[TUHS] historical users and groups

Jose R. Valverde jrvalverde at cnb.csic.es
Wed Jan 14 23:33:02 AEST 2009

A bit of digging brought out the following snippet from 4.3BSD System
Manager Manual:

     System security  changes  require  adding  several  new
``well-known''  groups  to  /etc/group.  The groups that are
needed by the system as distributed are:


Only users in the ``wheel'' group are  permitted  to  su  to
``root''.    Most   programs   that  manage  directories  in
/usr/spool now run set-group-id to ``daemon'' so that  users
cannot  directly  access the files in the spool directories.
The special files that access kernel memory,  /dev/kmem  and
/dev/mem,  are  made readable only by group ``kmem''.  Stan-
dard system programs that require this access are made  set-
group-id  to  that  group.  The group ``sys'' is intended to
control access to system sources, and other  sources  belong
to  group ``staff.'' Rather than make user's terminals writ-
able by all users, they are now placed in group ``tty''  and
made only group writable.  Programs that should legitimately
have access to write on user's terminals such  as  talk  and
write  now  run  set-group-id  to ``tty''.  The ``operator''
group controls access to disks.  By default, disks are read-
able  by group ``operator'', so that programs such as df can
access the file system information without being set-user-id
to ``root''.

     Several new users have also been added to the group  of
``well-known'' users in /etc/passwd.  The current list is:


The ``daemon'' user is used for daemon processes that do not
need  root  privileges.  The ``operator'' user-id is used as
an account for dumpers so that they can log in without  hav-
ing  the root password.  By placing them in the ``operator''
group, they can get read access to the disks.  The  ``uucp''
login has existed long before 4.3BSD, and is noted here just
to provide a common user-id.  The password entry  ``nobody''
has been added to specify the user with least privilege.

So my previous recollections were not totally correct. Sorry. I guess as
one grows older memory starts to fail. As for today's usefulness... if 
you google each user/group up you'll see they still are meaningful in
many setups.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20090114/bf910891/attachment.sig>

More information about the TUHS mailing list