Remove root from the kmem, sys, tty, and staff groups in the default

configuration. Root privileges override DAC on local file systems and therefore root does not generally need to be a member of a group to access files owned by that group. In the NFS case, require explicit authorization for root to have these privileges. Leave root in operator for dump/restore broadcast reasons; leave root in wheel until discrepencies in the "no users in wheel means any user can su" policy are resolved (possibly indefinitely).
author: rwatson <rwatson@FreeBSD.org> 2002-10-13 17:00:37 +0000
committer: rwatson <rwatson@FreeBSD.org> 2002-10-13 17:00:37 +0000
commit: e503981b223662e9d3d095ad17e9c76f58520560 (patch)
tree: 218b51bec3dd2c1d25d3e0c16897a16c7d3f0b90 /etc/group
parent: 274818ff2ca9a6508b3360d047e2e90f0816e6a5 (diff)
download: FreeBSD-src-e503981b223662e9d3d095ad17e9c76f58520560.zip
FreeBSD-src-e503981b223662e9d3d095ad17e9c76f58520560.tar.gz
1 files changed, 4 insertions, 4 deletions
diff --git a/etc/group b/etc/group
index 258ab97..a1e1f54 100644
--- a/etc/group
+++ b/etc/group
@@ -2,16 +2,16 @@
 #
 wheel:*:0:root
 daemon:*:1:
-kmem:*:2:root
-sys:*:3:root
-tty:*:4:root
+kmem:*:2:
+sys:*:3:
+tty:*:4:
 operator:*:5:root
 mail:*:6:
 bin:*:7:
 news:*:8:
 man:*:9:
 games:*:13:
-staff:*:20:root
+staff:*:20:
 sshd:*:22:
 smmsp:*:25:
 mailnull:*:26:
author	rwatson <rwatson@FreeBSD.org>	2002-10-13 17:00:37 +0000
committer	rwatson <rwatson@FreeBSD.org>	2002-10-13 17:00:37 +0000
commit	e503981b223662e9d3d095ad17e9c76f58520560 (patch)
tree	218b51bec3dd2c1d25d3e0c16897a16c7d3f0b90 /etc/group
parent	274818ff2ca9a6508b3360d047e2e90f0816e6a5 (diff)
download	FreeBSD-src-e503981b223662e9d3d095ad17e9c76f58520560.zip FreeBSD-src-e503981b223662e9d3d095ad17e9c76f58520560.tar.gz