head	1.38;
access;
symbols
	RELENG_8_4:1.38.0.2
	RELENG_9_1_0_RELEASE:1.36.2.1.4.2
	RELENG_9_1:1.36.2.1.0.4
	RELENG_9_1_BP:1.36.2.1
	RELENG_8_3_0_RELEASE:1.35.10.2.2.1
	RELENG_8_3:1.35.10.2.0.2
	RELENG_8_3_BP:1.35.10.2
	RELENG_9_0_0_RELEASE:1.36.2.1.2.1
	RELENG_9_0:1.36.2.1.0.2
	RELENG_9_0_BP:1.36.2.1
	RELENG_9:1.36.0.2
	RELENG_9_BP:1.36
	RELENG_7_4_0_RELEASE:1.35.14.1
	RELENG_8_2_0_RELEASE:1.35.10.1.6.1
	RELENG_7_4:1.35.0.14
	RELENG_7_4_BP:1.35
	RELENG_8_2:1.35.10.1.0.6
	RELENG_8_2_BP:1.35.10.1
	RELENG_8_1_0_RELEASE:1.35.10.1.4.1
	RELENG_8_1:1.35.10.1.0.4
	RELENG_8_1_BP:1.35.10.1
	RELENG_7_3_0_RELEASE:1.35.12.1
	RELENG_7_3:1.35.0.12
	RELENG_7_3_BP:1.35
	RELENG_8_0_0_RELEASE:1.35.10.1.2.1
	RELENG_8_0:1.35.10.1.0.2
	RELENG_8_0_BP:1.35.10.1
	RELENG_8:1.35.0.10
	RELENG_8_BP:1.35
	RELENG_7_2_0_RELEASE:1.35.8.1
	RELENG_7_2:1.35.0.8
	RELENG_7_2_BP:1.35
	RELENG_7_1_0_RELEASE:1.35.6.1
	RELENG_6_4_0_RELEASE:1.32.2.1.8.1
	RELENG_7_1:1.35.0.6
	RELENG_7_1_BP:1.35
	RELENG_6_4:1.32.2.1.0.8
	RELENG_6_4_BP:1.32.2.1
	RELENG_7_0_0_RELEASE:1.35
	RELENG_6_3_0_RELEASE:1.32.2.1
	RELENG_7_0:1.35.0.4
	RELENG_7_0_BP:1.35
	RELENG_6_3:1.32.2.1.0.6
	RELENG_6_3_BP:1.32.2.1
	RELENG_7:1.35.0.2
	RELENG_7_BP:1.35
	RELENG_6_2_0_RELEASE:1.32.2.1
	RELENG_6_2:1.32.2.1.0.4
	RELENG_6_2_BP:1.32.2.1
	RELENG_5_5_0_RELEASE:1.31
	RELENG_5_5:1.31.0.8
	RELENG_5_5_BP:1.31
	RELENG_6_1_0_RELEASE:1.32.2.1
	RELENG_6_1:1.32.2.1.0.2
	RELENG_6_1_BP:1.32.2.1
	RELENG_6_0_0_RELEASE:1.32
	RELENG_6_0:1.32.0.4
	RELENG_6_0_BP:1.32
	RELENG_6:1.32.0.2
	RELENG_6_BP:1.32
	RELENG_5_4_0_RELEASE:1.31
	RELENG_5_4:1.31.0.6
	RELENG_5_4_BP:1.31
	RELENG_4_11_0_RELEASE:1.19.2.3
	RELENG_4_11:1.19.2.3.0.10
	RELENG_4_11_BP:1.19.2.3
	RELENG_5_3_0_RELEASE:1.31
	RELENG_5_3:1.31.0.4
	RELENG_5_3_BP:1.31
	RELENG_5:1.31.0.2
	RELENG_5_BP:1.31
	RELENG_4_10_0_RELEASE:1.19.2.3
	RELENG_4_10:1.19.2.3.0.8
	RELENG_4_10_BP:1.19.2.3
	RELENG_5_2_1_RELEASE:1.28
	RELENG_5_2_0_RELEASE:1.28
	RELENG_5_2:1.28.0.4
	RELENG_5_2_BP:1.28
	RELENG_4_9_0_RELEASE:1.19.2.3
	RELENG_4_9:1.19.2.3.0.6
	RELENG_4_9_BP:1.19.2.3
	RELENG_5_1_0_RELEASE:1.28
	RELENG_5_1:1.28.0.2
	RELENG_5_1_BP:1.28
	RELENG_4_8_0_RELEASE:1.19.2.3
	RELENG_4_8:1.19.2.3.0.4
	RELENG_4_8_BP:1.19.2.3
	RELENG_5_0_0_RELEASE:1.27
	RELENG_5_0:1.27.0.2
	RELENG_5_0_BP:1.27
	RELENG_4_7_0_RELEASE:1.19.2.3
	RELENG_4_7:1.19.2.3.0.2
	RELENG_4_7_BP:1.19.2.3
	RELENG_4_6_2_RELEASE:1.19.2.2.2.1
	RELENG_4_6_1_RELEASE:1.19.2.2.2.1
	RELENG_4_6_0_RELEASE:1.19.2.2
	RELENG_4_6:1.19.2.2.0.2
	RELENG_4_6_BP:1.19.2.2
	RELENG_4_5_0_RELEASE:1.19.2.1
	RELENG_4_5:1.19.2.1.0.2
	RELENG_4_5_BP:1.19.2.1
	RELENG_4_4_0_RELEASE:1.19
	RELENG_4_4:1.19.0.6
	RELENG_4_4_BP:1.19
	RELENG_4_3_0_RELEASE:1.19
	RELENG_4_3:1.19.0.4
	RELENG_4_3_BP:1.19
	RELENG_4_2_0_RELEASE:1.19
	RELENG_4_1_1_RELEASE:1.19
	PRE_SMPNG:1.19
	RELENG_4_1_0_RELEASE:1.19
	RELENG_3_5_0_RELEASE:1.18.2.1
	RELENG_4_0_0_RELEASE:1.19
	RELENG_4:1.19.0.2
	RELENG_4_BP:1.19
	RELENG_3_4_0_RELEASE:1.18.2.1
	RELENG_3_3_0_RELEASE:1.18.2.1
	RELENG_3_2_PAO:1.18.0.4
	RELENG_3_2_PAO_BP:1.18
	RELENG_3_2_0_RELEASE:1.18
	RELENG_3_1_0_RELEASE:1.18
	RELENG_3:1.18.0.2
	RELENG_3_BP:1.18
	RELENG_2_2_8_RELEASE:1.13.2.4
	RELENG_3_0_0_RELEASE:1.17
	RELENG_2_2_7_RELEASE:1.13.2.3
	RELENG_2_2_6_RELEASE:1.13.2.3
	RELENG_2_2_5_RELEASE:1.13.2.3
	RELENG_2_2_2_RELEASE:1.13.2.1
	RELENG_2_2_1_RELEASE:1.13
	RELENG_2_2_0_RELEASE:1.13
	RELENG_2_1_7_RELEASE:1.10.4.3
	RELENG_2_1_6_1_RELEASE:1.10.4.3
	RELENG_2_1_6_RELEASE:1.10.4.3
	RELENG_2_2:1.13.0.2
	RELENG_2_2_BP:1.13
	RELENG_2_1_5_RELEASE:1.10.4.3
	RELENG_2_1_0_RELEASE:1.10
	RELENG_2_1_0:1.10.0.4
	RELENG_2_1_0_BP:1.10
	RELENG_2_0_5_RELEASE:1.10
	RELENG_2_0_5:1.10.0.2
	RELENG_2_0_5_BP:1.10
	RELENG_2_0_5_ALPHA:1.10
	RELEASE_2_0:1.7
	BETA_2_0:1.7
	ALPHA_2_0:1.7.0.2
	MOVED_NEWCVS:1.7
	FINAL_1_1_5:1.7
	ALPHA_1_1_5:1.7
	FINAL_1_1:1.2.2.2
	GAMMA_1_1:1.2.2.2
	BETA_1_1:1.2.0.2
	BP_BETA_1_1:1.2
	FINAL_1_0:1.2
	EPSILON_1_0:1.2
	GAMMA_1_0:1.2
	BETA_1_0:1.2
	ALPHA_1_0:1.2
	V_0_0_1_0:1.1.1.1;
locks; strict;
comment	@# @;


1.38
date	2012.11.17.01.49.01;	author svnexp;	state Exp;
branches
	1.38.2.1;
next	1.37;

1.37
date	2012.10.22.01.18.41;	author marcel;	state Exp;
branches;
next	1.36;

1.36
date	2011.01.28.22.28.12;	author pjd;	state Exp;
branches
	1.36.2.1;
next	1.35;

1.35
date	2007.06.11.18.36.39;	author ceri;	state Exp;
branches
	1.35.2.1
	1.35.6.1
	1.35.8.1
	1.35.10.1
	1.35.12.1
	1.35.14.1;
next	1.34;

1.34
date	2006.02.05.19.34.09;	author rwatson;	state Exp;
branches;
next	1.33;

1.33
date	2006.02.05.18.04.39;	author rwatson;	state Exp;
branches;
next	1.32;

1.32
date	2005.06.06.20.19.56;	author brooks;	state Exp;
branches
	1.32.2.1;
next	1.31;

1.31
date	2004.06.23.01.32.28;	author mlaier;	state Exp;
branches;
next	1.30;

1.30
date	2004.03.10.15.04.29;	author mlaier;	state Exp;
branches;
next	1.29;

1.29
date	2004.03.08.22.03.27;	author mlaier;	state Exp;
branches;
next	1.28;

1.28
date	2003.04.27.05.49.53;	author imp;	state Exp;
branches;
next	1.27;

1.27
date	2002.10.14.20.55.49;	author rwatson;	state Exp;
branches;
next	1.26;

1.26
date	2002.10.13.17.00.37;	author rwatson;	state Exp;
branches;
next	1.25;

1.25
date	2002.10.13.16.26.26;	author rwatson;	state Exp;
branches;
next	1.24;

1.24
date	2002.06.23.20.41.06;	author des;	state Exp;
branches;
next	1.23;

1.23
date	2001.11.17.21.24.45;	author gshapiro;	state Exp;
branches;
next	1.22;

1.22
date	2001.10.25.03.27.16;	author ache;	state Exp;
branches;
next	1.21;

1.21
date	2001.10.18.16.53.20;	author sheldonh;	state Exp;
branches;
next	1.20;

1.20
date	2001.10.17.13.21.53;	author ache;	state Exp;
branches;
next	1.19;

1.19
date	99.08.27.23.23.41;	author peter;	state Exp;
branches
	1.19.2.1;
next	1.18;

1.18
date	98.12.01.21.19.49;	author dillon;	state Exp;
branches
	1.18.2.1;
next	1.17;

1.17
date	98.09.13.23.05.46;	author brian;	state Exp;
branches;
next	1.16;

1.16
date	97.09.04.00.36.38;	author brian;	state Exp;
branches;
next	1.15;

1.15
date	97.08.31.20.13.38;	author brian;	state Exp;
branches;
next	1.14;

1.14
date	97.05.02.00.06.09;	author jkh;	state Exp;
branches;
next	1.13;

1.13
date	96.03.12.15.19.31;	author phk;	state Exp;
branches
	1.13.2.1;
next	1.12;

1.12
date	96.03.12.15.16.44;	author phk;	state Exp;
branches;
next	1.11;

1.11
date	96.03.12.15.11.45;	author phk;	state Exp;
branches;
next	1.10;

1.10
date	95.05.17.10.02.07;	author rgrimes;	state Exp;
branches
	1.10.4.1;
next	1.9;

1.9
date	95.05.15.19.24.55;	author ache;	state Exp;
branches;
next	1.8;

1.8
date	95.04.18.02.03.55;	author jkh;	state Exp;
branches;
next	1.7;

1.7
date	94.05.31.04.36.28;	author ache;	state Exp;
branches;
next	1.6;

1.6
date	94.03.19.23.31.38;	author jkh;	state Exp;
branches;
next	1.5;

1.5
date	94.03.19.22.45.04;	author jkh;	state Exp;
branches;
next	1.4;

1.4
date	94.03.18.11.45.49;	author jkh;	state Exp;
branches;
next	1.3;

1.3
date	94.02.25.14.11.16;	author rgrimes;	state Exp;
branches;
next	1.2;

1.2
date	93.07.19.18.56.42;	author rgrimes;	state Exp;
branches
	1.2.2.1;
next	1.1;

1.1
date	93.06.20.13.41.36;	author rgrimes;	state Exp;
branches
	1.1.1.1;
next	;

1.38.2.1
date	2012.11.17.01.49.01;	author svnexp;	state dead;
branches;
next	1.38.2.2;

1.38.2.2
date	2013.03.28.13.02.41;	author svnexp;	state Exp;
branches;
next	;

1.36.2.1
date	2011.09.23.00.51.37;	author kensmith;	state Exp;
branches
	1.36.2.1.2.1
	1.36.2.1.4.1;
next	1.36.2.2;

1.36.2.2
date	2012.11.17.11.36.10;	author svnexp;	state Exp;
branches;
next	1.36.2.3;

1.36.2.3
date	2013.10.07.09.03.01;	author svnexp;	state Exp;
branches;
next	;

1.36.2.1.2.1
date	2011.11.11.04.20.22;	author kensmith;	state Exp;
branches;
next	1.36.2.1.2.2;

1.36.2.1.2.2
date	2012.11.17.08.36.10;	author svnexp;	state Exp;
branches;
next	;

1.36.2.1.4.1
date	2012.08.05.23.54.33;	author kensmith;	state Exp;
branches;
next	1.36.2.1.4.2;

1.36.2.1.4.2
date	2012.11.17.08.47.00;	author svnexp;	state Exp;
branches;
next	;

1.35.2.1
date	2012.11.17.08.01.14;	author svnexp;	state Exp;
branches;
next	;

1.35.6.1
date	2008.11.25.02.59.29;	author kensmith;	state Exp;
branches;
next	;

1.35.8.1
date	2009.04.15.03.14.26;	author kensmith;	state Exp;
branches;
next	;

1.35.10.1
date	2009.08.03.08.13.06;	author kensmith;	state Exp;
branches
	1.35.10.1.2.1
	1.35.10.1.4.1
	1.35.10.1.6.1;
next	1.35.10.2;

1.35.10.2
date	2011.03.28.17.41.10;	author trociny;	state Exp;
branches
	1.35.10.2.2.1;
next	1.35.10.3;

1.35.10.3
date	2012.11.17.10.35.56;	author svnexp;	state Exp;
branches;
next	1.35.10.4;

1.35.10.4
date	2013.10.07.08.22.12;	author svnexp;	state Exp;
branches;
next	;

1.35.10.1.2.1
date	2009.10.25.01.10.29;	author kensmith;	state Exp;
branches;
next	;

1.35.10.1.4.1
date	2010.06.14.02.09.06;	author kensmith;	state Exp;
branches;
next	;

1.35.10.1.6.1
date	2010.12.21.17.09.25;	author kensmith;	state Exp;
branches;
next	;

1.35.10.2.2.1
date	2012.03.03.06.15.13;	author kensmith;	state Exp;
branches;
next	1.35.10.2.2.2;

1.35.10.2.2.2
date	2012.11.17.08.24.37;	author svnexp;	state Exp;
branches;
next	;

1.35.12.1
date	2010.02.10.00.26.20;	author kensmith;	state Exp;
branches;
next	;

1.35.14.1
date	2010.12.21.17.10.29;	author kensmith;	state Exp;
branches;
next	1.35.14.2;

1.35.14.2
date	2012.11.17.08.16.36;	author svnexp;	state Exp;
branches;
next	;

1.32.2.1
date	2006.03.06.22.23.10;	author rwatson;	state Exp;
branches
	1.32.2.1.8.1;
next	1.32.2.2;

1.32.2.2
date	2012.11.17.07.39.01;	author svnexp;	state Exp;
branches;
next	;

1.32.2.1.8.1
date	2008.10.02.02.57.24;	author kensmith;	state Exp;
branches;
next	;

1.19.2.1
date	2001.11.24.17.22.24;	author gshapiro;	state Exp;
branches;
next	1.19.2.2;

1.19.2.2
date	2002.02.10.11.43.37;	author obrien;	state Exp;
branches
	1.19.2.2.2.1;
next	1.19.2.3;

1.19.2.3
date	2002.06.30.17.57.17;	author des;	state Exp;
branches;
next	1.19.2.4;

1.19.2.4
date	2012.11.17.07.22.35;	author svnexp;	state Exp;
branches;
next	;

1.19.2.2.2.1
date	2002.07.16.12.33.21;	author des;	state Exp;
branches;
next	;

1.18.2.1
date	99.08.29.14.18.43;	author peter;	state Exp;
branches;
next	;

1.13.2.1
date	97.05.02.00.03.37;	author jkh;	state Exp;
branches;
next	1.13.2.2;

1.13.2.2
date	97.08.31.20.15.14;	author brian;	state Exp;
branches;
next	1.13.2.3;

1.13.2.3
date	97.09.05.23.05.43;	author brian;	state Exp;
branches;
next	1.13.2.4;

1.13.2.4
date	98.09.13.23.10.08;	author brian;	state Exp;
branches;
next	1.13.2.5;

1.13.2.5
date	99.09.05.11.01.57;	author peter;	state Exp;
branches;
next	;

1.10.4.1
date	96.03.12.15.09.36;	author phk;	state Exp;
branches;
next	1.10.4.2;

1.10.4.2
date	96.03.12.15.17.26;	author phk;	state Exp;
branches;
next	1.10.4.3;

1.10.4.3
date	96.03.12.15.18.51;	author phk;	state Exp;
branches;
next	;

1.2.2.1
date	94.02.25.14.09.47;	author rgrimes;	state Exp;
branches;
next	1.2.2.2;

1.2.2.2
date	94.04.17.19.54.19;	author rgrimes;	state Exp;
branches;
next	;

1.1.1.1
date	93.06.20.13.41.37;	author rgrimes;	state Exp;
branches;
next	;


desc
@@


1.38
log
@Switching exporter and resync
@
text
@# $FreeBSD: head/etc/group 241823 2012-10-22 01:18:41Z marcel $
#
wheel:*:0:root
daemon:*:1:
kmem:*:2:
sys:*:3:
tty:*:4:
operator:*:5:root
mail:*:6:
bin:*:7:
news:*:8:
man:*:9:
games:*:13:
ftp:*:14:
staff:*:20:
sshd:*:22:
smmsp:*:25:
mailnull:*:26:
_atf:*:27:
guest:*:31:
bind:*:53:
proxy:*:62:
authpf:*:63:
_pflogd:*:64:
_dhcp:*:65:
uucp:*:66:
dialer:*:68:
network:*:69:
audit:*:77:
www:*:80:
hast:*:845:
nogroup:*:65533:
nobody:*:65534:
@


1.38.2.1
log
@file group was added on branch RELENG_8_4 on 2013-03-28 13:02:41 +0000
@
text
@d1 33
@


1.38.2.2
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248810
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@a0 32
# $FreeBSD: releng/8.4/etc/group 220104 2011-03-28 17:41:10Z trociny $
#
wheel:*:0:root
daemon:*:1:
kmem:*:2:
sys:*:3:
tty:*:4:
operator:*:5:root
mail:*:6:
bin:*:7:
news:*:8:
man:*:9:
games:*:13:
ftp:*:14:
staff:*:20:
sshd:*:22:
smmsp:*:25:
mailnull:*:26:
guest:*:31:
bind:*:53:
proxy:*:62:
authpf:*:63:
_pflogd:*:64:
_dhcp:*:65:
uucp:*:66:
dialer:*:68:
network:*:69:
audit:*:77:
www:*:80:
hast:*:845:
nogroup:*:65533:
nobody:*:65534:
@


1.37
log
@SVN rev 241823 on 2012-10-22 01:18:41Z by marcel

Add ATF to the build. This is may be a bit rought around the egdes,
but committing it helps to get everyone on the same page and makes
sure we make progress.

Tinderbox breakages that are the result of this commit are entirely
the committer's fault -- in other words: buildworld testing on amd64
only.

Credits follow:

Submitted by:	Garrett Cooper <yanegomi@@gmail.com>
Sponsored by:	Isilon Systems
Based on work by:	keramida@@
Thanks to:	gnn@@, mdf@@, mlaier@@, sjg@@
Special thanks to:	keramida@@
@
text
@d1 1
a1 1
# $FreeBSD$
@


1.36
log
@SVN rev 218046 on 2011-01-28 22:28:12Z by pjd

Add 'hast' user and 'hast' group that will be used by hastd (and maybe hastctl)
to drop privileges.

MFC after:	1 week
@
text
@d19 1
@


1.36.2.1
log
@SVN rev 225736 on 2011-09-23 00:51:37Z by kensmith

Copy head to stable/9 as part of 9.0-RELEASE release cycle.

Approved by:	re (implicit)
@
text
@@


1.36.2.2
log
@## SVN ##
## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/ 242902
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r242902 | dteske | 2012-11-11 23:29:45 +0000 (Sun, 11 Nov 2012) | 10 lines
## SVN ##
## SVN ## Fix a regression introduced by SVN r211417 that saw the breakage of a feature
## SVN ## documented in usr.sbin/sysinstall/help/shortcuts.hlp (reproduced below):
## SVN ##
## SVN ## If /usr/sbin/sysinstall is linked to another filename, say
## SVN ## `/usr/local/bin/configPackages', then the basename will be used
## SVN ## as an implicit command name.
## SVN ##
## SVN ## Reviewed by:	adrian (co-mentor)
## SVN ## Approved by:	adrian (co-mentor)
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d1 1
a1 1
# $FreeBSD: stable/9/etc/group 218046 2011-01-28 22:28:12Z pjd $
@


1.36.2.3
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/256102
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@d1 1
a1 1
# $FreeBSD: stable/9/etc/group 256102 2013-10-07 08:19:41Z des $
a20 1
unbound:*:59:
@


1.36.2.1.4.1
log
@SVN rev 239080 on 2012-08-05 23:54:33Z by kensmith

Copy stable/9 to releng/9.1 as part of the 9.1-RELEASE release process.

Approved by:	re (implicit)
@
text
@@


1.36.2.1.4.2
log
@Switch importer
@
text
@d1 1
a1 1
# $FreeBSD: releng/9.1/etc/group 218046 2011-01-28 22:28:12Z pjd $
@


1.36.2.1.2.1
log
@SVN rev 227445 on 2011-11-11 04:20:22Z by kensmith

Copy stable/9 to releng/9.0 as part of the FreeBSD 9.0-RELEASE release
cycle.

Approved by:	re (implicit)
@
text
@@


1.36.2.1.2.2
log
@Switch importer
@
text
@d1 1
a1 1
# $FreeBSD: releng/9.0/etc/group 218046 2011-01-28 22:28:12Z pjd $
@


1.35
log
@Create group ftp by default.  This is gid 14 as this is the historical
id used by sysinstall when enabling anonymous FTP.

Change the default group used by sysinstall for setting up anonymous FTP
from operator to ftp; there is no reason to use operator and there are
potential security issues when doing so.

PR:		93284
Approved by:	ru (mentor)
Reviewed by:	simon
@
text
@d30 1
@


1.35.2.1
log
@Switch importer
@
text
@d1 1
a1 1
# $FreeBSD: stable/7/etc/group 170566 2007-06-11 18:36:39Z ceri $
@


1.35.14.1
log
@SVN rev 216618 on 2010-12-21 17:10:29Z by kensmith

Copy stable/7 to releng/7.4 in preparation for FreeBSD-7.4 release.

Approved by:	re (implicit)
@
text
@@


1.35.14.2
log
@Switch importer
@
text
@d1 1
a1 1
# $FreeBSD: releng/7.4/etc/group 170566 2007-06-11 18:36:39Z ceri $
@


1.35.12.1
log
@SVN rev 203736 on 2010-02-10 00:26:20Z by kensmith

Copy stable/7 to releng/7.3 as part of the 7.3-RELEASE process.

Approved by:	re (implicit)
@
text
@@


1.35.10.1
log
@SVN rev 196045 on 2009-08-03 08:13:06Z by kensmith

Copy head to stable/8 as part of 8.0 Release cycle.

Approved by:	re (Implicit)
@
text
@@


1.35.10.2
log
@SVN rev 220104 on 2011-03-28 17:41:10Z by trociny

MFC r217729, r217730, r217731, r217732, r217737, r217784, r217958,
  r217961, r217962, r217964, r217965, r217966, r217967, r217969,
  r218040, r218041, r218042, r218043, r218044, r218045, r218048,
  r218049, r218119, r218132, r218138, r218139, r218147, r218148,
  r218158, r218185, r218191, r218192, r218193, r218194, r218201,
  r218214, r218215, r218217, r218218, r218370, r218373, r218374,
  r218375, r218376, r218464, r218465, r218474, r219082:

r217729 (pjd):

- On primary worker reload, update hr_exec field.
- Update comment.

r217730 (pjd):

Use int16 for error.

r217731 (pjd):

Use more consistent function name with the others (pjdlogv_prefix_set()
instead of pjdlog_prefix_setv()).

r217732 (pjd):

Add nv_assert() which allows to assert that the given name exists.

r217737 (pjd):

Add missing logs.

r217784 (pjd):

Don't open configuration file from worker process. Handle SIGHUP in the
master process only and pass changes to the worker processes over control
socket. This removes access to global namespace in preparation for capsicum
sandboxing.

r217958 (pjd):

Remove __dead2 from pjdlog_verify() prototype, it does return sometimes.

r217961 (pjd):

- Remove obvious NOTREACHED comment after abort() call.
- Remove redundant newline at the end of the file.

r217962 (pjd):

Add LOG_NDELAY flag to openlog(3) - we want descriptor to be immediately open
so there are no surprises once we start chrooting or using capsicum.

r217964 (pjd):

Use pjd copyright for 2011 work.

r217965 (pjd):

Add functions to initialize/finalize pjdlog. This allows to open/close log
file at will.

r217966 (pjd):

Extend pjdlog_verify() to support the following additional macros:
PJDLOG_RVERIFY() - always check expression and on false log the given message
        and exit.
PJDLOG_RASSERT() - check expression when NDEBUG is not defined and on false log
        given message and exit.
PJDLOG_ABORT() - log the given message and exit.

r217967 (pjd):

Close the control socket before exiting, so it will be unlinked.

r217969 (pjd):

Remember created control connection so on fork(2) we can close it in child.

r218040 (pjd):

Initialize all global variables on pjdlog_init().

r218041 (pjd):

Add function to close all unneeded descriptors after fork(2).

r218042 (pjd):

Add comments to places where we treat errors as ciritical, but it is possible
to handle them more gracefully.

r218043 (pjd):

Close all unneeded descriptors after fork(2).

r218044 (pjd):

Add function to assert that the only descriptors we have open are the ones
we expect to be open. Also assert that they point at expected type.

Because openlog(3) API is unable to tell us descriptor number it is using, we
have to close syslog socket, remember assert message in local buffer and if we
fail on assertion, reopen syslog socket and log the message.

r218045 (pjd):

Use newly added descriptors_assert() function to ensure only expected
descriptors are open.

r218046 (pjd), r218047 (pjd), r218119 (maxim):

Add 'hast' user and 'hast' group that will be used by hastd (and maybe hastctl)
to drop privileges.

r218048 (pjd):

Implement function that drops privileges by:
- chrooting to /var/empty (user hast home directory),
- setting groups to 'hast' (user hast primary group),
- setting real group id, effective group id and saved group id to 'hast',
- setting real user id, effective user id and saved user id to 'hast'.
At the end verify that those operations where successfull.

r218049 (pjd):

Drop privileges in worker processes.

Accepting connections and handshaking in secondary is still done before
dropping privileges. It should be implemented by only accepting connections in
privileged main process and passing connection descriptors to the worker, but
is not implemented yet.

r218132 (pjd):

Rename pjdlog_verify() to pjdlog_abort() as it better describes what the
the function does and mark it with __dead2.

r218138 (pjd):

- Use pjdlog for assertions and aborts as this will log assert/abort message
  to syslog if we run in background.
- Asserts in proto.c that method we want to call is implemented and remove
  dummy methods from protocols implementation that are only there to abort
  the program with nice message.

r218139 (pjd):

Implement two new functions for sending descriptor and receving descriptor
over UNIX domain sockets and socket pairs.
This is in preparation for capsicum.

r218147 (pjd), r218148 (pjd):

Fix build on ia64.

r218158 (pjd):

Do not set socket send and receive buffer. It will be auto-tuned.

Confirmed by:   rwatson

r218185 (pjd):

Be prepared that hp_client or hp_server might be NULL now.

r218191 (pjd):

Move protocol allocation and deallocation to separate functions.

r218192 (pjd), r218201 (bz):

Allow to specify connection timeout by the caller.

r218193 (pjd):

Add proto_connect_wait() to wait for connection to finish.
If timeout argument to proto_connect() is -1, then the caller needs to use
this new function to wait for connection.

This change is in preparation for capsicum, where sandboxed worker wants
to ask main process to connect in worker's behalf and pass descriptor
to the worker. Because we don't want the main process to wait for the
connection, it will start async connection and pass descriptor to the
worker who will be responsible for waiting for the connection to finish.

r218194 (pjd):

- Rename proto_descriptor_{send,recv}() functions to
  proto_connection_{send,recv} and change them to return proto_conn
  structure. We don't operate directly on descriptors, but on
  proto_conns.
- Add wrap method to wrap descriptor with proto_conn.
- Remove methods to send and receive descriptors and implement this
  functionality as additional argument to send and receive methods.

r218214 (pjd):

Let the caller log info about successful privilege drop.
We don't want to log this in hastctl.

r218215 (pjd):

Drop privileges after connecting to hastd, but before sending or receiving
anything.

r218217 (pjd):

Add missing locking after moving keepalive_send() to remote send thread
in r214692.

r218218 (pjd):

Setup another socketpair between parent and child, so that primary sandboxed
worker can ask the main privileged process to connect in worker's behalf
and then we can migrate descriptor using this socketpair to worker.
This is not really needed now, but will be needed once we start to use
capsicum for sandboxing.

r218370 (pjd):

Close more descriptors that can be open if the worker process for the given
resource is already running.

Submitted by:   Mikolaj Golub <to.my.trociny@@gmail.com>

r218373 (pjd):

Open syslog when logging sysconf(3) failure.

Reported by:    Mikolaj Golub <to.my.trociny@@gmail.com>

r218374 (pjd):

Treat fstat(2) failure (different than EBADF) as fatal error.

Reported by:    Mikolaj Golub <to.my.trociny@@gmail.com>

r218375 (pjd):

Add (void) cast before snprintf(3)s for which we are not interested in return
values.

r218376 (pjd):

Now that we break the loop on fstat(2) failure we no longer need to satisfy
gcc's imperfections.

r218464 (pjd):

Unlink UNIX domain socket file only if:
1. The descriptor is the one we are listening on (not the one when we connect
   as a client and not the one which is created on accept(2)).
2. Descriptor was created by us (PID matches with the PID stored on bind(2)).

Reported by:    Mikolaj Golub <to.my.trociny@@gmail.com>

r218465 (pjd):

Explicitly include <sys/types.h> as suggested by getpid(2) and don't rely on
<sys/un.h> including what's needed.

r218474 (pjd):

When we decide to unlink socket file, sun_path must be set. If it is set,
but there is problem unlinking the file, log a warning.

r219082 (pjd):

Recognize 'reload' command, as hastd can be reloaded with the SIGHUP signal.

Approved by:	pjd (mentor)
@
text
@a29 1
hast:*:845:
@


1.35.10.3
log
@## SVN ##
## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/ 242909
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r242909 | dim | 2012-11-12 07:47:19 +0000 (Mon, 12 Nov 2012) | 20 lines
## SVN ##
## SVN ## MFC r242625:
## SVN ##
## SVN ## Remove duplicate const specifiers in many drivers (I hope I got all of
## SVN ## them, please let me know if not).  Most of these are of the form:
## SVN ##
## SVN ## static const struct bzzt_type {
## SVN ##       [...list of members...]
## SVN ## } const bzzt_devs[] = {
## SVN ##       [...list of initializers...]
## SVN ## };
## SVN ##
## SVN ## The second const is unnecessary, as arrays cannot be modified anyway,
## SVN ## and if the elements are const, the whole thing is const automatically
## SVN ## (e.g. it is placed in .rodata).
## SVN ##
## SVN ## I have verified this does not change the binary output of a full kernel
## SVN ## build (except for build timestamps embedded in the object files).
## SVN ##
## SVN ## Reviewed by:	yongari, marius
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d1 1
a1 1
# $FreeBSD: stable/8/etc/group 220104 2011-03-28 17:41:10Z trociny $
@


1.35.10.4
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/256103
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@d1 1
a1 1
# $FreeBSD: stable/8/etc/group 256103 2013-10-07 08:20:56Z des $
a20 1
unbound:*:59:
@


1.35.10.2.2.1
log
@SVN rev 232438 on 2012-03-03 06:15:13Z by kensmith

Copy stable/8 to releng/8.3 as part of 8.3-RELEASE release cycle.

Approved by:	re (implicit)
@
text
@@


1.35.10.2.2.2
log
@Switch importer
@
text
@d1 1
a1 1
# $FreeBSD: releng/8.3/etc/group 220104 2011-03-28 17:41:10Z trociny $
@


1.35.10.1.6.1
log
@SVN rev 216617 on 2010-12-21 17:09:25Z by kensmith

Copy stable/8 to releng/8.2 in preparation for FreeBSD-8.2 release.

Approved by:	re (implicit)
@
text
@@


1.35.10.1.4.1
log
@SVN rev 209145 on 2010-06-14 02:09:06Z by kensmith

Copy stable/8 to releng/8.1 in preparation for 8.1-RC1.

Approved by:	re (implicit)
@
text
@@


1.35.10.1.2.1
log
@SVN rev 198460 on 2009-10-25 01:10:29Z by kensmith

Copy stable/8 to releng/8.0 as part of 8.0-RELEASE release procedure.

Approved by:	re (implicit)
@
text
@@


1.35.8.1
log
@SVN rev 191087 on 2009-04-15 03:14:26Z by kensmith

Create releng/7.2 from stable/7 in preparation for 7.2-RELEASE.

Approved by:	re (implicit)
@
text
@@


1.35.6.1
log
@SVN rev 185281 on 2008-11-25 02:59:29Z by kensmith

Create releng/7.1 in preparation for moving into RC phase of 7.1 release
cycle.

Approved by:	re (implicit)
@
text
@@


1.34
log
@Assign gid 77 to audit instead of gid 73.  The ports group list did not
include '73', which was assigned in a ports passwd entry to ircservices.

Pointed out by:	ceri
@
text
@d14 1
@


1.33
log
@Allocate an 'audit' group, membership in which will grant the audit
review right by virtue of read file permission on /var/audit and its
contents.

Obtained from:	TrustedBSD Project
@
text
@d27 1
a27 1
audit:*:73:
@


1.32
log
@Add _dhcp user/group as required by the OpenBSD dhclient.
@
text
@d27 1
@


1.32.2.1
log
@Merge group:1.33,1.34 from HEAD to RELENG_6:

  Assign gid 77 to audit instead of gid 73.  The ports group list did not
  include '73', which was assigned in a ports passwd entry to ircservices.

  Pointed out by: ceri

  Allocate an 'audit' group, membership in which will grant the audit
  review right by virtue of read file permission on /var/audit and its
  contents.

  Obtained from:  TrustedBSD Project

Approved by:	re (scottl)
@
text
@a26 1
audit:*:77:
@


1.32.2.2
log
@Switch importer
@
text
@d1 1
a1 1
# $FreeBSD: stable/6/etc/group 200489 2009-12-14 00:12:07Z dougb $
@


1.32.2.1.8.1
log
@SVN rev 183531 on 2008-10-02 02:57:24Z by kensmith

Create releng/6.4 from stable/6 in preparation for 6.4-RC1.

Approved by:	re (implicit)
@
text
@@


1.31
log
@Add "privsep" user/group _pflogd:_pflogd (64:64) to make pflogd(8) work
again. This user/group is not required for install* targets, hence do not
add them to CHECK_UIDS/CHECK_GIDS in Makefile.inc1 (no need to annoy
people).

Discussed-on:	-current
@
text
@d23 1
@


1.30
log
@Add trailing collon

Noticed by:	dwhite
Approved by:	bms(mentor)
@
text
@d22 1
@


1.29
log
@Link pf to the build and install:
This adds the former ports registered groups: proxy and authpf as well as
the proxy user. Make sure to run mergemaster -p in oder to complete make
installworld without errors.

This also provides the passive OS fingerprints from OpenBSD (pf.os) and an
example pf.conf.

For those who want to go without pf; it provides a NO_PF knob to make.conf.

__FreeBSD_version will be bumped soon to reflect this and to be able to
change ports accordingly.

Approved by:	bms(mentor)
@
text
@d20 2
a21 2
proxy:*:62
authpf:*:63
@


1.28
log
@xten isn't needed after tw is gone.

Approved by: re@@ (scottl)
@
text
@d20 2
@


1.27
log
@Remove root from the 'guest' group: missed in a previous pass.

Spotted by:	jhb
@
text
@a20 1
xten:*:67:
@


1.26
log
@Remove root from the kmem, sys, tty, and staff groups in the default
configuration.  Root privileges override DAC on local file systems and
therefore root does not generally need to be a member of a group to
access files owned by that group.  In the NFS case, require explicit
authorization for root to have these privileges.

Leave root in operator for dump/restore broadcast reasons; leave root
in wheel until discrepencies in the "no users in wheel means any user
can su" policy are resolved (possibly indefinitely).
@
text
@d18 1
a18 1
guest:*:31:root
@


1.25
log
@For consistency with other entries in group, don't put the daemon or
xten users in their groups explicitly--we pick that up from the gid
field in master.passwd.
@
text
@d5 3
a7 3
kmem:*:2:root
sys:*:3:root
tty:*:4:root
d14 1
a14 1
staff:*:20:root
@


1.24
log
@Add an sshd user and group for the OpenSSH privilege separation code.
@
text
@d4 1
a4 1
daemon:*:1:daemon
d21 1
a21 1
xten:*:67:xten
@


1.23
log
@Add two new accounts/groups for sendmail:

smmsp - sendmail 8.12 operates as a set-group-ID binary (instead of
set-user-ID).  This new user/group will be used for command line
submissions.  UID/GID 25 is suggested in the sendmail documentation and has
been adopted by other operating systems such as OpenBSD and Solaris 9.

mailnull - The default value for DefaultUser is now set to the uid and gid
of the first existing user mailnull, sendmail, or daemon that has a
non-zero uid.  If none of these exist, sendmail reverts back to the old
behavior of using uid 1 and gid 1.  Currently FreeBSD uses daemon for
DefaultUser but I would prefer not to use an account used by other
programs, hence the addition of mailnull.  UID/GID 26 has been chosen for
this user.

This was discussed on -arch on October 18-19, 2001.

MFC after:	1 week
@
text
@d1 1
a1 1
# $FreeBSD: src/etc/group,v 1.22 2001/10/25 03:27:16 ache Exp $
d15 1
@


1.22
log
@Re-commit www:www
If anybody wants to remove them for some reason, please consider "pop"
removing first.

Approved by:	arch discussion from Oct 20
MFC after:	3 days
@
text
@d1 1
a1 1
# $FreeBSD: src/etc/group,v 1.20 2001/10/17 13:21:53 ache Exp $
d15 2
@


1.21
log
@Back previous revision out until it has been discussed on -arch and
motivated.  Currently, it is under dispute.
@
text
@d21 1
@


1.20
log
@Add www:www (80:80) for upcoming Apache changes
@
text
@d1 1
a1 1
# $FreeBSD: src/etc/group,v 1.19 1999/08/27 23:23:41 peter Exp $
a20 1
www:*:80:
@


1.19
log
@$Id$ -> $FreeBSD$
@
text
@d1 1
a1 1
# $FreeBSD$
d21 1
@


1.19.2.1
log
@MFC: Add two new accounts/groups (smmsp and mailnull) for sendmail.

     Revision  Changes    Path
     1.23      +3 -1      src/etc/group
     1.29      +3 -1      src/etc/master.passwd
@
text
@d1 1
a1 1
# $FreeBSD: src/etc/group,v 1.19 1999/08/27 23:23:41 peter Exp $
a14 2
smmsp:*:25:
mailnull:*:26:
@


1.19.2.2
log
@MFC: www:www
@
text
@d1 1
a1 1
# $FreeBSD$
a22 1
www:*:80:
@


1.19.2.2.2.1
log
@Merge OpenSSH, OPIE, PAM and a number of dependencies from -STABLE.
@
text
@a14 1
sshd:*:22:
@


1.19.2.3
log
@MFC: Add the sshd pseudo-user and its home directory.
@
text
@a14 1
sshd:*:22:
@


1.19.2.4
log
@Switch importer
@
text
@d1 1
a1 1
# $FreeBSD: stable/4/etc/group 99150 2002-06-30 17:57:17Z des $
@


1.18
log
@    Added group bind(53), added sandbox users tty(4), kmem(5), and bind(53),
    adjustd inetd.conf to run comsat and ntalk from tty sandbox, and
    the (commented out) ident from the kmem sandbox.

    Note that it is necessary to give each group access it's own uid to
    prevent programs running under a single uid from being able to gdb
    or otherwise mess with other programs (with different group perms) running
    under the same uid.
@
text
@d1 1
a1 1
#	$Id: group,v 1.17 1998/09/13 23:05:46 brian Exp $
@


1.18.2.1
log
@$Id$ -> $FreeBSD$
@
text
@d1 1
a1 1
# $FreeBSD$
@


1.17
log
@Add Id keyword
@
text
@d1 1
a1 1
#	$Id:$
d16 1
@


1.16
log
@ppp => network
As discussed on cvs-committers
@
text
@d1 2
@


1.15
log
@Add group ppp (gid 69)
@
text
@d17 1
a17 1
ppp:*:69:
@


1.14
log
@Add mail group.
@
text
@d17 1
@


1.13
log
@Move "dialer" to gid == 68.
@
text
@d7 1
@


1.13.2.1
log
@Actually, a mail group probably isn't a bad idea in any case.  Give it GID 6.
@
text
@a6 1
mail:*:6:
@


1.13.2.2
log
@MFC: Add group ppp (gid 69)
@
text
@a16 1
ppp:*:69:
@


1.13.2.3
log
@MFC: ppp => network
     As discussed on cvs-committers
@
text
@d17 1
a17 1
network:*:69:
@


1.13.2.4
log
@Add Id keyword
@
text
@a0 2
#	$Id:$
#
@


1.13.2.5
log
@$Id$ -> $FreeBSD$
@
text
@d1 1
a1 1
# $FreeBSD$
@


1.12
log
@Move user & group "xten" from [ug]id == 100 to 67.
This is less likely to collide with site policies.
@
text
@d15 1
a15 1
dialer:*:117:
@


1.11
log
@Remove ingres user.
@
text
@d14 1
a14 1
xten:*:100:xten
@


1.10
log
@nogroup 32766 -> 65533 to go with nobody's change to 65534.
@
text
@a13 1
ingres:*:74:ingres
@


1.10.4.1
log
@Remove ingress user and group.
@
text
@d14 1
@


1.10.4.2
log
@Move user & group "xten" from [ug]id == 100 to 67.
This is less likely to collide with site policies.
@
text
@d14 1
a14 1
xten:*:67:xten
@


1.10.4.3
log
@Move "dialer" to gid==68.
@
text
@d15 1
a15 1
dialer:*:68:
@


1.9
log
@change nobody master.passwd entry to 65534:65534
change nobody group entry to 65534
Suggested-by: pst
@
text
@d17 1
a17 1
nogroup:*:32766:
@


1.8
log
@Add xten user/group.
Submitted by:	Gene Stark <gene@@starkhome.cs.sunysb.edu>
@
text
@a12 1
nobody:*:39:
d18 1
@


1.7
log
@Intruduce new group for uucp, gid 66
@
text
@d16 1
@


1.6
log
@As per Rod's wishes, man uses uid/gid 9 now.
@
text
@d14 1
@


1.5
log
@Remove man group - no longer necessary (that was quick! :).  I'll let Rod
pick the uid for the `man' user, since he staked a claim on that, but he'd
better not forget or the make install will break badly! :)
@
text
@d9 1
@


1.4
log
@Added a man group ID.
@
text
@a8 1
man:*:9:
@


1.3
log
@>From: Andreas Schulz <ats@@g386bsd.first.gmd.de>
Subject: failure in /usr/src/etc/group

The /usr/src/etc/group file is missing a colon in the line
"dialer:*:117" at the end.
@
text
@d9 1
@


1.2
log
@Removed bill and lynne from group file, this was a security hole in the
0.1 distribution, as they had accounts in the password file with out passwords,
and were in group wheel!
@
text
@d14 1
a14 1
dialer:*:117
@


1.2.2.1
log
@>From: Andreas Schulz <ats@@g386bsd.first.gmd.de>
Subject: failure in /usr/src/etc/group

The /usr/src/etc/group file is missing a colon in the line
"dialer:*:117" at the end.
@
text
@d14 1
a14 1
dialer:*:117:
@


1.2.2.2
log
@>From main branch:
----------------------------
revision 1.6
date: 1994/03/19 23:31:38;  author: jkh;  state: Exp;  lines: +1 -0
As per Rod's wishes, man uses uid/gid 9 now.
@
text
@a8 1
man:*:9:
@


1.1
log
@Initial revision
@
text
@d1 1
a1 1
wheel:*:0:root,bill,lynne
@


1.1.1.1
log
@Initial import of 386BSD 0.1 othersrc/etc
@
text
@@
