Remove root from the kmem, sys, tty, and staff groups in the default

configuration. Root privileges override DAC on local file systems and therefore root does not generally need to be a member of a group to access files owned by that group. In the NFS case, require explicit authorization for root to have these privileges. Leave root in operator for dump/restore broadcast reasons; leave root in wheel until discrepencies in the "no users in wheel means any user can su" policy are resolved (possibly indefinitely).
svn path=/head/; revision=105055
2024-09-06 09:10:28 +00:00 · 2002-10-13 17:00:37 +00:00 · 2002-10-13 17:00:37 +00:00 · 975819b705 · 2020-12-20 02:59:44 +00:00
parent 4275e0d98d
commit 975819b705
1 changed files with 4 additions and 4 deletions
--- a/etc/group
+++ b/etc/group
@ -2,16 +2,16 @@
 #
 wheel:*:0:root
 daemon:*:1:
-kmem:*:2:root
-sys:*:3:root
-tty:*:4:root
+kmem:*:2:
+sys:*:3:
+tty:*:4:
 operator:*:5:root
 mail:*:6:
 bin:*:7:
 news:*:8:
 man:*:9:
 games:*:13:
-staff:*:20:root
+staff:*:20:
 sshd:*:22:
 smmsp:*:25:
 mailnull:*:26: