Date: Thu, 26 Mar 2020 17:45:27 -0700 (PDT) From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> To: Brooks Davis <brooks@freebsd.org> Cc: rgrimes@freebsd.org, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: Re: svn commit: r359341 - stable/11/etc Message-ID: <202003270045.02R0jR2G039829@gndrsh.dnsmgr.net> In-Reply-To: <20200326185008.GA99303@spindle.one-eyed-alien.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Thu, Mar 26, 2020 at 11:28:51AM -0700, Rodney W. Grimes wrote: > > > Author: brooks > > > Date: Thu Mar 26 17:59:48 2020 > > > New Revision: 359341 > > > URL: https://svnweb.freebsd.org/changeset/base/359341 > > > > > > Log: > > > MFC r359247: > > > > > > Add the tests user, an unprivileged user from the default kyua config. > > > > > > This is a preparatory commit for D24103. > > > > > > Reviewed by: emaste > > > Obtained from: CheriBSD > > > Sponsored by: DARPA > > > > > > Modified: > > > stable/11/etc/master.passwd > > > Directory Properties: > > > stable/11/ (props changed) > > > > > > Modified: stable/11/etc/master.passwd > > > ============================================================================== > > > --- stable/11/etc/master.passwd Thu Mar 26 17:58:52 2020 (r359340) > > > +++ stable/11/etc/master.passwd Thu Mar 26 17:59:48 2020 (r359341) > > > @@ -24,4 +24,5 @@ auditdistd:*:78:77::0:0:Auditdistd unprivileged user:/ > > > www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin > > > _ypldap:*:160:160::0:0:YP LDAP unprivileged user:/var/empty:/usr/sbin/nologin > > > hast:*:845:845::0:0:HAST unprivileged user:/var/empty:/usr/sbin/nologin > > > +tests:*:977:65534::0:0:Unprivileged user for tests:/nonexistent:/usr/sbin/nologin > > > > This should be group 977. > > No one should be a member of group 65534 other than nobody. > > I'm happy to make this change, but we should be aware this will be > moderately disruptive as the current line matches the entry in ports/UIDs > so the new entry will conflict with existing passwd files where > devel/kyua is installed. It should be corrected all places, the group 65534 is very specific to NFS and no user should ever be given that groupid. The fact this was done in some port makes it no less of a mistake. > -- Brooks -- Rod Grimes rgrimes@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202003270045.02R0jR2G039829>