|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
||||
This is what I have so far:
# groupadd _svn # useradd -d /var/svn -m -c "Subversion svnserve" -g _svn -L daemon -s /sbin/nologin _svn $ userinfo _svn Code:
login _svn passwd * uid 1001 groups _svn change NEVER class daemon gecos Subversion svnserve dir /var/svn shell /sbin/nologin expire NEVER $ ls -la /var/svn Code:
total 36 drwxr-xr-x 3 _svn _svn 512 Feb 13 19:43 ./ drwxr-xr-x 28 root wheel 512 Apr 9 17:09 ../ -rw-r--r-- 1 _svn _svn 87 Aug 16 2015 .Xdefaults -rw-r--r-- 1 _svn _svn 773 Aug 16 2015 .cshrc -rw-r--r-- 1 _svn _svn 103 Aug 16 2015 .cvsrc -rw-r--r-- 1 _svn _svn 398 Aug 16 2015 .login -rw-r--r-- 1 _svn _svn 175 Aug 16 2015 .mailrc -rw-r--r-- 1 _svn _svn 218 Aug 16 2015 .profile drwx------ 2 _svn _svn 512 Feb 13 19:43 .ssh/ # rm -rf /var/svn/.* ) and move forward with the Subversion on OpenBSD: svnserve+sasl exploration and see what happens...
|
|
||||
There are a number of users who never log on, instead the uids (and gids) run processes. When these processes are used as a component of privilege separation, the unprivileged tasks run as the unprivileged user.
Take dhclient(8), for example, as it is a common program most of us use. Its subtasks are separated into those that require super user privileges, such as attaching low-numbered ports and writing to files as root, and those that do not, such as everything else. The unprivileged process is started by root, and the process runs as the user _dhcp, which is uid 77, gid 77. The user never logs on, and never uses a shell. It's $HOME is set to /var/empty. When usernames and uid/gid numbers are needed for ports, they will be added by pkg_add(1) based on packing list instructions @newgroup and @newuser. These are documented in pkg_create(1), but I've never run pkg_create directly -- I just use my ports' PLIST files. (None of my ports have daemons, but I have manually edited some of my PLIST files to add custom requirements, or to adjust automatically created packing lists.) The uid/gid numbers below 1000 for ports are reserved; the list of uids/gids is maintained in /usr/ports/infrastructure/db/user.list. Last edited by jggimi; 10th April 2016 at 12:35 AM. Reason: typos |
|
|||
Quote:
Tim. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
User Store, Auth, VPN and Multi-user apps/software | montie | OpenBSD Packages and Ports | 9 | 9th January 2015 09:51 PM |
wheel group missing in group file | nikolajg | FreeBSD Security | 6 | 5th October 2012 06:18 PM |
duig script - delete user in group | wesley | Guides | 14 | 16th December 2010 04:27 AM |
Canadian BSD user group.. | BSDfan666 | Off-Topic | 5 | 11th January 2009 03:37 PM |
Run daemon as other user than root | phreud | FreeBSD General | 8 | 11th November 2008 04:11 AM |