#
1105dba7 |
| 19-Jun-2023 |
deraadt <deraadt@openbsd.org> |
The group "operator" gatekeeps a few superuser abilities (dumping disks, manipulating tape drives -> means gid operator on device nodes). This group is also used with group-access bit on the setuid-
The group "operator" gatekeeps a few superuser abilities (dumping disks, manipulating tape drives -> means gid operator on device nodes). This group is also used with group-access bit on the setuid-root shutdown command (mode ug+x,u+s). Some people use this to shutdown/reboot their machines, but use of that group is giving them disk read access also, which is wrong. It would be a pain to re-gid all the device nodes, so instead let's renumber the operator execution gid into group "_shutdown". Users using this shutdown/reboot functionality will notice it no longer works, and move themselves to the correct group. Various choices discussed at large, this seems our best choice. ok sthen
show more ...
|
#
4100cc5f |
| 23-Aug-2022 |
martijn <martijn@openbsd.org> |
(Re)add support for agentx in snmpd Current omissions in protocol support are notifications, index (de)allocation, and agent capabilities.
Help testing sthen@ Feedback/tweaks/OK jmatthew@
|
#
37d6af42 |
| 28-Jun-2022 |
claudio <claudio@openbsd.org> |
Add missing colon. Noticed by jmc@
|
#
c2691def |
| 28-Jun-2022 |
claudio <claudio@openbsd.org> |
Hook up bgplgd. Uses _bgplgd user with id 71:71 add a rc.d script and all the other rc plumbing. OK deraadt@
|
#
62a9676a |
| 21-Apr-2022 |
danj <danj@openbsd.org> |
Remove _switchd user/group/alias
ok millert deraadt
switchd(8) was removed back in November. Commit message was:
Retire switchd and switchctl. While interesting they never managed to really get in
Remove _switchd user/group/alias
ok millert deraadt
switchd(8) was removed back in November. Commit message was:
Retire switchd and switchctl. While interesting they never managed to really get into a usable state. The OpenFlow API is mostly superseeded by P4 and so this is a bit of a dead end.
show more ...
|
#
96184aae |
| 28-Jan-2020 |
naddy <naddy@openbsd.org> |
sort
|
#
166e2b08 |
| 24-Jan-2020 |
tedu <tedu@openbsd.org> |
retire rebound etc bits to the attic
|
#
c1c1f550 |
| 14-Nov-2019 |
deraadt <deraadt@openbsd.org> |
uid/gid 70 is _rpki-client for privdrop; ok benno
|
#
20dcfd2b |
| 26-Jan-2019 |
florian <florian@openbsd.org> |
add _unwind user; OK deraadt
|
#
1f53cc20 |
| 23-Jul-2018 |
florian <florian@openbsd.org> |
Remove rtadvd(8) leftovers in etc. OK deraadt, phessler
|
#
b0cadc69 |
| 12-Jul-2018 |
florian <florian@openbsd.org> |
Add _rad user and group for rad(8). This recycles the _btd uid/gid that have been removed in 2013. Discussed in the hackroom.
|
#
e3d84185 |
| 18-Mar-2017 |
florian <florian@openbsd.org> |
add user for slaacd(8)
|
#
08188b40 |
| 19-Jan-2017 |
ajacoutot <ajacoutot@openbsd.org> |
Add the _syspatch user/group: an unprivileged user for syspatch(8) used to fetch and verify patches.
discussed with deraadt@ rpe@ ok deraadt@
|
#
28e4bf3d |
| 27-Dec-2016 |
jca <jca@openbsd.org> |
Remove user uucp and group news from base.
|
#
8cd6a3bf |
| 15-Nov-2016 |
tb <tb@openbsd.org> |
Introduce the build user and the wobj group that will soon be used as defaults for building the system from source.
ok deraadt
|
#
3dd01cca |
| 07-Oct-2016 |
deraadt <deraadt@openbsd.org> |
use better uid/gid for _switchd
|
#
e5ac0b63 |
| 06-Oct-2016 |
reyk <reyk@openbsd.org> |
Add _switchd
|
#
0b53298d |
| 27-Sep-2016 |
florian <florian@openbsd.org> |
Add unprivileged user for traceroute. Input deraadt@ OK benno@, sthen@
|
#
d3fe3506 |
| 26-Sep-2016 |
florian <florian@openbsd.org> |
Add _ping user/group. OK natano on a previous diff which used a different uid/gid. naddy@ pointed out that uid/gid was already taken on "important" systems. Turns out we cannot easily recycle freed u
Add _ping user/group. OK natano on a previous diff which used a different uid/gid. naddy@ pointed out that uid/gid was already taken on "important" systems. Turns out we cannot easily recycle freed up uids/gids so settle on 51.
show more ...
|
#
f3024385 |
| 13-Sep-2016 |
deraadt <deraadt@openbsd.org> |
proxy uid/gid was split up for seperate purposes; it can go away now.
|
#
8023d724 |
| 05-Mar-2016 |
espie <espie@openbsd.org> |
add proper entries for pkg_add privsep, instead of piggy-backing on _pfetch which was a "better than nothing" measure for 5.9.
Another user to come. Approved by deraadt@ on principle.
thanks sthen@
add proper entries for pkg_add privsep, instead of piggy-backing on _pfetch which was a "better than nothing" measure for 5.9.
Another user to come. Approved by deraadt@ on principle.
thanks sthen@ for checking my lines over.
show more ...
|
#
d92077b3 |
| 16-Dec-2015 |
ratchov <ratchov@openbsd.org> |
Add _sndiop user and group for (future) privileged sndiod process.
ok deraadt
|
#
803f3e67 |
| 01-Dec-2015 |
deraadt <deraadt@openbsd.org> |
create new independent uid/gid for tftp_proxy and ftp_proxy. They should not share a uid. Leave the proxy uid for later mop-up (sysmerge does not handle uid renamings well enough) ok dlg, ok aja a w
create new independent uid/gid for tftp_proxy and ftp_proxy. They should not share a uid. Leave the proxy uid for later mop-up (sysmerge does not handle uid renamings well enough) ok dlg, ok aja a while back
show more ...
|
#
e1c5d175 |
| 09-Nov-2015 |
mlarkin <mlarkin@openbsd.org> |
Add user "_vmd" for forthcoming vmd daemon
ok deraadt@
|
#
11a8050d |
| 15-Oct-2015 |
tedu <tedu@openbsd.org> |
_rebound user and group (52)
|