From e503981b223662e9d3d095ad17e9c76f58520560 Mon Sep 17 00:00:00 2001
From: rwatson <rwatson@FreeBSD.org>
Date: Sun, 13 Oct 2002 17:00:37 +0000
Subject: Remove root from the kmem, sys, tty, and staff groups in the default
 configuration.  Root privileges override DAC on local file systems and
 therefore root does not generally need to be a member of a group to access
 files owned by that group.  In the NFS case, require explicit authorization
 for root to have these privileges.

Leave root in operator for dump/restore broadcast reasons; leave root
in wheel until discrepencies in the "no users in wheel means any user
can su" policy are resolved (possibly indefinitely).
---
 etc/group | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'etc/group')

diff --git a/etc/group b/etc/group
index 258ab97..a1e1f54 100644
--- a/etc/group
+++ b/etc/group
@@ -2,16 +2,16 @@
 #
 wheel:*:0:root
 daemon:*:1:
-kmem:*:2:root
-sys:*:3:root
-tty:*:4:root
+kmem:*:2:
+sys:*:3:
+tty:*:4:
 operator:*:5:root
 mail:*:6:
 bin:*:7:
 news:*:8:
 man:*:9:
 games:*:13:
-staff:*:20:root
+staff:*:20:
 sshd:*:22:
 smmsp:*:25:
 mailnull:*:26:
-- 
cgit v1.1