From: jrvalverde@cnb.csic.es (Jose R. Valverde)
Subject: [TUHS] historical users and groups
Date: Wed, 14 Jan 2009 14:33:02 +0100 [thread overview]
Message-ID: <20090114143302.0e0e607b@cnb.csic.es> (raw)
In-Reply-To: <Pine.NEB.4.64.0901131824440.26223@tx.reedmedia.net>
A bit of digging brought out the following snippet from 4.3BSD System
Manager Manual:
System security changes require adding several new
``well-known'' groups to /etc/group. The groups that are
needed by the system as distributed are:
...
Only users in the ``wheel'' group are permitted to su to
``root''. Most programs that manage directories in
/usr/spool now run set-group-id to ``daemon'' so that users
cannot directly access the files in the spool directories.
The special files that access kernel memory, /dev/kmem and
/dev/mem, are made readable only by group ``kmem''. Stan-
dard system programs that require this access are made set-
group-id to that group. The group ``sys'' is intended to
control access to system sources, and other sources belong
to group ``staff.'' Rather than make user's terminals writ-
able by all users, they are now placed in group ``tty'' and
made only group writable. Programs that should legitimately
have access to write on user's terminals such as talk and
write now run set-group-id to ``tty''. The ``operator''
group controls access to disks. By default, disks are read-
able by group ``operator'', so that programs such as df can
access the file system information without being set-user-id
to ``root''.
Several new users have also been added to the group of
``well-known'' users in /etc/passwd. The current list is:
...
The ``daemon'' user is used for daemon processes that do not
need root privileges. The ``operator'' user-id is used as
an account for dumpers so that they can log in without hav-
ing the root password. By placing them in the ``operator''
group, they can get read access to the disks. The ``uucp''
login has existed long before 4.3BSD, and is noted here just
to provide a common user-id. The password entry ``nobody''
has been added to specify the user with least privilege.
So my previous recollections were not totally correct. Sorry. I guess as
one grows older memory starts to fail. As for today's usefulness... if
you google each user/group up you'll see they still are meaningful in
many setups.
j
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20090114/bf910891/attachment.sig>
next prev parent reply other threads:[~2009-01-14 13:33 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-01-14 0:59 Jeremy C. Reed
2009-01-14 13:00 ` Jose R. Valverde
2009-01-15 17:15 ` Jason Stevens
2009-01-16 5:52 ` Angus Robinson
2009-01-14 13:33 ` Jose R. Valverde [this message]
2009-01-14 17:15 ` Tim Bradshaw
2009-01-14 17:36 ` John Cowan
[not found] <mailman.1.1231898401.13466.tuhs@minnie.tuhs.org>
2009-01-14 7:28 ` Robert Harker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090114143302.0e0e607b@cnb.csic.es \
--to=jrvalverde@cnb.csic.es \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).