From mboxrd@z Thu Jan 1 00:00:00 1970 From: jrvalverde@cnb.csic.es (Jose R. Valverde) Date: Wed, 14 Jan 2009 14:33:02 +0100 Subject: [TUHS] historical users and groups In-Reply-To: References: Message-ID: <20090114143302.0e0e607b@cnb.csic.es> A bit of digging brought out the following snippet from 4.3BSD System Manager Manual: System security changes require adding several new ``well-known'' groups to /etc/group. The groups that are needed by the system as distributed are: ... Only users in the ``wheel'' group are permitted to su to ``root''. Most programs that manage directories in /usr/spool now run set-group-id to ``daemon'' so that users cannot directly access the files in the spool directories. The special files that access kernel memory, /dev/kmem and /dev/mem, are made readable only by group ``kmem''. Stan- dard system programs that require this access are made set- group-id to that group. The group ``sys'' is intended to control access to system sources, and other sources belong to group ``staff.'' Rather than make user's terminals writ- able by all users, they are now placed in group ``tty'' and made only group writable. Programs that should legitimately have access to write on user's terminals such as talk and write now run set-group-id to ``tty''. The ``operator'' group controls access to disks. By default, disks are read- able by group ``operator'', so that programs such as df can access the file system information without being set-user-id to ``root''. Several new users have also been added to the group of ``well-known'' users in /etc/passwd. The current list is: ... The ``daemon'' user is used for daemon processes that do not need root privileges. The ``operator'' user-id is used as an account for dumpers so that they can log in without hav- ing the root password. By placing them in the ``operator'' group, they can get read access to the disks. The ``uucp'' login has existed long before 4.3BSD, and is noted here just to provide a common user-id. The password entry ``nobody'' has been added to specify the user with least privilege. So my previous recollections were not totally correct. Sorry. I guess as one grows older memory starts to fail. As for today's usefulness... if you google each user/group up you'll see they still are meaningful in many setups. j -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: not available URL: