From: nicm Date: Mon, 27 Apr 2015 13:48:06 +0000 (+0000) Subject: Add a _file user and use for privsep, ok deraadt X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=b4aeb3879d2032f2c8767b179e85dd5648918d31;p=openbsd Add a _file user and use for privsep, ok deraadt --- diff --git a/etc/group b/etc/group index 4ab13e2928d..259b3670e5b 100644 --- a/etc/group +++ b/etc/group @@ -61,6 +61,7 @@ _ldapd:*:100: _iked:*:101: _iscsid:*:102: _smtpq:*:103: +_file:*:104: dialer:*:117: nogroup:*:32766: nobody:*:32767: diff --git a/etc/mail/aliases b/etc/mail/aliases index 9a738036c85..d3a37649246 100644 --- a/etc/mail/aliases +++ b/etc/mail/aliases @@ -1,5 +1,5 @@ # -# $OpenBSD: aliases,v 1.47 2014/09/20 09:59:52 ajacoutot Exp $ +# $OpenBSD: aliases,v 1.48 2015/04/27 13:48:06 nicm Exp $ # # Aliases in this file will NOT be expanded in the header from # Mail, but WILL be visible over networks or from /usr/libexec/mail.local. @@ -24,6 +24,7 @@ www: root _bgpd: /dev/null _dhcp: /dev/null _dvmrpd: /dev/null +_file: /dev/null _fingerd: /dev/null _ftp: /dev/null _hostapd: /dev/null diff --git a/etc/master.passwd b/etc/master.passwd index 1315b37a542..466914a66c6 100644 --- a/etc/master.passwd +++ b/etc/master.passwd @@ -44,4 +44,5 @@ _ldapd:*:100:100::0:0:LDAP Daemon:/var/empty:/sbin/nologin _iked:*:101:101::0:0:IKEv2 Daemon:/var/empty:/sbin/nologin _iscsid:*:102:102::0:0:iSCSI Daemon:/var/empty:/sbin/nologin _smtpq:*:103:103::0:0:SMTP Daemon:/var/empty:/sbin/nologin +_file:*:104:104::0:0:file privsep:/var/empty:/sbin/nologin nobody:*:32767:32767::0:0:Unprivileged user:/nonexistent:/sbin/nologin diff --git a/usr.bin/file/file.h b/usr.bin/file/file.h index 81dcf64d7e2..5e70f4ea4e4 100644 --- a/usr.bin/file/file.h +++ b/usr.bin/file/file.h @@ -1,4 +1,4 @@ -/* $OpenBSD: file.h,v 1.27 2015/04/27 13:41:45 nicm Exp $ */ +/* $OpenBSD: file.h,v 1.28 2015/04/27 13:48:06 nicm Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott @@ -23,7 +23,7 @@ #define FILE_READ_SIZE (256 * 1024) /* User to drop privileges to in child process. */ -#define FILE_USER "nobody" +#define FILE_USER "_file" /* text.c */ const char *text_get_type(const void *, size_t);