From owner-freebsd-current@FreeBSD.ORG  Sun Dec  2 13:05:51 2012
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id E0A5054D
 for <freebsd-current@freebsd.org>; Sun,  2 Dec 2012 13:05:51 +0000 (UTC)
 (envelope-from rwatson@FreeBSD.org)
Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42])
 by mx1.freebsd.org (Postfix) with ESMTP id ADB8A8FC08
 for <freebsd-current@freebsd.org>; Sun,  2 Dec 2012 13:05:51 +0000 (UTC)
Received: from fledge.watson.org (fledge.watson.org [65.122.17.41])
 by cyrus.watson.org (Postfix) with ESMTPS id 54D2A46B09;
 Sun,  2 Dec 2012 08:05:51 -0500 (EST)
Date: Sun, 2 Dec 2012 13:05:51 +0000 (GMT)
From: Robert Watson <rwatson@FreeBSD.org>
X-X-Sender: robert@fledge.watson.org
To: "O. Hartmann" <ohartman@zedat.fu-berlin.de>
Subject: Re: Distributed audit daemon committed (was: svn commit: r243752 -
 in head: etc etc/defaults etc/mail etc/mtree etc/rc.d share/man/man4 usr.sbin
 usr.sbin/auditdistd (fwd))
In-Reply-To: <50BB136F.4040509@zedat.fu-berlin.de>
Message-ID: <alpine.BSF.2.00.1212021302390.55169@fledge.watson.org>
References: <alpine.BSF.2.00.1212011512410.34256@fledge.watson.org>
 <50BA7158.1040302@fgznet.ch>
 <CADLo83-SJMdu7jagH-Ac_Ooc-LahDtL+EF-cRHiWsS9u64sxsA@mail.gmail.com>
 <50BB136F.4040509@zedat.fu-berlin.de>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: freebsd-current@freebsd.org
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Dec 2012 13:05:51 -0000


On Sun, 2 Dec 2012, O. Hartmann wrote:

>> Does mergemaster -p help?
>
> I had the very same problem and complained about it on current@. 
> "mergemaster -p" definitely helped for me and I was given the advise to use 
> mergemaster -p prior to every make installworld.

Just to follow up on this thread, since the question has come up a number of 
times.  "mergemaser -p" should be run prior to installworld always, but most 
of the time will do very little.  One of its responsibilities is to add any 
necessary accounts and groups depended on by base system components -- e.g., 
that will be referenced during installworld as part of setting file ownership 
and groups.

One of the primary sources of new users and groups has been chroot/etc 
sandboxes -- independent from the role of a daemon as a file owner.  My hope 
is that this will reduce over time with increasing use Capsicum sandboxes, 
which don't require custom UIDs/GIDs.  However, there are still cases where 
you want a daemon, for reasons of file and group ownership, to run as a 
specific user, as is the case with auditdistd, which does support Capsicum 
(where enabled).

Robert