Add a _file user and use for privsep, ok deraadt

9 years ago · c9b4c6254f
--- a/src/etc/group
+++ b/src/etc/group
@ -61,6 +61,7 @@ _ldapd:*:100:
 _iked:*:101:
 _iscsid:*:102:
 _smtpq:*:103:
 _file:*:104:
 dialer:*:117:
 nogroup:*:32766:
 nobody:*:32767:
--- a/src/etc/mail/aliases
+++ b/src/etc/mail/aliases
@ -1,5 +1,5 @@
 #
 #	$OpenBSD: aliases,v 1.47 2014/09/20 09:59:52 ajacoutot Exp $
 #	$OpenBSD: aliases,v 1.48 2015/04/27 13:48:06 nicm Exp $
 #
 #  Aliases in this file will NOT be expanded in the header from
 #  Mail, but WILL be visible over networks or from /usr/libexec/mail.local.
@ -24,6 +24,7 @@ www:	root
 _bgpd: /dev/null
 _dhcp: /dev/null
 _dvmrpd: /dev/null
 _file: /dev/null
 _fingerd: /dev/null
 _ftp: /dev/null
 _hostapd: /dev/null
--- a/src/etc/master.passwd
+++ b/src/etc/master.passwd
@ -44,4 +44,5 @@ _ldapd:*:100:100::0:0:LDAP Daemon:/var/empty:/sbin/nologin
 _iked:*:101:101::0:0:IKEv2 Daemon:/var/empty:/sbin/nologin
 _iscsid:*:102:102::0:0:iSCSI Daemon:/var/empty:/sbin/nologin
 _smtpq:*:103:103::0:0:SMTP Daemon:/var/empty:/sbin/nologin
 _file:*:104:104::0:0:file privsep:/var/empty:/sbin/nologin
 nobody:*:32767:32767::0:0:Unprivileged user:/nonexistent:/sbin/nologin