Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 29 Jan 2011 00:10:07 +0000 (UTC)
From:      "Bjoern A. Zeeb" <bz@FreeBSD.org>
To:        Pawel Jakub Dawidek <pjd@FreeBSD.org>
Cc:        svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org
Subject:   Re: svn commit: r218046 - head/etc
Message-ID:  <20110129000753.R39951@maildrop.int.zabbadoz.net>
In-Reply-To: <201101282228.p0SMSCe6002592@svn.freebsd.org>
References:  <201101282228.p0SMSCe6002592@svn.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 28 Jan 2011, Pawel Jakub Dawidek wrote:

> Author: pjd
> Date: Fri Jan 28 22:28:12 2011
> New Revision: 218046
> URL: http://svn.freebsd.org/changeset/base/218046
>
> Log:
>  Add 'hast' user and 'hast' group that will be used by hastd (and maybe hastctl)
>  to drop privileges.

Does it really have to be a high number in the 50-1000 range tracked
by ports/UIDs ports/GIDs?  I am worried that we'll soon end up in a
problem with that anyway:(


>  MFC after:	1 week
>
> Modified:
>  head/etc/group
>  head/etc/master.passwd
>
> Modified: head/etc/group
> ==============================================================================
> --- head/etc/group	Fri Jan 28 21:57:42 2011	(r218045)
> +++ head/etc/group	Fri Jan 28 22:28:12 2011	(r218046)
> @@ -27,5 +27,6 @@ dialer:*:68:
> network:*:69:
> audit:*:77:
> www:*:80:
> +hast:*:845:
> nogroup:*:65533:
> nobody:*:65534:
>
> Modified: head/etc/master.passwd
> ==============================================================================
> --- head/etc/master.passwd	Fri Jan 28 21:57:42 2011	(r218045)
> +++ head/etc/master.passwd	Fri Jan 28 22:28:12 2011	(r218046)
> @@ -20,4 +20,5 @@ _dhcp:*:65:65::0:0:dhcp programs:/var/em
> uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
> pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin
> www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
> +hast:*:845:845::0:0:HAST unprivileged user:/nonexistent:/usr/sbin/nologin
> nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin
>

-- 
Bjoern A. Zeeb                                 You have to have visions!
         <ks> Going to jail sucks -- <bz> All my daemons like it!
   http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails.html



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110129000753.R39951>