group will be used for command line
submissions. UID/GID 25 is suggested in the sendmail documentation and has
been adopted by other operating systems such as OpenBSD and Solaris 9.

mailnull - The default value for DefaultUser is now set to the uid and gid
of the first existing user mailnull, sendmail, or daemon that has a
non-zero uid. If none of these exist, sendmail reverts back to the old
behavior of using uid 1 and gid 1. Currently FreeBSD uses daemon for
DefaultUser but I would prefer not to use an account used by other
programs, hence the addition of mailnull. UID/GID 26 has been chosen for
this user.

This was discussed on -arch on October 18-19, 2001.

MFC after: 1 week

Re-commit www:www
If anybody wants to remove them for some reason, please consider "pop"
removing first.

Approved by: arch discussion from Oct 20
MFC after: 3 days

Back previous revision out until it has been discussed on -arch and
motivated. Currently, it is under dispute.

Add www:www (80:80) for upcoming Apache changes

Add/adjust some $FreeBSD$ tags.

Noted by: Doug <Doug@gorean.org>

Use /sbin/nologin as shell for operator
Replace non-existent directory for operator with /
Supply by default operator with non-existent but can be created directory
and /bin/csh is kinda security risk

Added group bind(53), added sandbox users tty(4), kmem(5), and bind(53),
adjustd inetd.conf to run comsat and ntalk from tty sandbox, and
the (commented out) ident from the kmem sandbox.

Note that it is necessary to give each group access it's own uid to
prevent programs running under a single uid from being able to gdb
or otherwise mess with other programs (with different group perms) running
under the same uid.

Put operator in its own group rather than "staff".
Submitted by: "Yarema" <yds@ingress.com>

Change shell from /nonexistent to /sbin/nologin.

PR: 6739
Submitted by: Are Bryne <are.bryne@communique.no>

Back out moving nobody to daemon class, the problem fixed in another place:
inetd

Move nobody to daemon class, otherwise it is impossible to start fingerd
while Apache is running, it effectively eats all default class limits for
nobody

Add pop

Move daemon from group 31 to group 1
One of the reasons: rwhod not work, because it got
1,31 instead of 1,1 on setuid(1) and require group 1 for directory access

Set shells to nonexistent where appropriate

Move user & group "xten" from [ug]id == 100 to 67.
This is less likely to collide with site policies.

Remove ingres user.

change nobody master.passwd entry to 65534:65534
change nobody group entry to 65534
Suggested-by: pst

Change xten shell from /dev/null to /nonexistant, adduser
complaints instead.
Change nobody user group from non existent in /etc/group (9999) to
existent nobody (39).

Add xten user/group.
Submitted by: Gene Stark <gene@starkhome.cs.sunysb.edu>

Killed Mr. "Falcon". May he rest in peace.

Add 'news' user, present in group, but missed in master.passwd

Intruduce new group for uucp, gid 66

/dev/null was not a very good choice of shell for login-disabled users.
Used the canonical non-existent file (/nonexistent) instead This should
probably be documented somewhere, but it's unclear where the right
place is (passwd(5)? login(8)? hier(7)? all three?).

As per Rod's wishes, man uses uid/gid 9 now.

A real good idea...

>From: "Chris G. Demetriou" <cgd@sun-lamp.cs.berkeley.edu>

Update of /b/source/CVS/src/etc
In directory sun-lamp.cs.berkeley.edu:/usr/src/etc

Modified Files:
master.passwd
Log Message:
disable toor by default

Remove more references to the U word.

Wrong path for uucp login, was /usr/lib instead of /usr/libexec. Fixed

Removed extranious names from master.passwd file, changed root and toor to
be in group 0 (was group 10). Changed operator to be in group 20, was 28.

Initial import of 386BSD 0.1 othersrc/etc