Add a _file user and use for privsep, ok deraadt

diff --git a/etc/group b/etc/group
index 4ab13e2..259b367 100644 (file)
--- a/etc/group
+++ b/etc/group
@@ -61,6 +61,7 @@ _ldapd:*:100:
 _iked:*:101:
 _iscsid:*:102:
 _smtpq:*:103:
+_file:*:104:
 dialer:*:117:
 nogroup:*:32766:
 nobody:*:32767:

diff --git a/etc/mail/aliases b/etc/mail/aliases
index 9a73803..d3a3764 100644 (file)
--- a/etc/mail/aliases
+++ b/etc/mail/aliases
@@ -1,5 +1,5 @@
 #
-#      $OpenBSD: aliases,v 1.47 2014/09/20 09:59:52 ajacoutot Exp $
+#      $OpenBSD: aliases,v 1.48 2015/04/27 13:48:06 nicm Exp $
 #
 #  Aliases in this file will NOT be expanded in the header from
 #  Mail, but WILL be visible over networks or from /usr/libexec/mail.local.
@@ -24,6 +24,7 @@ www:  root
 _bgpd: /dev/null
 _dhcp: /dev/null
 _dvmrpd: /dev/null
+_file: /dev/null
 _fingerd: /dev/null
 _ftp: /dev/null
 _hostapd: /dev/null

diff --git a/etc/master.passwd b/etc/master.passwd
index 1315b37..466914a 100644 (file)
--- a/etc/master.passwd
+++ b/etc/master.passwd
@@ -44,4 +44,5 @@ _ldapd:*:100:100::0:0:LDAP Daemon:/var/empty:/sbin/nologin
 _iked:*:101:101::0:0:IKEv2 Daemon:/var/empty:/sbin/nologin
 _iscsid:*:102:102::0:0:iSCSI Daemon:/var/empty:/sbin/nologin
 _smtpq:*:103:103::0:0:SMTP Daemon:/var/empty:/sbin/nologin
+_file:*:104:104::0:0:file privsep:/var/empty:/sbin/nologin
 nobody:*:32767:32767::0:0:Unprivileged user:/nonexistent:/sbin/nologin

diff --git a/usr.bin/file/file.h b/usr.bin/file/file.h
index 81dcf64..5e70f4e 100644 (file)
--- a/usr.bin/file/file.h
+++ b/usr.bin/file/file.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: file.h,v 1.27 2015/04/27 13:41:45 nicm Exp $ */
+/* $OpenBSD: file.h,v 1.28 2015/04/27 13:48:06 nicm Exp $ */
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -23,7 +23,7 @@
 #define FILE_READ_SIZE (256 * 1024)
 
 /* User to drop privileges to in child process. */
-#define FILE_USER "nobody"
+#define FILE_USER "_file"
 
 /* text.c */
 const char     *text_get_type(const void *, size_t);