| #
1105dba7 |
| 19-Jun-2023 |
deraadt <deraadt@openbsd.org> |
The group "operator" gatekeeps a few superuser abilities (dumping disks,
manipulating tape drives -> means gid operator on device nodes). This group
is also used with group-access bit on the setuid-
The group "operator" gatekeeps a few superuser abilities (dumping disks,
manipulating tape drives -> means gid operator on device nodes). This group
is also used with group-access bit on the setuid-root shutdown command
(mode ug+x,u+s). Some people use this to shutdown/reboot their machines, but
use of that group is giving them disk read access also, which is wrong.
It would be a pain to re-gid all the device nodes, so instead let's renumber
the operator execution gid into group "_shutdown".
Users using this shutdown/reboot functionality will notice it no longer works,
and move themselves to the correct group.
Various choices discussed at large, this seems our best choice.
ok sthen
show more ...
|
| #
4100cc5f |
| 23-Aug-2022 |
martijn <martijn@openbsd.org> |
(Re)add support for agentx in snmpd
Current omissions in protocol support are notifications,
index (de)allocation, and agent capabilities.
Help testing sthen@
Feedback/tweaks/OK jmatthew@
|
| #
37d6af42 |
| 28-Jun-2022 |
claudio <claudio@openbsd.org> |
Add missing colon. Noticed by jmc@
|
| #
c2691def |
| 28-Jun-2022 |
claudio <claudio@openbsd.org> |
Hook up bgplgd. Uses _bgplgd user with id 71:71 add a rc.d script and
all the other rc plumbing.
OK deraadt@
|
| #
62a9676a |
| 21-Apr-2022 |
danj <danj@openbsd.org> |
Remove _switchd user/group/alias
ok millert deraadt
switchd(8) was removed back in November. Commit message was:
Retire switchd and switchctl. While interesting they never managed to
really get in
Remove _switchd user/group/alias
ok millert deraadt
switchd(8) was removed back in November. Commit message was:
Retire switchd and switchctl. While interesting they never managed to
really get into a usable state. The OpenFlow API is mostly superseeded
by P4 and so this is a bit of a dead end.
show more ...
|
| #
96184aae |
| 28-Jan-2020 |
naddy <naddy@openbsd.org> |
sort
|
| #
166e2b08 |
| 24-Jan-2020 |
tedu <tedu@openbsd.org> |
retire rebound etc bits to the attic
|
| #
c1c1f550 |
| 14-Nov-2019 |
deraadt <deraadt@openbsd.org> |
uid/gid 70 is _rpki-client for privdrop; ok benno
|
| #
20dcfd2b |
| 26-Jan-2019 |
florian <florian@openbsd.org> |
add _unwind user; OK deraadt
|
| #
1f53cc20 |
| 23-Jul-2018 |
florian <florian@openbsd.org> |
Remove rtadvd(8) leftovers in etc.
OK deraadt, phessler
|
| #
b0cadc69 |
| 12-Jul-2018 |
florian <florian@openbsd.org> |
Add _rad user and group for rad(8).
This recycles the _btd uid/gid that have been removed in 2013.
Discussed in the hackroom.
|
| #
e3d84185 |
| 18-Mar-2017 |
florian <florian@openbsd.org> |
add user for slaacd(8)
|
| #
08188b40 |
| 19-Jan-2017 |
ajacoutot <ajacoutot@openbsd.org> |
Add the _syspatch user/group: an unprivileged user for syspatch(8) used to fetch
and verify patches.
discussed with deraadt@ rpe@
ok deraadt@
|
| #
28e4bf3d |
| 27-Dec-2016 |
jca <jca@openbsd.org> |
Remove user uucp and group news from base.
|
| #
8cd6a3bf |
| 15-Nov-2016 |
tb <tb@openbsd.org> |
Introduce the build user and the wobj group that will soon be used as
defaults for building the system from source.
ok deraadt
|
| #
3dd01cca |
| 07-Oct-2016 |
deraadt <deraadt@openbsd.org> |
use better uid/gid for _switchd
|
| #
e5ac0b63 |
| 06-Oct-2016 |
reyk <reyk@openbsd.org> |
Add _switchd
|
| #
0b53298d |
| 27-Sep-2016 |
florian <florian@openbsd.org> |
Add unprivileged user for traceroute.
Input deraadt@
OK benno@, sthen@
|
| #
d3fe3506 |
| 26-Sep-2016 |
florian <florian@openbsd.org> |
Add _ping user/group.
OK natano on a previous diff which used a different uid/gid.
naddy@ pointed out that uid/gid was already taken on "important" systems.
Turns out we cannot easily recycle freed u
Add _ping user/group.
OK natano on a previous diff which used a different uid/gid.
naddy@ pointed out that uid/gid was already taken on "important" systems.
Turns out we cannot easily recycle freed up uids/gids so settle on 51.
show more ...
|
| #
f3024385 |
| 13-Sep-2016 |
deraadt <deraadt@openbsd.org> |
proxy uid/gid was split up for seperate purposes; it can go away now.
|
| #
8023d724 |
| 05-Mar-2016 |
espie <espie@openbsd.org> |
add proper entries for pkg_add privsep, instead of piggy-backing on _pfetch
which was a "better than nothing" measure for 5.9.
Another user to come. Approved by deraadt@ on principle.
thanks sthen@
add proper entries for pkg_add privsep, instead of piggy-backing on _pfetch
which was a "better than nothing" measure for 5.9.
Another user to come. Approved by deraadt@ on principle.
thanks sthen@ for checking my lines over.
show more ...
|
| #
d92077b3 |
| 16-Dec-2015 |
ratchov <ratchov@openbsd.org> |
Add _sndiop user and group for (future) privileged sndiod process.
ok deraadt
|
| #
803f3e67 |
| 01-Dec-2015 |
deraadt <deraadt@openbsd.org> |
create new independent uid/gid for tftp_proxy and ftp_proxy.
They should not share a uid. Leave the proxy uid for later mop-up
(sysmerge does not handle uid renamings well enough)
ok dlg, ok aja a w
create new independent uid/gid for tftp_proxy and ftp_proxy.
They should not share a uid. Leave the proxy uid for later mop-up
(sysmerge does not handle uid renamings well enough)
ok dlg, ok aja a while back
show more ...
|
| #
e1c5d175 |
| 09-Nov-2015 |
mlarkin <mlarkin@openbsd.org> |
Add user "_vmd" for forthcoming vmd daemon
ok deraadt@
|
| #
11a8050d |
| 15-Oct-2015 |
tedu <tedu@openbsd.org> |
_rebound user and group (52)
|