Change the default shell of the "toor" user to /rescue/sh

toor is a backup account to be used in case of trouble.

When root's default shell was changed to from /bin/csh to /bin/sh,
toor lost its purpose.

/rescue/sh is an ideal choice here because it's a static binary,
while we've moved to dynamic linking for the rest of the system.

Discussed a few times over the years on tech-userlevel.

Add _dhcpcd user and group

branches: 1.50.14;
fix nsd home dir.

add nsd

unbound additions

branches: 1.47.10;
Add _rtadvd user and group.
Add a chroot dir for the _rtadvd user.
Drop privs to the user _rtadvd after acquiring our socket.
When rc.d/rtadvd starts or reloads, the rtadvd config file is copied
into the chroot before starting or reloading rtadvd itself.
Create a symlink from /var/run/rtadvd.dump to the chroot

Inital idea from OpenBSD patch rtadvd.c r1.36

branches: 1.46.2;
Change root's default shell to /bin/sh, to provide a default which
has command line editing, tab completion, and other features users
have come to expect from a modern OS.

Discussed on current-users approximately two weeks ago. Should be
pulled up for NetBSD 6.0.

branches: 1.45.2;
- add _tss user for tcsd, and needed directories for TrouSerS.
This is all unused as of now because the trousers is not connected to
the build yet.

branches: 1.44.2;
Rename the _atf user to _tests. The _atf name will get obsoleted if/when
we migrate to Kyua (atf v2), so it's better to use a generic name that does
not depend on the specific implementation. Also, this user has not gone
out yet into any stable release, so we can easily rename it.

Suggested by jruoho@.

Make tcpdump(8) to drop root privileges and chroot(2) by default.

Add the _atf user and group to be able to run unprivileged tests automatically
without having to manually tweak the 'unprivileged-user' setting. Suggested
by pooka@.

mdnsd home should not be /var/www!

Multicast DNS ("Bonjour") support, based on Apple's mDNSResponder.

Add httpd to the build. Add _httpd to passwd and groups and postinstall.
Add /var/www to mtree, add example line to inetd.conf.

branches: 1.38.4;
For sdpd(8), change default user/group from nobody/nobody to _sdpd/_sdpd

Let timedc use the dedicated account "_timedc" for dropping privileges
instead of abusing the account "nobody".

branches: 1.36.2; 1.36.4;
goodbye uucp

add all the proper fields to _proxy

PR 30870: Add user ``_proxy'' and make pf's ftp-proxy use it.
Initial patch by rivo nurges, thanks!

Remove sendmail (approved by core)

add _rwhod user (and group)

Add the _pflogd user which will be used by pflogd(8), the logging daemon
for pf(4).

Approved by core.

branches: 1.30.6;
Oops, didn't mean to remove toor (just yet).

Consistently with previous such changes, make daemon's default group 1(daemon)
rather than 31(guest). FreeBSD and OpenBSD have done the same thing.

make nobody's shell back /sbin/nologin. we'll use su -m for xdm.

Don't make the shell of nobody /sbin/nologin. There are programs that expect
to be executing su nobody -c 'command', such as xdm's Xwilling do this.

Remove unused user and group "news" as discussed on "tech-userlevel".

uid/gid for sendmail 8.12.x.
disallow chroot priv accounts from being used for ftp.

tweak GECOS for games

tweak GECOS for postfix

fix ~sshd. tweak GECOS for named,ntpd,sshd

dig sshd uid/gid, and /var/empty, for sshd privilege separation

- add "ntpd" user (homedir: /var/chroot/ntpd) and "ntpd" group, for use by
future work to support a chroot(8)ed ntpd
- move /var/named -> /var/chroot/named for consistency with ntpd

remove `falken' user; nothing depends upon it, it causes confusion about
whether it's required or not, and by default it's useless anyway (because
the one-hit-wonder joke with respect to its shell being /usr/games/wargames
is moot unless you enable the account)

remove `ingres' user & group; we have never shipped with ingres in the
base distribution, and packages that need a specific user & group can
create it.

add named pseudo-user & group

If we have an 'operator' user, it should at least be gid operator.

add postfix uid/gid, maildrop gid

change user `nobody's group from 9999 (non-existant) to 39 (group `nobody').
from Soren S. Jorvang <soren@t.dk> in [misc/6806]

toor is back, disabled by default as before.

Revert to status quo ante (root's shell is csh, per BSD tradition),
pending the proper procedures for making such a change.

Give root a Bourne shell.

It was just Plain Wrong to ship a password file that triggers /etc/security.
Remove toor - if people want another root account, we'll assume they can
copy and modify the root line.

As per [bin/1814] from Arne Juul <arnej@imf.unit.no>, and discussions
with matt green <mrg@netbsd.org> (to shut up /etc/security)
* set ingres account shell to /sbin/nologin
* set ~daemon to / (not /root)

make toor's shell explicit to shut up /etc/security

cleanup Lite-1 merge

Correct the professor's name.

disable toor by default

uucp's shell, uucico, is in /usr/libexec/uucp (not /usr/lib/uucp).

make root/operator group ids sane...

got rid of bill, lynne, ken, and dmr

branches: 1.1.1;
Initial revision

Add _dhcpcd user and group

fix nsd home dir.

add nsd

unbound additions

branches: 1.47.10;
Add _rtadvd user and group.
Add a chroot dir for the _rtadvd user.
Drop privs to the user _rtadvd after acquiring our socket.
When rc.d/rtadvd starts or reloads, the rtadvd config file is copied
into the chroot before starting or reloading rtadvd itself.
Create a symlink from /var/run/rtadvd.dump to the chroot

Inital idea from OpenBSD patch rtadvd.c r1.36

branches: 1.46.2;
Change root's default shell to /bin/sh, to provide a default which
has command line editing, tab completion, and other features users
have come to expect from a modern OS.

Discussed on current-users approximately two weeks ago. Should be
pulled up for NetBSD 6.0.

branches: 1.45.2;
- add _tss user for tcsd, and needed directories for TrouSerS.
This is all unused as of now because the trousers is not connected to
the build yet.

branches: 1.44.2;
Rename the _atf user to _tests. The _atf name will get obsoleted if/when
we migrate to Kyua (atf v2), so it's better to use a generic name that does
not depend on the specific implementation. Also, this user has not gone
out yet into any stable release, so we can easily rename it.

Suggested by jruoho@.

Make tcpdump(8) to drop root privileges and chroot(2) by default.

Add the _atf user and group to be able to run unprivileged tests automatically
without having to manually tweak the 'unprivileged-user' setting. Suggested
by pooka@.

mdnsd home should not be /var/www!

Multicast DNS ("Bonjour") support, based on Apple's mDNSResponder.

Add httpd to the build. Add _httpd to passwd and groups and postinstall.
Add /var/www to mtree, add example line to inetd.conf.

branches: 1.38.4;
For sdpd(8), change default user/group from nobody/nobody to _sdpd/_sdpd

Let timedc use the dedicated account "_timedc" for dropping privileges
instead of abusing the account "nobody".

branches: 1.36.2; 1.36.4;
goodbye uucp

add all the proper fields to _proxy

PR 30870: Add user ``_proxy'' and make pf's ftp-proxy use it.
Initial patch by rivo nurges, thanks!

Remove sendmail (approved by core)

add _rwhod user (and group)

Add the _pflogd user which will be used by pflogd(8), the logging daemon
for pf(4).

Approved by core.

branches: 1.30.6;
Oops, didn't mean to remove toor (just yet).

Consistently with previous such changes, make daemon's default group 1(daemon)
rather than 31(guest). FreeBSD and OpenBSD have done the same thing.

make nobody's shell back /sbin/nologin. we'll use su -m for xdm.

Don't make the shell of nobody /sbin/nologin. There are programs that expect
to be executing su nobody -c 'command', such as xdm's Xwilling do this.

Remove unused user and group "news" as discussed on "tech-userlevel".

uid/gid for sendmail 8.12.x.
disallow chroot priv accounts from being used for ftp.

tweak GECOS for games

tweak GECOS for postfix

fix ~sshd. tweak GECOS for named,ntpd,sshd

dig sshd uid/gid, and /var/empty, for sshd privilege separation

- add "ntpd" user (homedir: /var/chroot/ntpd) and "ntpd" group, for use by
future work to support a chroot(8)ed ntpd
- move /var/named -> /var/chroot/named for consistency with ntpd

remove `falken' user; nothing depends upon it, it causes confusion about
whether it's required or not, and by default it's useless anyway (because
the one-hit-wonder joke with respect to its shell being /usr/games/wargames
is moot unless you enable the account)

remove `ingres' user & group; we have never shipped with ingres in the
base distribution, and packages that need a specific user & group can
create it.

add named pseudo-user & group

If we have an 'operator' user, it should at least be gid operator.

add postfix uid/gid, maildrop gid

change user `nobody's group from 9999 (non-existant) to 39 (group `nobody').
from Soren S. Jorvang <soren@t.dk> in [misc/6806]

toor is back, disabled by default as before.

Revert to status quo ante (root's shell is csh, per BSD tradition),
pending the proper procedures for making such a change.

Give root a Bourne shell.

It was just Plain Wrong to ship a password file that triggers /etc/security.
Remove toor - if people want another root account, we'll assume they can
copy and modify the root line.

As per [bin/1814] from Arne Juul <arnej@imf.unit.no>, and discussions
with matt green <mrg@netbsd.org> (to shut up /etc/security)
* set ingres account shell to /sbin/nologin
* set ~daemon to / (not /root)

make toor's shell explicit to shut up /etc/security

cleanup Lite-1 merge

Correct the professor's name.

disable toor by default

uucp's shell, uucico, is in /usr/libexec/uucp (not /usr/lib/uucp).

make root/operator group ids sane...

got rid of bill, lynne, ken, and dmr

branches: 1.1.1;
Initial revision

fix nsd home dir.

add nsd

unbound additions

Add _rtadvd user and group.
Add a chroot dir for the _rtadvd user.
Drop privs to the user _rtadvd after acquiring our socket.
When rc.d/rtadvd starts or reloads, the rtadvd config file is copied
into the chroot before starting or reloading rtadvd itself.
Create a symlink from /var/run/rtadvd.dump to the chroot

Inital idea from OpenBSD patch rtadvd.c r1.36

branches: 1.46.2;
Change root's default shell to /bin/sh, to provide a default which
has command line editing, tab completion, and other features users
have come to expect from a modern OS.

Discussed on current-users approximately two weeks ago. Should be
pulled up for NetBSD 6.0.

branches: 1.45.2;
- add _tss user for tcsd, and needed directories for TrouSerS.
This is all unused as of now because the trousers is not connected to
the build yet.

branches: 1.44.2;
Rename the _atf user to _tests. The _atf name will get obsoleted if/when
we migrate to Kyua (atf v2), so it's better to use a generic name that does
not depend on the specific implementation. Also, this user has not gone
out yet into any stable release, so we can easily rename it.

Suggested by jruoho@.

Make tcpdump(8) to drop root privileges and chroot(2) by default.

Add the _atf user and group to be able to run unprivileged tests automatically
without having to manually tweak the 'unprivileged-user' setting. Suggested
by pooka@.

mdnsd home should not be /var/www!

Multicast DNS ("Bonjour") support, based on Apple's mDNSResponder.

Add httpd to the build. Add _httpd to passwd and groups and postinstall.
Add /var/www to mtree, add example line to inetd.conf.

branches: 1.38.4;
For sdpd(8), change default user/group from nobody/nobody to _sdpd/_sdpd

Let timedc use the dedicated account "_timedc" for dropping privileges
instead of abusing the account "nobody".

branches: 1.36.2; 1.36.4;
goodbye uucp

add all the proper fields to _proxy

PR 30870: Add user ``_proxy'' and make pf's ftp-proxy use it.
Initial patch by rivo nurges, thanks!

Remove sendmail (approved by core)

add _rwhod user (and group)

Add the _pflogd user which will be used by pflogd(8), the logging daemon
for pf(4).

Approved by core.

branches: 1.30.6;
Oops, didn't mean to remove toor (just yet).

Consistently with previous such changes, make daemon's default group 1(daemon)
rather than 31(guest). FreeBSD and OpenBSD have done the same thing.

make nobody's shell back /sbin/nologin. we'll use su -m for xdm.

Don't make the shell of nobody /sbin/nologin. There are programs that expect
to be executing su nobody -c 'command', such as xdm's Xwilling do this.

Remove unused user and group "news" as discussed on "tech-userlevel".

uid/gid for sendmail 8.12.x.
disallow chroot priv accounts from being used for ftp.

tweak GECOS for games

tweak GECOS for postfix

fix ~sshd. tweak GECOS for named,ntpd,sshd

dig sshd uid/gid, and /var/empty, for sshd privilege separation

- add "ntpd" user (homedir: /var/chroot/ntpd) and "ntpd" group, for use by
future work to support a chroot(8)ed ntpd
- move /var/named -> /var/chroot/named for consistency with ntpd

remove `falken' user; nothing depends upon it, it causes confusion about
whether it's required or not, and by default it's useless anyway (because
the one-hit-wonder joke with respect to its shell being /usr/games/wargames
is moot unless you enable the account)

remove `ingres' user & group; we have never shipped with ingres in the
base distribution, and packages that need a specific user & group can
create it.

add named pseudo-user & group

If we have an 'operator' user, it should at least be gid operator.

add postfix uid/gid, maildrop gid

change user `nobody's group from 9999 (non-existant) to 39 (group `nobody').
from Soren S. Jorvang <soren@t.dk> in [misc/6806]

toor is back, disabled by default as before.

Revert to status quo ante (root's shell is csh, per BSD tradition),
pending the proper procedures for making such a change.

Give root a Bourne shell.

It was just Plain Wrong to ship a password file that triggers /etc/security.
Remove toor - if people want another root account, we'll assume they can
copy and modify the root line.

As per [bin/1814] from Arne Juul <arnej@imf.unit.no>, and discussions
with matt green <mrg@netbsd.org> (to shut up /etc/security)
* set ingres account shell to /sbin/nologin
* set ~daemon to / (not /root)

make toor's shell explicit to shut up /etc/security

cleanup Lite-1 merge

Correct the professor's name.

disable toor by default

uucp's shell, uucico, is in /usr/libexec/uucp (not /usr/lib/uucp).

make root/operator group ids sane...

got rid of bill, lynne, ken, and dmr

branches: 1.1.1;
Initial revision

unbound additions

Add _rtadvd user and group.
Add a chroot dir for the _rtadvd user.
Drop privs to the user _rtadvd after acquiring our socket.
When rc.d/rtadvd starts or reloads, the rtadvd config file is copied
into the chroot before starting or reloading rtadvd itself.
Create a symlink from /var/run/rtadvd.dump to the chroot

Inital idea from OpenBSD patch rtadvd.c r1.36

branches: 1.46.2;
Change root's default shell to /bin/sh, to provide a default which
has command line editing, tab completion, and other features users
have come to expect from a modern OS.

Discussed on current-users approximately two weeks ago. Should be
pulled up for NetBSD 6.0.

branches: 1.45.2;
- add _tss user for tcsd, and needed directories for TrouSerS.
This is all unused as of now because the trousers is not connected to
the build yet.

branches: 1.44.2;
Rename the _atf user to _tests. The _atf name will get obsoleted if/when
we migrate to Kyua (atf v2), so it's better to use a generic name that does
not depend on the specific implementation. Also, this user has not gone
out yet into any stable release, so we can easily rename it.

Suggested by jruoho@.

Make tcpdump(8) to drop root privileges and chroot(2) by default.

Add the _atf user and group to be able to run unprivileged tests automatically
without having to manually tweak the 'unprivileged-user' setting. Suggested
by pooka@.

mdnsd home should not be /var/www!

Multicast DNS ("Bonjour") support, based on Apple's mDNSResponder.

Add httpd to the build. Add _httpd to passwd and groups and postinstall.
Add /var/www to mtree, add example line to inetd.conf.

branches: 1.38.4;
For sdpd(8), change default user/group from nobody/nobody to _sdpd/_sdpd

Let timedc use the dedicated account "_timedc" for dropping privileges
instead of abusing the account "nobody".

branches: 1.36.2; 1.36.4;
goodbye uucp

add all the proper fields to _proxy

PR 30870: Add user ``_proxy'' and make pf's ftp-proxy use it.
Initial patch by rivo nurges, thanks!

Remove sendmail (approved by core)

add _rwhod user (and group)

Add the _pflogd user which will be used by pflogd(8), the logging daemon
for pf(4).

Approved by core.

branches: 1.30.6;
Oops, didn't mean to remove toor (just yet).

Consistently with previous such changes, make daemon's default group 1(daemon)
rather than 31(guest). FreeBSD and OpenBSD have done the same thing.

make nobody's shell back /sbin/nologin. we'll use su -m for xdm.

Don't make the shell of nobody /sbin/nologin. There are programs that expect
to be executing su nobody -c 'command', such as xdm's Xwilling do this.

Remove unused user and group "news" as discussed on "tech-userlevel".

uid/gid for sendmail 8.12.x.
disallow chroot priv accounts from being used for ftp.

tweak GECOS for games

tweak GECOS for postfix

fix ~sshd. tweak GECOS for named,ntpd,sshd

dig sshd uid/gid, and /var/empty, for sshd privilege separation

- add "ntpd" user (homedir: /var/chroot/ntpd) and "ntpd" group, for use by
future work to support a chroot(8)ed ntpd
- move /var/named -> /var/chroot/named for consistency with ntpd

remove `falken' user; nothing depends upon it, it causes confusion about
whether it's required or not, and by default it's useless anyway (because
the one-hit-wonder joke with respect to its shell being /usr/games/wargames
is moot unless you enable the account)

remove `ingres' user & group; we have never shipped with ingres in the
base distribution, and packages that need a specific user & group can
create it.

add named pseudo-user & group

If we have an 'operator' user, it should at least be gid operator.

add postfix uid/gid, maildrop gid

change user `nobody's group from 9999 (non-existant) to 39 (group `nobody').
from Soren S. Jorvang <soren@t.dk> in [misc/6806]

toor is back, disabled by default as before.

Revert to status quo ante (root's shell is csh, per BSD tradition),
pending the proper procedures for making such a change.

Give root a Bourne shell.

It was just Plain Wrong to ship a password file that triggers /etc/security.
Remove toor - if people want another root account, we'll assume they can
copy and modify the root line.

As per [bin/1814] from Arne Juul <arnej@imf.unit.no>, and discussions
with matt green <mrg@netbsd.org> (to shut up /etc/security)
* set ingres account shell to /sbin/nologin
* set ~daemon to / (not /root)

make toor's shell explicit to shut up /etc/security

cleanup Lite-1 merge

Correct the professor's name.

disable toor by default

uucp's shell, uucico, is in /usr/libexec/uucp (not /usr/lib/uucp).

make root/operator group ids sane...

got rid of bill, lynne, ken, and dmr

branches: 1.1.1;
Initial revision

Add _rtadvd user and group.
Add a chroot dir for the _rtadvd user.
Drop privs to the user _rtadvd after acquiring our socket.
When rc.d/rtadvd starts or reloads, the rtadvd config file is copied
into the chroot before starting or reloading rtadvd itself.
Create a symlink from /var/run/rtadvd.dump to the chroot

Inital idea from OpenBSD patch rtadvd.c r1.36

branches: 1.46.2;
Change root's default shell to /bin/sh, to provide a default which
has command line editing, tab completion, and other features users
have come to expect from a modern OS.

Discussed on current-users approximately two weeks ago. Should be
pulled up for NetBSD 6.0.

branches: 1.45.2;
- add _tss user for tcsd, and needed directories for TrouSerS.
This is all unused as of now because the trousers is not connected to
the build yet.

branches: 1.44.2;
Rename the _atf user to _tests. The _atf name will get obsoleted if/when
we migrate to Kyua (atf v2), so it's better to use a generic name that does
not depend on the specific implementation. Also, this user has not gone
out yet into any stable release, so we can easily rename it.

Suggested by jruoho@.

Make tcpdump(8) to drop root privileges and chroot(2) by default.

Add the _atf user and group to be able to run unprivileged tests automatically
without having to manually tweak the 'unprivileged-user' setting. Suggested
by pooka@.

mdnsd home should not be /var/www!

Multicast DNS ("Bonjour") support, based on Apple's mDNSResponder.

Add httpd to the build. Add _httpd to passwd and groups and postinstall.
Add /var/www to mtree, add example line to inetd.conf.

branches: 1.38.4;
For sdpd(8), change default user/group from nobody/nobody to _sdpd/_sdpd

Let timedc use the dedicated account "_timedc" for dropping privileges
instead of abusing the account "nobody".

branches: 1.36.2; 1.36.4;
goodbye uucp

add all the proper fields to _proxy

PR 30870: Add user ``_proxy'' and make pf's ftp-proxy use it.
Initial patch by rivo nurges, thanks!

Remove sendmail (approved by core)

add _rwhod user (and group)

Add the _pflogd user which will be used by pflogd(8), the logging daemon
for pf(4).

Approved by core.

branches: 1.30.6;
Oops, didn't mean to remove toor (just yet).

Consistently with previous such changes, make daemon's default group 1(daemon)
rather than 31(guest). FreeBSD and OpenBSD have done the same thing.

make nobody's shell back /sbin/nologin. we'll use su -m for xdm.

Don't make the shell of nobody /sbin/nologin. There are programs that expect
to be executing su nobody -c 'command', such as xdm's Xwilling do this.

Remove unused user and group "news" as discussed on "tech-userlevel".

uid/gid for sendmail 8.12.x.
disallow chroot priv accounts from being used for ftp.

tweak GECOS for games

tweak GECOS for postfix

fix ~sshd. tweak GECOS for named,ntpd,sshd

dig sshd uid/gid, and /var/empty, for sshd privilege separation

- add "ntpd" user (homedir: /var/chroot/ntpd) and "ntpd" group, for use by
future work to support a chroot(8)ed ntpd
- move /var/named -> /var/chroot/named for consistency with ntpd

remove `falken' user; nothing depends upon it, it causes confusion about
whether it's required or not, and by default it's useless anyway (because
the one-hit-wonder joke with respect to its shell being /usr/games/wargames
is moot unless you enable the account)

remove `ingres' user & group; we have never shipped with ingres in the
base distribution, and packages that need a specific user & group can
create it.

add named pseudo-user & group

If we have an 'operator' user, it should at least be gid operator.

add postfix uid/gid, maildrop gid

change user `nobody's group from 9999 (non-existant) to 39 (group `nobody').
from Soren S. Jorvang <soren@t.dk> in [misc/6806]

toor is back, disabled by default as before.

Revert to status quo ante (root's shell is csh, per BSD tradition),
pending the proper procedures for making such a change.

Give root a Bourne shell.

It was just Plain Wrong to ship a password file that triggers /etc/security.
Remove toor - if people want another root account, we'll assume they can
copy and modify the root line.

As per [bin/1814] from Arne Juul <arnej@imf.unit.no>, and discussions
with matt green <mrg@netbsd.org> (to shut up /etc/security)
* set ingres account shell to /sbin/nologin
* set ~daemon to / (not /root)

make toor's shell explicit to shut up /etc/security

cleanup Lite-1 merge

Correct the professor's name.

disable toor by default

uucp's shell, uucico, is in /usr/libexec/uucp (not /usr/lib/uucp).

make root/operator group ids sane...

got rid of bill, lynne, ken, and dmr

branches: 1.1.1;
Initial revision

import 4.4BSD-Lite2

import 4.4BSD-Lite

initial import of 386bsd-0.1 sources

Pull up following revision(s) (requested by jnemeth in ticket #1898):
etc/master.passwd: revision 1.34, 1.35 via patch
etc/group: revision 1.20
dist/pf/libexec/ftp-proxy/ftp-proxy.c: revision 1.12 via patch
distrib/notes/common/main: patch
PR 30870: Add user ``_proxy'' and make pf's ftp-proxy use it.
Initial patch by rivo nurges, thanks!
add all the proper fields to _proxy

Pull up revision 1.31 (requested by peter in ticket #134):
Add the _pflogd user which will be used by pflogd(8), the logging daemon
for pf(4).
Approved by core.

Catch up with 4.0 RC3

Pull up following revision(s) (requested by xtraeme in ticket #930):
etc/group: revision 1.22
etc/defaults/rc.conf: revision 1.85
etc/master.passwd: revision 1.38
usr.sbin/sdpd/sdpd.8: revision 1.2
usr.sbin/sdpd/sdpd.8: revision 1.3
share/man/man5/rc.conf.5: revision 1.113
etc/rc.d/sdpd: revision 1.2
usr.sbin/sdpd/server.c: revision 1.3
usr.sbin/postinstall/postinstall: revision 1.38
usr.sbin/sdpd/server.h: revision 1.2
usr.sbin/sdpd/main.c: revision 1.2
usr.sbin/sdpd/main.c: revision 1.3
Add an option to permit members of a specific group to register services, in
order to lower the barrier for users of bluetooth devices which may need to
query services on the local host.
change default user/group from nobody/nobody to _sdpd/_sdpd

sync with HEAD

sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")

sync with head.

sync with head

Pull up following revision(s) (requested by gson in ticket #426):
etc/master.passwd: revision 1.46
Change root's default shell to /bin/sh, to provide a default which
has command line editing, tab completion, and other features users
have come to expect from a modern OS.
Discussed on current-users approximately two weeks ago. Should be
pulled up for NetBSD 6.0.

Rebase to HEAD as of a few days ago.