diff --git a/crypto/external/bsd/libsaslc/etc/Makefile b/crypto/external/bsd/libsaslc/etc/Makefile index 5b2a7aec8..3bf538a7e 100644 --- a/crypto/external/bsd/libsaslc/etc/Makefile +++ b/crypto/external/bsd/libsaslc/etc/Makefile @@ -7,11 +7,7 @@ SUBDIR=mech .if ${MKSHARE} != "no" FILESDIR=/usr/share/examples/libsaslc FILESOWN=root -.if !defined(__MINIX) FILESGRP=wheel -.else -FILESGRP=operator -.endif # !defined(__MINIX) FILESMODE=444 FILES= saslc.conf diff --git a/crypto/external/bsd/libsaslc/etc/mech/Makefile b/crypto/external/bsd/libsaslc/etc/mech/Makefile index 69dd5a29e..ee743ba03 100644 --- a/crypto/external/bsd/libsaslc/etc/mech/Makefile +++ b/crypto/external/bsd/libsaslc/etc/mech/Makefile @@ -5,11 +5,7 @@ .if ${MKSHARE} != "no" FILESDIR=/usr/share/examples/libsaslc/mech FILESOWN=root -.if !defined(__MINIX) FILESGRP=wheel -.else -FILESGRP=operator -.endif # !defined(__MINIX) FILESMODE=444 FILES= diff --git a/distrib/common/parselist.awk b/distrib/common/parselist.awk index 9de6c224b..badbc7ad5 100644 --- a/distrib/common/parselist.awk +++ b/distrib/common/parselist.awk @@ -133,7 +133,7 @@ BEGIN \ print "install:" } else if (mode == "mtree") { print "/unset\tall"; - print "/set\ttype=file uname=root gname=operator"; + print "/set\ttype=file uname=root gname=wheel"; print; } else if (mode == "populate") { print "cd " ENVIRON["CURDIR"]; diff --git a/distrib/sets/maketars b/distrib/sets/maketars index 89a7f79d0..1aa4de761 100644 --- a/distrib/sets/maketars +++ b/distrib/sets/maketars @@ -185,7 +185,7 @@ for setname in ${lists}; do > "${SDIR}/flist.${setname}.full" \ || exit 1 ( - echo "/set uname=root gname=operator" + echo "/set uname=root gname=wheel" ${AWK} -f "${rundir}/join.awk" \ "${SDIR}/flist.${setname}.full" "${metalog}" echo "./etc/mtree/set.${setname} type=file mode=0444" diff --git a/distrib/sets/regpkg b/distrib/sets/regpkg index ee70bcdbc..e4d612f48 100755 --- a/distrib/sets/regpkg +++ b/distrib/sets/regpkg @@ -819,7 +819,7 @@ create_syspkg_tgz() "${spec1}" "${metalog}" ${AWK} -f "${rundir}/join.awk" \ "${spec1}" /dev/stdin < + # cp /usr/src/etc/master.passwd /etc/master.passwd + # cat /tmp/my-passwd >> /etc/master.passwd + # rm /tmp/my-passwd + + ..and follow a similar procedure for /etc/group. + + 3. Once the new files are in place, update all derived password files: + + # pwd_mkdb -p /etc/master.passwd + + If you did everything right so far, the following command: + + # postinstall check uid gid + + ..should show "postinstall checks passed: uid gid" and no failures. + + 4. Now perform a full build as usual: + + # cd /usr/src + # make build + + As part of the build, all /dev files will get new proper ownership. + + 5. There may still be files that are owned by users and groups that now + have been renumbered. It is advisable to run at least the following + three commands to apply the renumbering to the most common files: + + # find / -user 2 -exec chown bin \{\} \; + # find / -user 5 -exec chown uucp \{\} \; + # find / -user 9998 -exec chown games \{\} \; + + If you have installed custom programs, you may want to check whether + they are not affected by the change. This should be rare, though. + + Until a subsequent reboot, various running services will show up in + ps(1) output and /proc as owned by "postfix". This is no problem. + 20170122: MINIX 3 did not import NetBSD's passwd.conf file, which makes the userland fall back by default to the old, broken UNIX password hashing diff --git a/etc/Makefile b/etc/Makefile index 527da4454..bcec419e1 100644 --- a/etc/Makefile +++ b/etc/Makefile @@ -91,7 +91,7 @@ INSTALLATION_DIRS= binary binary/sets binary/kernel installation # -rw-r--r-- BINOWN= root -BINGRP= operator +BINGRP= wheel UTMPGRP= utmp .if defined(__MINIX) BIN1+= boot.cfg.default \ @@ -296,7 +296,7 @@ CONFIGSYMLINKS+= \ # install-etc-files: .PHONY .MAKE check_DESTDIR MAKEDEV ${_MKMSG_INSTALL} ${DESTDIR}/etc/master.passwd - ${ETC_INSTALL_FILE} -o root -g operator -m 600 \ + ${ETC_INSTALL_FILE} -o root -g wheel -m 600 \ master.passwd ${DESTDIR}/etc ${TOOL_PWD_MKDB} -p ${PWD_MKDB_ENDIAN} -d ${DESTDIR}/ \ ${DESTDIR}/etc/master.passwd @@ -304,7 +304,7 @@ install-etc-files: .PHONY .MAKE check_DESTDIR MAKEDEV ( \ mode=0600; \ for metaent in spwd.db passwd pwd.db; do \ - echo "./etc/$${metaent} type=file mode=$${mode} uname=root gname=operator tags=etc_pkg"; \ + echo "./etc/$${metaent} type=file mode=$${mode} uname=root gname=wheel tags=etc_pkg"; \ mode=0644; \ done; \ ) | ${METALOG.add} @@ -351,7 +351,6 @@ install-etc-files: .PHONY .MAKE check_DESTDIR MAKEDEV ${MAKEDIRTARGET} . install-etc-files-safe install-etc-files-safe: .PHONY .MAKE check_DESTDIR MAKEDEV -# LSC Minix administrator group is operator, not wheel .endif # defined(__MINIX) ${_MKMSG_INSTALL} ${DESTDIR}/etc/ttys .if !defined(__MINIX) @@ -393,7 +392,6 @@ install-etc-files-safe: .PHONY .MAKE check_DESTDIR MAKEDEV # TAC to the .for block above. .if !defined(__MINIX) .for owner group mode file in \ - ${BINOWN} operator 664 /etc/ttys \ ${BINOWN} operator 664 /etc/dumpdates \ ${BINOWN} operator 600 /etc/skeykeys \ root wheel 600 /var/at/at.deny \ diff --git a/etc/group b/etc/group index 4be3bee20..a19780c83 100755 --- a/etc/group +++ b/etc/group @@ -1,18 +1,21 @@ -operator:*:0: -daemon:*:1: -bin:*:2: -other:*:3: -tty:*:4: -uucp:*:5: -news:*:6: -ftp:*:7: -kmem:*:8: -www:*:9: -driver:*:10: -server:*:11: +wheel:*:0:root +daemon:*:1:daemon +kmem:*:2:root +sys:*:3:root +tty:*:4:root +operator:*:0:root +mail:*:6: +bin:*:7: +wsrc:*:9: +maildrop:*:11: +postfix:*:12: games:*:13: +named:*:14: +ntpd:*:15: +sshd:*:16: _pflogd:*:18: _rwhod:*:19: +staff:*:20:root _proxy:*:21: _timedc:*:22: _sdpd:*:23: @@ -20,10 +23,13 @@ _httpd:*:24: _mdnsd:*:25: _tests:*:26: _tcpdump:*:27: -smtpd:*:40: -postfix:*:41: -maildrop:*:42: -mail:*:43: -sshd:*:44: -nogroup:*:99: +_tss:*:28: +_gpio:*:29: +_rtadvd:*:30: +guest:*:31:root +nobody:*:39: +utmp:*:45: +authpf:*:72: users:*:100: +dialer:*:117: +nogroup:*:32766: diff --git a/etc/master.passwd b/etc/master.passwd index 82ce65c4d..33b699d48 100644 --- a/etc/master.passwd +++ b/etc/master.passwd @@ -1,16 +1,24 @@ -root::0:0::0:0:Big Brother:/root:/bin/sh -daemon:*:1:1::0:0:The Deuce:/etc:/bin/sh -bin:*:2:0::0:0:Binaries Commands and Source:/nonexistent:/bin/sh -uucp:*:5:5::0:0:UNIX to UNIX copy:/usr/spool/uucp:/usr/bin/uucico -news:*:6:6::0:0:Usenet news:/usr/spool/news:/bin/sh -ftp:*:7:7::0:0:Anonymous FTP:/usr/ftp:/bin/sh -www:*:9:9::0:0:World Wide Web:/usr/www:/bin/sh -driver:*:10:10::0:0:Device Drivers:/:/bin/sh -server:*:11:11::0:0:OS Servers:/:/bin/sh -service:*:12:12::0:0:System Services:/:/bin/sh -sshd:*:22:22::0:0:sshd:/:/bin/sh -smtpd:*:25:25::0:0:smtpd:/:/bin/sh -postfix:*:27:27::0:0:postfix:/usr/var/spool/postfix:/usr/bin/false -postgres:*:30:30::0:0:postgresql:/:/usr/bin/false -games:*:9998:13::0:0:games:/:/bin/sh -nobody:*:9999:39::0:0:Unprivileged user:/tmp:/bin/sh +root::0:0::0:0:Charlie &:/root:/bin/sh +toor:*:0:0::0:0:Bourne-again Superuser:/root:/bin/sh +daemon:*:1:1::0:0:The devil himself:/:/sbin/nologin +operator:*:2:5::0:0:System &:/usr/guest/operator:/sbin/nologin +bin:*:3:7::0:0:Binaries Commands and Source:/:/bin/sh +games:*:7:13::0:0:& pseudo-user:/usr/games:/sbin/nologin +postfix:*:12:12::0:0:& pseudo-user:/var/spool/postfix:/sbin/nologin +named:*:14:14::0:0:& pseudo-user:/var/chroot/named:/sbin/nologin +ntpd:*:15:15::0:0:& pseudo-user:/var/chroot/ntpd:/sbin/nologin +sshd:*:16:16::0:0:& pseudo-user:/var/chroot/sshd:/sbin/nologin +_pflogd:*:18:18::0:0:& pseudo-user:/var/chroot/pflogd:/sbin/nologin +_rwhod:*:19:19::0:0:& pseudo-user:/var/rwho:/sbin/nologin +_proxy:*:21:21::0:0:Proxy Services:/nonexistent:/sbin/nologin +_timedc:*:22:22::0:0:& pseudo-user:/nonexistent:/sbin/nologin +_sdpd:*:23:23::0:0:& pseudo-user:/nonexistent:/sbin/nologin +_httpd:*:24:24::0:0:& pseudo-user:/var/www:/sbin/nologin +_mdnsd:*:25:25::0:0:& pseudo-user:/nonexistent:/sbin/nologin +_tests:*:26:26::0:0:& pseudo-user:/nonexistent:/sbin/nologin +_tcpdump:*:27:27::0:0:& pseudo-user:/var/chroot/tcpdump:/sbin/nologin +_tss:*:28:28::0:0:& pseudo-user:/var/tpm:/sbin/nologin +_rtadvd:*:30:30::0:0:& pseudo-user:/var/chroot/rtadvd:/sbin/nologin +uucp:*:66:1::0:0:UNIX-to-UNIX Copy:/nonexistent:/sbin/nologin +service:*:999:0::0:0:System Services:/:/sbin/nologin +nobody:*:32767:39::0:0:Unprivileged user:/nonexistent:/sbin/nologin diff --git a/etc/mtree/special b/etc/mtree/special index c86713cae..a58a930ff 100644 --- a/etc/mtree/special +++ b/etc/mtree/special @@ -13,8 +13,7 @@ # with diff(1)s if $check_changelist is enabled. # -#__MINIX: gname is not wheel -/set uname=root gname=operator +/set uname=root gname=wheel . type=dir mode=0755 diff --git a/etc/rc.subr b/etc/rc.subr index 6bda65e79..d76c17509 100644 --- a/etc/rc.subr +++ b/etc/rc.subr @@ -1053,13 +1053,13 @@ backup_file() ci -q -f -u -t-"$_msg0" -m"$_msg1" $_cur rcs -q -kb -U $_cur co -q -f -u $_cur - chown root:operator $_cur $_cur,v + chown root:wheel $_cur $_cur,v ;; remove) cp /dev/null $_cur ci -q -f -u -t-"$_msg0" -m"$_msg1" $_cur rcs -q -kb -U $_cur - chown root:operator $_cur $_cur,v + chown root:wheel $_cur $_cur,v rm $_cur ;; esac @@ -1070,7 +1070,7 @@ backup_file() cp -p $_cur $_back fi cp -p $_file $_cur - chown root:operator $_cur + chown root:wheel $_cur ;; remove) mv -f $_cur $_back diff --git a/external/mit/xorg/share/fonts/Makefile.mkfontscale b/external/mit/xorg/share/fonts/Makefile.mkfontscale index ead5eced4..7b9109a70 100644 --- a/external/mit/xorg/share/fonts/Makefile.mkfontscale +++ b/external/mit/xorg/share/fonts/Makefile.mkfontscale @@ -14,12 +14,11 @@ _MAKEFILE_MKFONTSCALE_=1 MKFONTSCALEDIR!= cd ${NETBSDSRCDIR}/external/mit/xorg/tools/mkfontscale && ${PRINTOBJDIR} MKFONTSCALE= ${MKFONTSCALEDIR}/mkfontscale -#__MINIX: gname=operator instead of wheel afterinstall: create.fonts.dir create.fonts.scale .if ${MKUNPRIVED} != "no" - echo ".${FILESDIR}/fonts.dir type=file mode=0444 uname=root gname=operator" \ + echo ".${FILESDIR}/fonts.dir type=file mode=0444 uname=root gname=wheel" \ | ${METALOG.add} - echo ".${FILESDIR}/fonts.scale type=file mode=0444 uname=root gname=operator" \ + echo ".${FILESDIR}/fonts.scale type=file mode=0444 uname=root gname=wheel" \ | ${METALOG.add} .endif ${_MKMSG_INSTALL} ${DESTDIR}${FILESDIR}/encodings.dir diff --git a/minix/commands/MAKEDEV/MAKEDEV.sh b/minix/commands/MAKEDEV/MAKEDEV.sh index 81330b6fa..78d647dcb 100755 --- a/minix/commands/MAKEDEV/MAKEDEV.sh +++ b/minix/commands/MAKEDEV/MAKEDEV.sh @@ -191,7 +191,7 @@ for dev in ${DEVICES} do # Reset the defaults uname=root - gname=operator + gname=wheel permissions=600 case ${dev} in diff --git a/minix/commands/term/Makefile b/minix/commands/term/Makefile index c07f4c436..7a9ff40db 100644 --- a/minix/commands/term/Makefile +++ b/minix/commands/term/Makefile @@ -1,5 +1,3 @@ PROG= term -BINGRP= uucp -BINMODE= 2755 .include diff --git a/minix/drivers/storage/ramdisk/Makefile b/minix/drivers/storage/ramdisk/Makefile index a51e6298a..05524c63f 100644 --- a/minix/drivers/storage/ramdisk/Makefile +++ b/minix/drivers/storage/ramdisk/Makefile @@ -190,9 +190,9 @@ etc/master.passwd: ${NETBSDSRCDIR}/etc/master.passwd ${TOOL_PWD_MKDB} -V 0 -p -d . etc/master.passwd proto.dev.mtree: - @echo ". type=dir uname=root gname=operator mode=0755" \ + @echo ". type=dir uname=root gname=wheel mode=0755" \ >${.TARGET}.tmp && \ - echo "./dev type=dir uname=root gname=operator mode=0755" \ + echo "./dev type=dir uname=root gname=wheel mode=0755" \ >>${.TARGET}.tmp && \ ${NETBSDSRCDIR}/minix/commands/MAKEDEV/MAKEDEV.sh -m -r \ >> ${.TARGET}.tmp && mv ${.TARGET}.tmp ${.TARGET} diff --git a/minix/fs/hgfs/hgfs.8 b/minix/fs/hgfs/hgfs.8 index d5da3b113..85db0b4d3 100644 --- a/minix/fs/hgfs/hgfs.8 +++ b/minix/fs/hgfs/hgfs.8 @@ -32,7 +32,7 @@ The default is root (the number \fB0\fR). .TP \fBgid=\fInumber\fR Likewise, sets the group ID for all files and directories. -The default is operator (the number \fB0\fR). +The default is wheel (the number \fB0\fR). .TP \fBfmask=\fInumber\fR This option sets the file permission mask of regular files. It is specified as diff --git a/minix/fs/isofs/mount.c b/minix/fs/isofs/mount.c index 3e4429531..54160b040 100644 --- a/minix/fs/isofs/mount.c +++ b/minix/fs/isofs/mount.c @@ -24,7 +24,7 @@ int fs_mount(dev_t dev, unsigned int __unused flags, root_node->fn_mode = v_pri.inode_root->i_stat.st_mode; root_node->fn_size = v_pri.inode_root->i_stat.st_size; root_node->fn_uid = SYS_UID; /* Always root */ - root_node->fn_gid = SYS_GID; /* operator */ + root_node->fn_gid = SYS_GID; /* wheel */ root_node->fn_dev = NO_DEV; *res_flags = RES_NOFLAGS; diff --git a/minix/fs/vbfs/vbfs.8 b/minix/fs/vbfs/vbfs.8 index 3f7431724..64c8c6ec0 100644 --- a/minix/fs/vbfs/vbfs.8 +++ b/minix/fs/vbfs/vbfs.8 @@ -35,7 +35,7 @@ The default is root (the number \fB0\fR). .TP \fBgid=\fInumber\fR Likewise, sets the group ID for all files and directories. -The default is operator (the number \fB0\fR). +The default is wheel (the number \fB0\fR). .TP \fBfmask=\fInumber\fR This option sets the file permission mask of regular files. It is specified as diff --git a/minix/include/minix/rs.h b/minix/include/minix/rs.h index 153fe1ffa..89005e6e6 100644 --- a/minix/include/minix/rs.h +++ b/minix/include/minix/rs.h @@ -13,11 +13,13 @@ Interface to the reincarnation server #define SERVICE_LOGIN "service" /* passwd file entry for services */ -/* The following definition should be kept in sync with the actual /etc/passwd - * value for SERVICE_LOGIN for now, and removed altogether once we are able to - * obtain its value dynamically everywhere. +/* The following definition should be kept in sync with the actual + * /etc/master.passwd value for SERVICE_LOGIN for now, and removed altogether + * once we are able to obtain its value dynamically everywhere. The value has + * been chosen so as to avoid creating conflicts with future NetBSD additions + * to the password files, although one can never be sure. */ -#define SERVICE_UID 12 /* user ID for services */ +#define SERVICE_UID 999 /* user ID for services */ /* RSS definitions. */ #define RSS_NR_IRQ 16 diff --git a/minix/servers/rs/main.c b/minix/servers/rs/main.c index 4b3255737..f2391a177 100644 --- a/minix/servers/rs/main.c +++ b/minix/servers/rs/main.c @@ -442,7 +442,7 @@ static int sef_cb_init_fresh(int UNUSED(type), sef_init_info_t *UNUSED(info)) panic("unable to clone current RS instance: %d", s); } - /* Fork a new RS instance with root:operator. */ + /* Fork a new RS instance with root:wheel. */ pid = srv_fork(0, 0); if(pid < 0) { panic("unable to fork a new RS instance: %d", pid); diff --git a/minix/servers/rs/manager.c b/minix/servers/rs/manager.c index d40850ce3..85b81582c 100644 --- a/minix/servers/rs/manager.c +++ b/minix/servers/rs/manager.c @@ -572,7 +572,7 @@ struct rproc *rp; */ if(rs_verbose) printf("RS: forking child with srv_fork()...\n"); - child_pid= srv_fork(rp->r_uid, 0); /* Force group to operator for now */ + child_pid= srv_fork(rp->r_uid, 0); /* Force group to wheel for now */ if(child_pid < 0) { printf("RS: srv_fork() failed (error %d)\n", child_pid); free_slot(rp); diff --git a/minix/tests/test88.c b/minix/tests/test88.c index 056ea46e4..865682769 100644 --- a/minix/tests/test88.c +++ b/minix/tests/test88.c @@ -22,7 +22,7 @@ #define KEY_C (KEY_A + 2) #define ROOT_USER "root" /* name of root */ -#define ROOT_GROUP "operator" /* name of root's group */ +#define ROOT_GROUP "wheel" /* name of root's group */ #define NONROOT_USER "bin" /* name of any unprivileged user */ #define NONROOT_GROUP "bin" /* name of any unprivileged group */ diff --git a/minix/tests/testmfs.sh b/minix/tests/testmfs.sh index c118276e4..279d2e9bb 100755 --- a/minix/tests/testmfs.sh +++ b/minix/tests/testmfs.sh @@ -1,15 +1,15 @@ #!/bin/sh # expected sha1sum of the FS image -expect=55d61f457204c206628c848771a1f9d75cfa3afa +expect=98bcafa04cb1eb75b7add6c95eb587c37f5050e0 set -e # ownership matters for the proto file. -# the run script runs us with uid 2, gid 0. -if [ "`id -u`" != 2 -o "`id -g`" != 0 ] +# the run script runs us with user "bin" (3), group "bin" (7). +if [ "`id -u`" != 3 -o "`id -g`" != 7 ] then - echo "test script should be run with uid 2, gid 0." + echo "test script should be run with uid 3, gid 7." exit 1 fi @@ -73,6 +73,8 @@ dd if=/dev/zero seek=$BLOCKS of=$fsimage count=1 bs=$BS >/dev/null 2>&1 /sbin/mkfs.mfs -T 1 -b $BLOCKS -i $INODES $fsimage $protofile >/dev/null 2>&1 sum="`sha1 $fsimage | awk '{ print $4 }'`" +rm -rf $testdir $protofile $fsimage + if [ $sum != $expect ] then echo sum $sum is not expected $expect diff --git a/minix/usr.sbin/mkfs.mfs/mkfs.c b/minix/usr.sbin/mkfs.mfs/mkfs.c index 8a10fa31c..879032cc4 100644 --- a/minix/usr.sbin/mkfs.mfs/mkfs.c +++ b/minix/usr.sbin/mkfs.mfs/mkfs.c @@ -43,9 +43,6 @@ #define MAX_TOKENS 10 #define LINE_LEN 300 -/* XXX why do we not use 0 / SU_ID ? */ -#define BIN 2 -#define BINGRP 2 /* some Minix specific types that do not conflict with Posix */ #ifndef block_t @@ -339,8 +336,8 @@ main(int argc, char *argv[]) /* Make simple file system of the given size, using defaults. */ mode = 040777; - usrid = BIN; - grpid = BINGRP; + usrid = 0; + grpid = 0; simple = 1; } diff --git a/share/mk/bsd.own.mk b/share/mk/bsd.own.mk index b5f075a60..daecca8cc 100644 --- a/share/mk/bsd.own.mk +++ b/share/mk/bsd.own.mk @@ -18,13 +18,6 @@ NO_LIBGOMP?= yes BINMODE?= 755 NONBINMODE?= 644 MANDIR?= /usr/man -BINGRP?= operator -MANGRP?= operator -INFOGRP?= operator -DOCGRP?= operator -LOCALEGRP?= operator -NLSGRP?= operator -DEBUGGRP?= operator MKKYUA?= yes MKMCLINKER?= no