Commit Graph

47 Commits

Author SHA1 Message Date
roy d87d6793f0 Add _rtadvd user and group.
Add a chroot dir for the _rtadvd user.
Drop privs to the user _rtadvd after acquiring our socket.
When rc.d/rtadvd starts or reloads, the rtadvd config file is copied
into the chroot before starting or reloading rtadvd itself.
Create a symlink from /var/run/rtadvd.dump to the chroot

Inital idea from OpenBSD patch rtadvd.c r1.36
2013-07-09 09:34:58 +00:00
riz a1da65bdfb Change root's default shell to /bin/sh, to provide a default which
has command line editing, tab completion, and other features users
have come to expect from a modern OS.

Discussed on current-users approximately two weeks ago.  Should be
pulled up for NetBSD 6.0.
2012-04-25 16:11:26 +00:00
christos 493ac06fcb - add _tss user for tcsd, and needed directories for TrouSerS.
This is all unused as of now because the trousers is not connected to
the build yet.
2012-01-28 02:17:29 +00:00
jmmv bbf950e188 Rename the _atf user to _tests. The _atf name will get obsoleted if/when
we migrate to Kyua (atf v2), so it's better to use a generic name that does
not depend on the specific implementation.  Also, this user has not gone
out yet into any stable release, so we can easily rename it.

Suggested by jruoho@.
2011-08-05 14:43:41 +00:00
jruoho 27cfff3b3e Make tcpdump(8) to drop root privileges and chroot(2) by default. 2010-12-17 09:54:27 +00:00
jmmv 52d94cef95 Add the _atf user and group to be able to run unprivileged tests automatically
without having to manually tweak the 'unprivileged-user' setting.  Suggested
by pooka@.
2010-11-07 17:47:47 +00:00
christos 875c2ae09f mdnsd home should not be /var/www! 2009-10-04 01:40:53 +00:00
tsarna a8bcd3b5c3 Multicast DNS ("Bonjour") support, based on Apple's mDNSResponder. 2009-09-29 23:56:26 +00:00
tls 215e50961e Add httpd to the build. Add _httpd to passwd and groups and postinstall.
Add /var/www to mtree, add example line to inetd.conf.
2007-10-16 02:47:12 +00:00
plunky c6f8856e3c For sdpd(8), change default user/group from nobody/nobody to _sdpd/_sdpd 2007-03-18 15:53:54 +00:00
cbiere 28ea2557d4 Let timedc use the dedicated account "_timedc" for dropping privileges
instead of abusing the account "nobody".
2007-01-28 13:51:29 +00:00
christos 3353f7d077 goodbye uucp 2006-11-12 01:20:00 +00:00
dogcow 859dcf3c5f add all the proper fields to _proxy 2006-10-08 02:34:51 +00:00
rpaulo 1921cb5602 PR 30870: Add user ``_proxy'' and make pf's ftp-proxy use it.
Initial patch by rivo nurges, thanks!
2006-10-07 15:10:17 +00:00
christos ace25de76c Remove sendmail (approved by core) 2006-05-30 00:40:22 +00:00
tsarna cd41b5d099 add _rwhod user (and group) 2005-09-12 16:21:56 +00:00
peter 80271013f5 Add the _pflogd user which will be used by pflogd(8), the logging daemon
for pf(4).

Approved by core.
2005-04-04 19:06:43 +00:00
soren 15b88bc43f Oops, didn't mean to remove toor (just yet). 2003-01-25 01:14:03 +00:00
soren c552afcd61 Consistently with previous such changes, make daemon's default group 1(daemon)
rather than 31(guest). FreeBSD and OpenBSD have done the same thing.
2003-01-25 01:13:29 +00:00
christos 56bafd7e79 make nobody's shell back /sbin/nologin. we'll use su -m for xdm. 2002-10-27 20:13:00 +00:00
christos b4a6515ec6 Don't make the shell of nobody /sbin/nologin. There are programs that expect
to be executing su nobody -c 'command', such as xdm's Xwilling do this.
2002-10-27 00:07:47 +00:00
tron fbf97bb599 Remove unused user and group "news" as discussed on "tech-userlevel". 2002-07-06 09:27:31 +00:00
itojun 1890825b44 uid/gid for sendmail 8.12.x.
disallow chroot priv accounts from being used for ftp.
2002-06-05 21:32:25 +00:00
atatat adf9f4096f tweak GECOS for games 2002-05-20 15:08:25 +00:00
atatat feed2cb114 tweak GECOS for postfix 2002-05-20 15:06:19 +00:00
lukem 634dcabc44 fix ~sshd. tweak GECOS for named,ntpd,sshd 2002-05-17 05:47:41 +00:00
itojun 4d9f2174f9 dig sshd uid/gid, and /var/empty, for sshd privilege separation 2002-05-14 23:26:24 +00:00
lukem 01c63bc35a - add "ntpd" user (homedir: /var/chroot/ntpd) and "ntpd" group, for use by
future work to support a chroot(8)ed ntpd
- move /var/named -> /var/chroot/named for consistency with ntpd
2001-10-11 07:21:07 +00:00
lukem d2a924ca51 remove `falken' user; nothing depends upon it, it causes confusion about
whether it's required or not, and by default it's useless anyway (because
the one-hit-wonder joke with respect to its shell being /usr/games/wargames
is moot unless you enable the account)
2001-03-04 06:00:54 +00:00
lukem 8aaa117469 remove `ingres' user & group; we have never shipped with ingres in the
base distribution, and packages that need a specific user & group can
create it.
2001-02-26 17:25:28 +00:00
lukem 614a276987 add named pseudo-user & group 2001-02-26 00:03:15 +00:00
abs 4fc0cc79b3 If we have an 'operator' user, it should at least be gid operator. 1999-03-27 03:51:41 +00:00
perry e75fc73f95 add postfix uid/gid, maildrop gid 1999-03-27 01:44:37 +00:00
lukem 29fbd4fd08 change user `nobody's group from 9999 (non-existant) to 39 (group `nobody').
from Soren S. Jorvang <soren@t.dk> in [misc/6806]
1999-03-25 07:00:43 +00:00
wrstuden 56fe49bc20 toor is back, disabled by default as before. 1999-03-17 03:01:54 +00:00
jonathan 9380518844 Revert to status quo ante (root's shell is csh, per BSD tradition),
pending the proper procedures for making such a change.
1999-03-16 23:24:02 +00:00
hubertf 8613009f6a Give root a Bourne shell. 1999-03-15 16:36:38 +00:00
abs eb710b1b56 It was just Plain Wrong to ship a password file that triggers /etc/security.
Remove toor - if people want another root account, we'll assume they can
copy and modify the root line.
1999-03-14 20:11:06 +00:00
lukem a563ca4687 As per [bin/1814] from Arne Juul <arnej@imf.unit.no>, and discussions
with matt green <mrg@netbsd.org> (to shut up /etc/security)
* set ingres account shell to /sbin/nologin
* set ~daemon to / (not /root)
1997-08-19 15:07:12 +00:00
mikel 34164c8eea make toor's shell explicit to shut up /etc/security 1997-07-10 06:38:35 +00:00
mikel ef538c3176 cleanup Lite-1 merge 1997-02-15 10:02:07 +00:00
mycroft 5510163962 Correct the professor's name. 1994-11-03 15:40:43 +00:00
cgd 3059ace712 disable toor by default 1994-02-09 00:19:53 +00:00
jtc a0a614abf8 uucp's shell, uucico, is in /usr/libexec/uucp (not /usr/lib/uucp). 1993-08-09 22:40:48 +00:00
cgd 0aa4d2c067 make root/operator group ids sane... 1993-06-06 02:49:31 +00:00
cgd d0395ece09 got rid of bill, lynne, ken, and dmr 1993-04-02 07:57:23 +00:00
cgd 61f282557f initial import of 386bsd-0.1 sources 1993-03-21 09:45:37 +00:00