The group "operator" gatekeeps a few superuser abilities (dumping disks,
manipulating tape drives -> means gid operator on device nodes). This group
is also used with group-access bit on the setuid-root shutdown command
(mode ug+x,u+s). Some people use this to shutdown/reboot their machines, but
use of that group is giving them disk read access also, which is wrong.
It would be a pain to re-gid all the device nodes, so instead let's renumber
the operator execution gid into group "_shutdown".
Users using this shutdown/reboot functionality will notice it no longer works,
and move themselves to the correct group.
Various choices discussed at large, this seems our best choice.
ok sthen

(Re)add support for agentx in snmpd
Current omissions in protocol support are notifications,
index (de)allocation, and agent capabilities.

Help testing sthen@
Feedback/tweaks/OK jmatthew@

Add missing colon. Noticed by jmc@

Hook up bgplgd. Uses _bgplgd user with id 71:71 add a rc.d script and
all the other rc plumbing.
OK deraadt@

Remove _switchd user/group/alias

ok millert deraadt

switchd(8) was removed back in November. Commit message was:

Retire switchd and switchctl. While interesting they never managed to
really get into a usable state. The OpenFlow API is mostly superseeded
by P4 and so this is a bit of a dead end.

sort

retire rebound etc bits to the attic

uid/gid 70 is _rpki-client for privdrop; ok benno

add _unwind user; OK deraadt

Remove rtadvd(8) leftovers in etc.
OK deraadt, phessler

Add _rad user and group for rad(8).
This recycles the _btd uid/gid that have been removed in 2013.
Discussed in the hackroom.

add user for slaacd(8)

Add the _syspatch user/group: an unprivileged user for syspatch(8) used to fetch
and verify patches.

discussed with deraadt@ rpe@
ok deraadt@

Remove user uucp and group news from base.

Introduce the build user and the wobj group that will soon be used as
defaults for building the system from source.

ok deraadt

use better uid/gid for _switchd

Add _switchd

Add unprivileged user for traceroute.
Input deraadt@
OK benno@, sthen@

Add _ping user/group.
OK natano on a previous diff which used a different uid/gid.
naddy@ pointed out that uid/gid was already taken on "important" systems.
Turns out we cannot easily recycle freed up uids/gids so settle on 51.

proxy uid/gid was split up for seperate purposes; it can go away now.

add proper entries for pkg_add privsep, instead of piggy-backing on _pfetch
which was a "better than nothing" measure for 5.9.

Another user to come. Approved by deraadt@ on principle.

thanks sthen@ for checking my lines over.

Add _sndiop user and group for (future) privileged sndiod process.

ok deraadt

create new independent uid/gid for tftp_proxy and ftp_proxy.
They should not share a uid. Leave the proxy uid for later mop-up
(sysmerge does not handle uid renamings well enough)
ok dlg, ok aja a while back

Add user "_vmd" for forthcoming vmd daemon

ok deraadt@

_rebound user and group (52)

add _eigrpd user/group

Add _radius to etc/master.passwd and etc/group for coming radiusd.

ok deraadt

Add _dpb, _pbuild, _pfetch users to make it easier for people doing dpb
multi-user builds. Discussed with espie, ajacoutot, ok deraadt

Add a _file user and use for privsep, ok deraadt

Drop the _lkm group.

ok dcoppa@ deraadt@

Drop smmsp group and alias.

ok matthieu@ miod@

disable use of bind in base; in the base use nsd/unbound instead.
a proper & complete bind port will show up.
discussed with many for years

Get back "_ppp" user and "_ppp" group. From now they will be solely
used by npppd.

ok deraadt

_ppp uid/gid will come up for recycling (but please not within a year)

Enable Unbound in base, ok deraadt@

smtpd dudes forgot to add their _smtpq user

remove popa3d etc tendrils

Remove the following users which became obsolete:
* _afs: arla/nnpfs got disabled then removed long ago
* _kdc, _kadmin: these were added 10 years ago but never used for
anything afaict

ok dcoppa@ beck@

Remove all references to btd and the corresponding _btd user and group.

ok sthen@ deraadt@

Add the _iscsid user, required by iscsid

OK claudio@

Add a new _iked user with uid 101 instead of (ab)using the _isakmpd user.

ok deraadt@

enable ldapd and ldapctl in the build

ok deraadt@

Allow multiple users to share the same aucat server. If aucat is
run by root, it binds a shared address to the socket, cranks the
process priority and drops privileges. sio_open(3) will try to
connect to the private socket first (if any), then to the shared
socket. Only one user may have connections to aucat at a given
time.

based on discussions with henning, pyr and others
ok jacek, deraadt

Add _ldpd user for ldpd(8). OK dlg, deraadt

add user/group for nsd; ok nick@

add a group _rwalld too

add user and group for smtpd
discussed with pyr@ and deraadt@

add user '_btd' for the bluetooth daemon.
discussed with and ok uwe@

add user and group needed for ypldap.

drop root privileges in rtadvd to _rtadvd

ok deraadt@, reyk@, pyr@

enable snmpd in the build

approved by deraadt@, ok thib@

hoststated gets renamed to relayd. easier to type, and actually says
what the daemon does - it is a relayer that pays attention to the status
of pools of hosts; not a status checkers that happens to do some relaying

Add the user _ospf6d otherwise the newly imported ospf6d daemon will not
start.

ok dlg@

link hoststated to the builds.
ok miod@, henning@

Add the _ripd user and startup stuff.

ok claudio@

add all the goo to hook dvmrp into the system

ok derradt@

say hi to _hostapd

user and group _ospfd, with claudio

say hi to _ftp

new user/group _ntp, theo ok

change _pppoe to _ppp, i had thought about it before, but henning has convinced me

_pppoe privdrop user for canacar

_afs user for privsep; beck ok

rbootd privsep uid/gid

new user/group _tftpd, theo ok

user/group _mopd for, well, mopd. theo ok

new _dhcp user for, well, dhcp stuff, theo ok

fake _tcpdump user for upcoming privsep work

add user & group _bgpd
ok deraadt@ millert@

privilege seperated pflogd

_pflogd user and group must be created for proper operation.

ok frantzen@ henning@ mcbride@ deraadt@

_syslogd privsep uid/gid as requested by avsm

add _isakmpd user/group for privsep. ok millert@

_kdc and _kadmin users and groups added. Will be used by the kerberos kdc
and admin servers

ok deraadt@

_lkm group for modstat(8); millert ok

_spamd

To avoid possible conflict with pre-existing groups, change
shadow -> _shadow, tokenadm -> _token, and also add _radius.

Add a new group, "tokenadm" and make login_token setgid tokenadm instead
of setuid root. deraadt@ OK

Add a "shadow" group and make the shadow passwd db readable by that
group. This changes getpw* to always try the shadow db first and
then fall back to the db w/o password hashes. In the future,
/usr/libexec/auth/login_passwd (and others) will be setgid shadow
instead of setuid root. OK deraadt@

If you track -current you should do the following:
o add group shadow to /etc/group
o chgrp shadow /etc/spwd.db
o chmod 640 /etc/spwd.db
o rebuild and install src/usr.sbin/pwd_mkdb

You do not need to rebuild libc yet, but it would't hurt to do so.

_x11 user and group for the X server when run by xdm. ok deraadt@
The actual X code to use them will be added soon.

_sshagnt will be used to secure ssh-agent(1) more

5 new uid/gid sets; millert ok

authpf group, for authpf

Add crontab group for when crontab loses its setuid bit tomorrow.
Consider this a head-up...

move to sshd.sshd instead

ssh uid and gid for privsep

popa3d pieces

Scaffolding to support sendmail 8.12. Note that the new smmsp user/group
are *required*.

Add proxy user

Add "auth" group

No longer need an audlog group.

gid 71 is now "audlog"

bye bye ingres

give named its own group

add user www, group www

Add group `network'.
This group is intended for use by network daemons
such as ppp, pppd and slattach. These programs will
be mode 4550 and group network (soon), allowing the
sys-admin control over who manipulates interface
configurations and routing tables.

Add a suggested users group.

nobody gid == nobody uid (32767)

nobody wants a group name

branches: 1.1.1;
Initial revision

(Re)add support for agentx in snmpd
Current omissions in protocol support are notifications,
index (de)allocation, and agent capabilities.

Help testing sthen@
Feedback/tweaks/OK jmatthew@

Add missing colon. Noticed by jmc@

Hook up bgplgd. Uses _bgplgd user with id 71:71 add a rc.d script and
all the other rc plumbing.
OK deraadt@

Remove _switchd user/group/alias

ok millert deraadt

switchd(8) was removed back in November. Commit message was:

Retire switchd and switchctl. While interesting they never managed to
really get into a usable state. The OpenFlow API is mostly superseeded
by P4 and so this is a bit of a dead end.

sort

retire rebound etc bits to the attic

uid/gid 70 is _rpki-client for privdrop; ok benno

add _unwind user; OK deraadt

Remove rtadvd(8) leftovers in etc.
OK deraadt, phessler

Add _rad user and group for rad(8).
This recycles the _btd uid/gid that have been removed in 2013.
Discussed in the hackroom.

add user for slaacd(8)

Add the _syspatch user/group: an unprivileged user for syspatch(8) used to fetch
and verify patches.

discussed with deraadt@ rpe@
ok deraadt@

Remove user uucp and group news from base.

Introduce the build user and the wobj group that will soon be used as
defaults for building the system from source.

ok deraadt

use better uid/gid for _switchd

Add _switchd

Add unprivileged user for traceroute.
Input deraadt@
OK benno@, sthen@

Add _ping user/group.
OK natano on a previous diff which used a different uid/gid.
naddy@ pointed out that uid/gid was already taken on "important" systems.
Turns out we cannot easily recycle freed up uids/gids so settle on 51.

proxy uid/gid was split up for seperate purposes; it can go away now.

add proper entries for pkg_add privsep, instead of piggy-backing on _pfetch
which was a "better than nothing" measure for 5.9.

Another user to come. Approved by deraadt@ on principle.

thanks sthen@ for checking my lines over.

Add _sndiop user and group for (future) privileged sndiod process.

ok deraadt

create new independent uid/gid for tftp_proxy and ftp_proxy.
They should not share a uid. Leave the proxy uid for later mop-up
(sysmerge does not handle uid renamings well enough)
ok dlg, ok aja a while back

Add user "_vmd" for forthcoming vmd daemon

ok deraadt@

_rebound user and group (52)

add _eigrpd user/group

Add _radius to etc/master.passwd and etc/group for coming radiusd.

ok deraadt

Add _dpb, _pbuild, _pfetch users to make it easier for people doing dpb
multi-user builds. Discussed with espie, ajacoutot, ok deraadt

Add a _file user and use for privsep, ok deraadt

Drop the _lkm group.

ok dcoppa@ deraadt@

Drop smmsp group and alias.

ok matthieu@ miod@

disable use of bind in base; in the base use nsd/unbound instead.
a proper & complete bind port will show up.
discussed with many for years

Get back "_ppp" user and "_ppp" group. From now they will be solely
used by npppd.

ok deraadt

_ppp uid/gid will come up for recycling (but please not within a year)

Enable Unbound in base, ok deraadt@

smtpd dudes forgot to add their _smtpq user

remove popa3d etc tendrils

Remove the following users which became obsolete:
* _afs: arla/nnpfs got disabled then removed long ago
* _kdc, _kadmin: these were added 10 years ago but never used for
anything afaict

ok dcoppa@ beck@

Remove all references to btd and the corresponding _btd user and group.

ok sthen@ deraadt@

Add the _iscsid user, required by iscsid

OK claudio@

Add a new _iked user with uid 101 instead of (ab)using the _isakmpd user.

ok deraadt@

enable ldapd and ldapctl in the build

ok deraadt@

Allow multiple users to share the same aucat server. If aucat is
run by root, it binds a shared address to the socket, cranks the
process priority and drops privileges. sio_open(3) will try to
connect to the private socket first (if any), then to the shared
socket. Only one user may have connections to aucat at a given
time.

based on discussions with henning, pyr and others
ok jacek, deraadt

Add _ldpd user for ldpd(8). OK dlg, deraadt

add user/group for nsd; ok nick@

add a group _rwalld too

add user and group for smtpd
discussed with pyr@ and deraadt@

add user '_btd' for the bluetooth daemon.
discussed with and ok uwe@

add user and group needed for ypldap.

drop root privileges in rtadvd to _rtadvd

ok deraadt@, reyk@, pyr@

enable snmpd in the build

approved by deraadt@, ok thib@

hoststated gets renamed to relayd. easier to type, and actually says
what the daemon does - it is a relayer that pays attention to the status
of pools of hosts; not a status checkers that happens to do some relaying

Add the user _ospf6d otherwise the newly imported ospf6d daemon will not
start.

ok dlg@

link hoststated to the builds.
ok miod@, henning@

Add the _ripd user and startup stuff.

ok claudio@

add all the goo to hook dvmrp into the system

ok derradt@

say hi to _hostapd

user and group _ospfd, with claudio

say hi to _ftp

new user/group _ntp, theo ok

change _pppoe to _ppp, i had thought about it before, but henning has convinced me

_pppoe privdrop user for canacar

_afs user for privsep; beck ok

rbootd privsep uid/gid

new user/group _tftpd, theo ok

user/group _mopd for, well, mopd. theo ok

new _dhcp user for, well, dhcp stuff, theo ok

fake _tcpdump user for upcoming privsep work

add user & group _bgpd
ok deraadt@ millert@

privilege seperated pflogd

_pflogd user and group must be created for proper operation.

ok frantzen@ henning@ mcbride@ deraadt@

_syslogd privsep uid/gid as requested by avsm

add _isakmpd user/group for privsep. ok millert@

_kdc and _kadmin users and groups added. Will be used by the kerberos kdc
and admin servers

ok deraadt@

_lkm group for modstat(8); millert ok

_spamd

To avoid possible conflict with pre-existing groups, change
shadow -> _shadow, tokenadm -> _token, and also add _radius.

Add a new group, "tokenadm" and make login_token setgid tokenadm instead
of setuid root. deraadt@ OK

Add a "shadow" group and make the shadow passwd db readable by that
group. This changes getpw* to always try the shadow db first and
then fall back to the db w/o password hashes. In the future,
/usr/libexec/auth/login_passwd (and others) will be setgid shadow
instead of setuid root. OK deraadt@

If you track -current you should do the following:
o add group shadow to /etc/group
o chgrp shadow /etc/spwd.db
o chmod 640 /etc/spwd.db
o rebuild and install src/usr.sbin/pwd_mkdb

You do not need to rebuild libc yet, but it would't hurt to do so.

_x11 user and group for the X server when run by xdm. ok deraadt@
The actual X code to use them will be added soon.

_sshagnt will be used to secure ssh-agent(1) more

5 new uid/gid sets; millert ok

authpf group, for authpf

Add crontab group for when crontab loses its setuid bit tomorrow.
Consider this a head-up...

move to sshd.sshd instead

ssh uid and gid for privsep

popa3d pieces

Scaffolding to support sendmail 8.12. Note that the new smmsp user/group
are *required*.

Add proxy user

Add "auth" group

No longer need an audlog group.

gid 71 is now "audlog"

bye bye ingres

give named its own group

add user www, group www

Add group `network'.
This group is intended for use by network daemons
such as ppp, pppd and slattach. These programs will
be mode 4550 and group network (soon), allowing the
sys-admin control over who manipulates interface
configurations and routing tables.

Add a suggested users group.

nobody gid == nobody uid (32767)

nobody wants a group name

branches: 1.1.1;
Initial revision

Add missing colon. Noticed by jmc@

Hook up bgplgd. Uses _bgplgd user with id 71:71 add a rc.d script and
all the other rc plumbing.
OK deraadt@

Remove _switchd user/group/alias

ok millert deraadt

switchd(8) was removed back in November. Commit message was:

Retire switchd and switchctl. While interesting they never managed to
really get into a usable state. The OpenFlow API is mostly superseeded
by P4 and so this is a bit of a dead end.

sort

retire rebound etc bits to the attic

uid/gid 70 is _rpki-client for privdrop; ok benno

add _unwind user; OK deraadt

Remove rtadvd(8) leftovers in etc.
OK deraadt, phessler

Add _rad user and group for rad(8).
This recycles the _btd uid/gid that have been removed in 2013.
Discussed in the hackroom.

add user for slaacd(8)

Add the _syspatch user/group: an unprivileged user for syspatch(8) used to fetch
and verify patches.

discussed with deraadt@ rpe@
ok deraadt@

Remove user uucp and group news from base.

Introduce the build user and the wobj group that will soon be used as
defaults for building the system from source.

ok deraadt

use better uid/gid for _switchd

Add _switchd

Add unprivileged user for traceroute.
Input deraadt@
OK benno@, sthen@

Add _ping user/group.
OK natano on a previous diff which used a different uid/gid.
naddy@ pointed out that uid/gid was already taken on "important" systems.
Turns out we cannot easily recycle freed up uids/gids so settle on 51.

proxy uid/gid was split up for seperate purposes; it can go away now.

add proper entries for pkg_add privsep, instead of piggy-backing on _pfetch
which was a "better than nothing" measure for 5.9.

Another user to come. Approved by deraadt@ on principle.

thanks sthen@ for checking my lines over.

Add _sndiop user and group for (future) privileged sndiod process.

ok deraadt

create new independent uid/gid for tftp_proxy and ftp_proxy.
They should not share a uid. Leave the proxy uid for later mop-up
(sysmerge does not handle uid renamings well enough)
ok dlg, ok aja a while back

Add user "_vmd" for forthcoming vmd daemon

ok deraadt@

_rebound user and group (52)

add _eigrpd user/group

Add _radius to etc/master.passwd and etc/group for coming radiusd.

ok deraadt

Add _dpb, _pbuild, _pfetch users to make it easier for people doing dpb
multi-user builds. Discussed with espie, ajacoutot, ok deraadt

Add a _file user and use for privsep, ok deraadt

Drop the _lkm group.

ok dcoppa@ deraadt@

Drop smmsp group and alias.

ok matthieu@ miod@

disable use of bind in base; in the base use nsd/unbound instead.
a proper & complete bind port will show up.
discussed with many for years

Get back "_ppp" user and "_ppp" group. From now they will be solely
used by npppd.

ok deraadt

_ppp uid/gid will come up for recycling (but please not within a year)

Enable Unbound in base, ok deraadt@

smtpd dudes forgot to add their _smtpq user

remove popa3d etc tendrils

Remove the following users which became obsolete:
* _afs: arla/nnpfs got disabled then removed long ago
* _kdc, _kadmin: these were added 10 years ago but never used for
anything afaict

ok dcoppa@ beck@

Remove all references to btd and the corresponding _btd user and group.

ok sthen@ deraadt@

Add the _iscsid user, required by iscsid

OK claudio@

Add a new _iked user with uid 101 instead of (ab)using the _isakmpd user.

ok deraadt@

enable ldapd and ldapctl in the build

ok deraadt@

Allow multiple users to share the same aucat server. If aucat is
run by root, it binds a shared address to the socket, cranks the
process priority and drops privileges. sio_open(3) will try to
connect to the private socket first (if any), then to the shared
socket. Only one user may have connections to aucat at a given
time.

based on discussions with henning, pyr and others
ok jacek, deraadt

Add _ldpd user for ldpd(8). OK dlg, deraadt

add user/group for nsd; ok nick@

add a group _rwalld too

add user and group for smtpd
discussed with pyr@ and deraadt@

add user '_btd' for the bluetooth daemon.
discussed with and ok uwe@

add user and group needed for ypldap.

drop root privileges in rtadvd to _rtadvd

ok deraadt@, reyk@, pyr@

enable snmpd in the build

approved by deraadt@, ok thib@

hoststated gets renamed to relayd. easier to type, and actually says
what the daemon does - it is a relayer that pays attention to the status
of pools of hosts; not a status checkers that happens to do some relaying

Add the user _ospf6d otherwise the newly imported ospf6d daemon will not
start.

ok dlg@

link hoststated to the builds.
ok miod@, henning@

Add the _ripd user and startup stuff.

ok claudio@

add all the goo to hook dvmrp into the system

ok derradt@

say hi to _hostapd

user and group _ospfd, with claudio

say hi to _ftp

new user/group _ntp, theo ok

change _pppoe to _ppp, i had thought about it before, but henning has convinced me

_pppoe privdrop user for canacar

_afs user for privsep; beck ok

rbootd privsep uid/gid

new user/group _tftpd, theo ok

user/group _mopd for, well, mopd. theo ok

new _dhcp user for, well, dhcp stuff, theo ok

fake _tcpdump user for upcoming privsep work

add user & group _bgpd
ok deraadt@ millert@

privilege seperated pflogd

_pflogd user and group must be created for proper operation.

ok frantzen@ henning@ mcbride@ deraadt@

_syslogd privsep uid/gid as requested by avsm

add _isakmpd user/group for privsep. ok millert@

_kdc and _kadmin users and groups added. Will be used by the kerberos kdc
and admin servers

ok deraadt@

_lkm group for modstat(8); millert ok

_spamd

To avoid possible conflict with pre-existing groups, change
shadow -> _shadow, tokenadm -> _token, and also add _radius.

Add a new group, "tokenadm" and make login_token setgid tokenadm instead
of setuid root. deraadt@ OK

Add a "shadow" group and make the shadow passwd db readable by that
group. This changes getpw* to always try the shadow db first and
then fall back to the db w/o password hashes. In the future,
/usr/libexec/auth/login_passwd (and others) will be setgid shadow
instead of setuid root. OK deraadt@

If you track -current you should do the following:
o add group shadow to /etc/group
o chgrp shadow /etc/spwd.db
o chmod 640 /etc/spwd.db
o rebuild and install src/usr.sbin/pwd_mkdb

You do not need to rebuild libc yet, but it would't hurt to do so.

_x11 user and group for the X server when run by xdm. ok deraadt@
The actual X code to use them will be added soon.

_sshagnt will be used to secure ssh-agent(1) more

5 new uid/gid sets; millert ok

authpf group, for authpf

Add crontab group for when crontab loses its setuid bit tomorrow.
Consider this a head-up...

move to sshd.sshd instead

ssh uid and gid for privsep

popa3d pieces

Scaffolding to support sendmail 8.12. Note that the new smmsp user/group
are *required*.

Add proxy user

Add "auth" group

No longer need an audlog group.

gid 71 is now "audlog"

bye bye ingres

give named its own group

add user www, group www

Add group `network'.
This group is intended for use by network daemons
such as ppp, pppd and slattach. These programs will
be mode 4550 and group network (soon), allowing the
sys-admin control over who manipulates interface
configurations and routing tables.

Add a suggested users group.

nobody gid == nobody uid (32767)

nobody wants a group name

branches: 1.1.1;
Initial revision

Remove _switchd user/group/alias

ok millert deraadt

switchd(8) was removed back in November. Commit message was:

Retire switchd and switchctl. While interesting they never managed to
really get into a usable state. The OpenFlow API is mostly superseeded
by P4 and so this is a bit of a dead end.

sort

retire rebound etc bits to the attic

uid/gid 70 is _rpki-client for privdrop; ok benno

add _unwind user; OK deraadt

Remove rtadvd(8) leftovers in etc.
OK deraadt, phessler

Add _rad user and group for rad(8).
This recycles the _btd uid/gid that have been removed in 2013.
Discussed in the hackroom.

add user for slaacd(8)

Add the _syspatch user/group: an unprivileged user for syspatch(8) used to fetch
and verify patches.

discussed with deraadt@ rpe@
ok deraadt@

Remove user uucp and group news from base.

Introduce the build user and the wobj group that will soon be used as
defaults for building the system from source.

ok deraadt

use better uid/gid for _switchd

Add _switchd

Add unprivileged user for traceroute.
Input deraadt@
OK benno@, sthen@

Add _ping user/group.
OK natano on a previous diff which used a different uid/gid.
naddy@ pointed out that uid/gid was already taken on "important" systems.
Turns out we cannot easily recycle freed up uids/gids so settle on 51.

proxy uid/gid was split up for seperate purposes; it can go away now.

add proper entries for pkg_add privsep, instead of piggy-backing on _pfetch
which was a "better than nothing" measure for 5.9.

Another user to come. Approved by deraadt@ on principle.

thanks sthen@ for checking my lines over.

Add _sndiop user and group for (future) privileged sndiod process.

ok deraadt

create new independent uid/gid for tftp_proxy and ftp_proxy.
They should not share a uid. Leave the proxy uid for later mop-up
(sysmerge does not handle uid renamings well enough)
ok dlg, ok aja a while back

Add user "_vmd" for forthcoming vmd daemon

ok deraadt@

_rebound user and group (52)

add _eigrpd user/group

Add _radius to etc/master.passwd and etc/group for coming radiusd.

ok deraadt

Add _dpb, _pbuild, _pfetch users to make it easier for people doing dpb
multi-user builds. Discussed with espie, ajacoutot, ok deraadt

Add a _file user and use for privsep, ok deraadt

Drop the _lkm group.

ok dcoppa@ deraadt@

Drop smmsp group and alias.

ok matthieu@ miod@

disable use of bind in base; in the base use nsd/unbound instead.
a proper & complete bind port will show up.
discussed with many for years

Get back "_ppp" user and "_ppp" group. From now they will be solely
used by npppd.

ok deraadt

_ppp uid/gid will come up for recycling (but please not within a year)

Enable Unbound in base, ok deraadt@

smtpd dudes forgot to add their _smtpq user

remove popa3d etc tendrils

Remove the following users which became obsolete:
* _afs: arla/nnpfs got disabled then removed long ago
* _kdc, _kadmin: these were added 10 years ago but never used for
anything afaict

ok dcoppa@ beck@

Remove all references to btd and the corresponding _btd user and group.

ok sthen@ deraadt@

Add the _iscsid user, required by iscsid

OK claudio@

Add a new _iked user with uid 101 instead of (ab)using the _isakmpd user.

ok deraadt@

enable ldapd and ldapctl in the build

ok deraadt@

Allow multiple users to share the same aucat server. If aucat is
run by root, it binds a shared address to the socket, cranks the
process priority and drops privileges. sio_open(3) will try to
connect to the private socket first (if any), then to the shared
socket. Only one user may have connections to aucat at a given
time.

based on discussions with henning, pyr and others
ok jacek, deraadt

Add _ldpd user for ldpd(8). OK dlg, deraadt

add user/group for nsd; ok nick@

add a group _rwalld too

add user and group for smtpd
discussed with pyr@ and deraadt@

add user '_btd' for the bluetooth daemon.
discussed with and ok uwe@

add user and group needed for ypldap.

drop root privileges in rtadvd to _rtadvd

ok deraadt@, reyk@, pyr@

enable snmpd in the build

approved by deraadt@, ok thib@

hoststated gets renamed to relayd. easier to type, and actually says
what the daemon does - it is a relayer that pays attention to the status
of pools of hosts; not a status checkers that happens to do some relaying

Add the user _ospf6d otherwise the newly imported ospf6d daemon will not
start.

ok dlg@

link hoststated to the builds.
ok miod@, henning@

Add the _ripd user and startup stuff.

ok claudio@

add all the goo to hook dvmrp into the system

ok derradt@

say hi to _hostapd

user and group _ospfd, with claudio

say hi to _ftp

new user/group _ntp, theo ok

change _pppoe to _ppp, i had thought about it before, but henning has convinced me

_pppoe privdrop user for canacar

_afs user for privsep; beck ok

rbootd privsep uid/gid

new user/group _tftpd, theo ok

user/group _mopd for, well, mopd. theo ok

new _dhcp user for, well, dhcp stuff, theo ok

fake _tcpdump user for upcoming privsep work

add user & group _bgpd
ok deraadt@ millert@

privilege seperated pflogd

_pflogd user and group must be created for proper operation.

ok frantzen@ henning@ mcbride@ deraadt@

_syslogd privsep uid/gid as requested by avsm

add _isakmpd user/group for privsep. ok millert@

_kdc and _kadmin users and groups added. Will be used by the kerberos kdc
and admin servers

ok deraadt@

_lkm group for modstat(8); millert ok

_spamd

To avoid possible conflict with pre-existing groups, change
shadow -> _shadow, tokenadm -> _token, and also add _radius.

Add a new group, "tokenadm" and make login_token setgid tokenadm instead
of setuid root. deraadt@ OK

Add a "shadow" group and make the shadow passwd db readable by that
group. This changes getpw* to always try the shadow db first and
then fall back to the db w/o password hashes. In the future,
/usr/libexec/auth/login_passwd (and others) will be setgid shadow
instead of setuid root. OK deraadt@

If you track -current you should do the following:
o add group shadow to /etc/group
o chgrp shadow /etc/spwd.db
o chmod 640 /etc/spwd.db
o rebuild and install src/usr.sbin/pwd_mkdb

You do not need to rebuild libc yet, but it would't hurt to do so.

_x11 user and group for the X server when run by xdm. ok deraadt@
The actual X code to use them will be added soon.

_sshagnt will be used to secure ssh-agent(1) more

5 new uid/gid sets; millert ok

authpf group, for authpf

Add crontab group for when crontab loses its setuid bit tomorrow.
Consider this a head-up...

move to sshd.sshd instead

ssh uid and gid for privsep

popa3d pieces

Scaffolding to support sendmail 8.12. Note that the new smmsp user/group
are *required*.

Add proxy user

Add "auth" group

No longer need an audlog group.

gid 71 is now "audlog"

bye bye ingres

give named its own group

add user www, group www

Add group `network'.
This group is intended for use by network daemons
such as ppp, pppd and slattach. These programs will
be mode 4550 and group network (soon), allowing the
sys-admin control over who manipulates interface
configurations and routing tables.

Add a suggested users group.

nobody gid == nobody uid (32767)

nobody wants a group name

branches: 1.1.1;
Initial revision

sort

retire rebound etc bits to the attic

uid/gid 70 is _rpki-client for privdrop; ok benno

add _unwind user; OK deraadt

Remove rtadvd(8) leftovers in etc.
OK deraadt, phessler

Add _rad user and group for rad(8).
This recycles the _btd uid/gid that have been removed in 2013.
Discussed in the hackroom.

add user for slaacd(8)

Add the _syspatch user/group: an unprivileged user for syspatch(8) used to fetch
and verify patches.

discussed with deraadt@ rpe@
ok deraadt@

Remove user uucp and group news from base.

Introduce the build user and the wobj group that will soon be used as
defaults for building the system from source.

ok deraadt

use better uid/gid for _switchd

Add _switchd

Add unprivileged user for traceroute.
Input deraadt@
OK benno@, sthen@

Add _ping user/group.
OK natano on a previous diff which used a different uid/gid.
naddy@ pointed out that uid/gid was already taken on "important" systems.
Turns out we cannot easily recycle freed up uids/gids so settle on 51.

proxy uid/gid was split up for seperate purposes; it can go away now.

add proper entries for pkg_add privsep, instead of piggy-backing on _pfetch
which was a "better than nothing" measure for 5.9.

Another user to come. Approved by deraadt@ on principle.

thanks sthen@ for checking my lines over.

Add _sndiop user and group for (future) privileged sndiod process.

ok deraadt

create new independent uid/gid for tftp_proxy and ftp_proxy.
They should not share a uid. Leave the proxy uid for later mop-up
(sysmerge does not handle uid renamings well enough)
ok dlg, ok aja a while back

Add user "_vmd" for forthcoming vmd daemon

ok deraadt@

_rebound user and group (52)

add _eigrpd user/group

Add _radius to etc/master.passwd and etc/group for coming radiusd.

ok deraadt

Add _dpb, _pbuild, _pfetch users to make it easier for people doing dpb
multi-user builds. Discussed with espie, ajacoutot, ok deraadt

Add a _file user and use for privsep, ok deraadt

Drop the _lkm group.

ok dcoppa@ deraadt@

Drop smmsp group and alias.

ok matthieu@ miod@

disable use of bind in base; in the base use nsd/unbound instead.
a proper & complete bind port will show up.
discussed with many for years

Get back "_ppp" user and "_ppp" group. From now they will be solely
used by npppd.

ok deraadt

_ppp uid/gid will come up for recycling (but please not within a year)

Enable Unbound in base, ok deraadt@

smtpd dudes forgot to add their _smtpq user

remove popa3d etc tendrils

Remove the following users which became obsolete:
* _afs: arla/nnpfs got disabled then removed long ago
* _kdc, _kadmin: these were added 10 years ago but never used for
anything afaict

ok dcoppa@ beck@

Remove all references to btd and the corresponding _btd user and group.

ok sthen@ deraadt@

Add the _iscsid user, required by iscsid

OK claudio@

Add a new _iked user with uid 101 instead of (ab)using the _isakmpd user.

ok deraadt@

enable ldapd and ldapctl in the build

ok deraadt@

Allow multiple users to share the same aucat server. If aucat is
run by root, it binds a shared address to the socket, cranks the
process priority and drops privileges. sio_open(3) will try to
connect to the private socket first (if any), then to the shared
socket. Only one user may have connections to aucat at a given
time.

based on discussions with henning, pyr and others
ok jacek, deraadt

Add _ldpd user for ldpd(8). OK dlg, deraadt

add user/group for nsd; ok nick@

add a group _rwalld too

add user and group for smtpd
discussed with pyr@ and deraadt@

add user '_btd' for the bluetooth daemon.
discussed with and ok uwe@

add user and group needed for ypldap.

drop root privileges in rtadvd to _rtadvd

ok deraadt@, reyk@, pyr@

enable snmpd in the build

approved by deraadt@, ok thib@

hoststated gets renamed to relayd. easier to type, and actually says
what the daemon does - it is a relayer that pays attention to the status
of pools of hosts; not a status checkers that happens to do some relaying

Add the user _ospf6d otherwise the newly imported ospf6d daemon will not
start.

ok dlg@

link hoststated to the builds.
ok miod@, henning@

Add the _ripd user and startup stuff.

ok claudio@

add all the goo to hook dvmrp into the system

ok derradt@

say hi to _hostapd

user and group _ospfd, with claudio

say hi to _ftp

new user/group _ntp, theo ok

change _pppoe to _ppp, i had thought about it before, but henning has convinced me

_pppoe privdrop user for canacar

_afs user for privsep; beck ok

rbootd privsep uid/gid

new user/group _tftpd, theo ok

user/group _mopd for, well, mopd. theo ok

new _dhcp user for, well, dhcp stuff, theo ok

fake _tcpdump user for upcoming privsep work