Slackware's passwd & group - pyllyukko/harden.yml GitHub Wiki
This describes the changes in Slackware's passwd and group files over the years. Also trying to track down some of the mystery legacy users and groups and the anomalous file/dir ownerships.
Users
(From 15.0)
| User | UID | Processes |
|---|---|---|
| bin | 1 | |
| daemon | 2 | atd |
| adm | 3 | |
| lp | 4 | |
| sync | 5 | |
| shutdown | 6 | |
| halt | 7 | |
| 8 | ||
| news | 9 | |
| uucp | 10 | |
| operator | 11 | |
| games | 12 | |
| ftp | 14 | |
| smmsp | 25 | |
| mysql | 27 | |
| rpc | 32 | |
| sshd | 33 | |
| gdm | 42 | |
| ntp | 44 | ntpd |
| icecc | 49 | |
| oprofile | 51 | |
| usbmux | 52 | |
| named | 53 | |
| sddm | 64 | |
| pulse | 65 | |
| dhcpcd | 68 | |
| apache | 80 | httpd |
| messagebus | 81 | dbus-daemon |
| haldaemon | 82 | |
| polkitd | 87 | |
| pop | 90 | |
| postfix | 91 | Yes |
| dovecot | 94 | |
| dovenull | 95 | |
| nobody | 99 | |
| ldap | 330 | slapd |
Operator
Probably some old school Unix account. At least FreeBSD seems to use it.
Groups
bin
From users-and-groups:
bin
HELP: No files on my system are owned by user or group
bin. What good are they? Historically they were probably
the owners of binaries in /bin? It is not mentioned in
the FHS, Debian Policy, or the changelogs of base-passwd
or base-files.
LSB 1.3 lists bin as legacy, and says: "The 'bin'
UID/GID is included for compatibility with legacy
applications. New applications should no longer use the
'bin' UID/GID."
seejpeg's Makefile:
install:
install -s -o root -g bin -m 4711 seejpeg $(BIN)
_netpipes.tar.gz:
drwxr-xr-x root/bin 0 1999-01-30 19:11 usr/bin/
-rwxr-xr-x root/bin 0 1999-01-30 19:11 usr/bin/encapsulate
-rwxr-xr-x root/bin 0 1999-01-30 19:11 usr/bin/faucet
-rwxr-xr-x root/bin 0 1999-01-30 19:11 usr/bin/getpeername
-rwxr-xr-x root/bin 0 1999-01-30 19:11 usr/bin/hose
-rwxr-xr-x root/bin 0 1999-01-30 19:11 usr/bin/sockdown
-rwxr-xr-x root/bin 0 1999-01-30 19:11 usr/bin/timelimit
_procmail.tar.gz:
drwxr-xr-x root/bin 0 1995-12-06 00:02 usr/bin/
-rwsr-sr-x root/mail 0 1995-12-06 00:01 usr/bin/procmail
-rwxr-sr-x root/mail 0 1995-12-06 00:01 usr/bin/lockfile
-rwxr-xr-x root/bin 0 1995-12-06 00:02 usr/bin/formail
-rwxr-xr-x root/bin 0 1995-12-06 00:03 usr/bin/mailstat
_uucp.tar.gz:
drwxr-xr-x root/bin 0 2003-06-06 00:37 usr/bin/
drwxr-xr-x root/bin 0 2003-06-06 00:37 usr/sbin/
daemon
(From Debian)
Some unprivileged daemons that need to write to files on disk run as daemon.daemon (e.g., portmap, atd, probably others). Daemons that don't need to own any files can run as nobody.nogroup instead, and more complex or security conscious daemons run as dedicated users. The daemon user is also handy for locally installed daemons.
In Slackware 15.0 daemon owns the following files (bzcat MANIFEST.bz2 | gawk '$2 ~ /daemon/{print}'):
++========================================
||
|| Package: ./ap/at-3.2.4-x86_64-1.txz
||
++========================================
-rw-r----- root/daemon 144 2022-01-30 14:07 etc/at.deny.new
-rwsr-sr-x daemon/daemon 56288 2022-01-30 14:07 usr/bin/at
drwxrwx--T daemon/daemon 0 2022-01-30 14:07 var/spool/atjobs/
-rw------- daemon/daemon 0 2022-01-30 14:07 var/spool/atjobs/.SEQ
drwxrwx--T daemon/daemon 0 2022-01-30 14:07 var/spool/atspool/
lp
(Debian)
Members of this group can enable and use printers. (The user lp is not used anymore.)
sys
Not seen in the MANIFEST.
power
/usr/share/polkit-1/rules.d/10-enable-upower-suspend.rules:
polkit.addRule(
function(action, subject) {
if ( (action.id == "org.freedesktop.upower.suspend" ||
action.id == "org.freedesktop.upower.hibernate")
&& subject.isInGroup("power") ) {
return polkit.Result.YES;
}
}
);
$ bzcat MANIFEST.bz2 | gawk '$2 ~ /mail/{print}'
drwxrwxrwt root/mail 0 2022-01-11 14:20 var/spool/mail/
-rwxr-sr-x root/mail 18768 2021-02-13 06:25 usr/bin/lockfile
-rwsr-sr-x root/mail 85176 2021-02-13 06:25 usr/bin/procmail
| Path | Package |
|---|---|
| var/spool/mail/ | aaa_base |
| usr/bin/lockfile | procmail |
| usr/bin/procmail | procmail |
games
Slackware 15.0:
$ bzcat MANIFEST.bz2 | gawk '$2 ~ /games/{print}'
crw-rw---- root/games 15,129 2001-02-10 20:06 dev/djs1
crw-rw---- root/games 15,130 2001-02-10 20:06 dev/djs2
crw-rw---- root/games 15,128 2001-02-10 20:06 dev/djs0
crw-rw---- root/games 15,131 2001-02-10 20:06 dev/djs3
-rwxr-sr-x root/games 2572944 2021-02-13 07:56 usr/share/games/nethack/nethack
-rwxr-sr-x root/games 14552 2021-02-13 07:56 usr/share/games/nethack/recover
drwxrwxr-x root/games 0 2021-02-13 07:56 var/lib/nethack/
-rw-rw-r-- root/games 4875 2021-02-13 07:56 var/lib/nethack/license
-rw-rw-r-- root/games 0 2021-02-13 07:56 var/lib/nethack/logfile
-rw-rw-r-- root/games 1383064 2021-02-13 07:56 var/lib/nethack/nhdat
-rw-rw-r-- root/games 0 2021-02-13 07:56 var/lib/nethack/perm
-rw-rw-r-- root/games 0 2021-02-13 07:56 var/lib/nethack/record
drwxrwxr-x root/games 0 2021-02-13 07:56 var/lib/nethack/save/
-rw-rw-r-- root/games 16756 2021-02-13 07:56 var/lib/nethack/symbols
-rw-rw-r-- root/games 5718 2021-02-13 07:56 var/lib/nethack/sysconf
-rw-rw-r-- root/games 0 2021-02-13 07:56 var/lib/nethack/xlogfile
3.3
passwd
halt:x:7:0:halt:/sbin:/sbin/halt
operator:x:11:0:operator:/root:/bin/bash
root:x:0:0::/root:/bin/bash
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
sync:x:5:0:sync:/sbin:/bin/sync
bin:x:1:1:bin:/bin:
ftp:x:404:1::/home/ftp:/bin/bash
daemon:x:2:2:daemon:/sbin:
adm:x:3:4:adm:/var/adm:
lp:x:4:7:lp:/var/spool/lpd:
mail:x:8:12:mail:/var/spool/mail:
postmaster:x:14:12:postmaster:/var/spool/mail:/bin/bash
news:x:9:13:news:/usr/lib/news:
uucp:x:10:14:uucp:/var/spool/uucppublic:
man:x:13:15:man:/usr/man:
games:x:12:100:games:/usr/games:
guest:x:405:100:guest:/dev/null:/dev/null
nobody:x:65534:100:nobody:/dev/null:
group
root::0:root
bin::1:root,bin,daemon
daemon::2:root,bin,daemon
sys::3:root,bin,adm
adm::4:root,adm,daemon
tty::5:
disk::6:root,adm
lp::7:lp
mem::8:
kmem::9:
wheel::10:root
floppy::11:root
mail::12:mail
news::13:news
uucp::14:uucp
man::15:man
users::100:games
nogroup::-2:
3.3 -> 3.4
No changes.
8.1
diff from 3.3
passwd
passwd from 3.3 is sorted.
1c1
< adm:x:3:4:adm:/var/adm:
---
> adm:x:3:4:adm:/var/log:
4c4
< ftp:x:404:1::/home/ftp:/bin/bash
---
> ftp:x:14:50::/home/ftp:
6c6
< guest:x:405:100:guest:/dev/null:/dev/null
---
> gdm:x:42:42:GDM:/var/state/gdm:/bin/bash
9,10c9,10
< mail:x:8:12:mail:/var/spool/mail:
< man:x:13:15:man:/usr/man:
---
> mail:x:8:12:mail:/:
> mysql:x:27:27:MySQL:/var/lib/mysql:/bin/bash
12c12
< nobody:x:65534:100:nobody:/dev/null:
---
> nobody:x:99:99:nobody:/:
14c14
< postmaster:x:14:12:postmaster:/var/spool/mail:/bin/bash
---
> pop:x:90:90:POP:/:
15a16
> rpc:x:32:32:RPC portmap user:/:/bin/false
16a18
> smmsp:x:25:25:smmsp:/var/spool/clientmqueue:
ChangeLog:
Wed May 29 23:22:15 PDT 2002
a/etc-5.0-i386-5.tgz: Added Eterm to /etc/termcap (thanks to Roland Dobbins).
Added missing rpc user/group (thanks to Dominik L. Borkowski).
----------------------------
Wed May 8 23:03:11 PDT 2002
a/etc-5.0-i386-2.tgz: Added smmsp and pop to /etc/shadow.
----------------------------
Thu Feb 14 22:48:13 PST 2002
a/etc-4.7-i386-1.tgz: Added slack-desc, merged into tree.
Added smmsp user/group for sendmail, update /etc/services.
group
16,18c16,28
< man::15:man
< users::100:games
< nogroup::-2:
---
> man::15:
> games::20:
> slocate:x:21:
> smmsp::25:smmsp
> mysql::27:
> rpc:x:32:
> gdm::42:
> ftp::50:
> pop::90:pop
> nobody::98:nobody
> nogroup::99:
> users::100:
> console:x:101:
passwd
root:x:0:0::/root:/bin/bash
bin:x:1:1:bin:/bin:
daemon:x:2:2:daemon:/sbin:
adm:x:3:4:adm:/var/log:
lp:x:4:7:lp:/var/spool/lpd:
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/:
news:x:9:13:news:/usr/lib/news:
uucp:x:10:14:uucp:/var/spool/uucppublic:
operator:x:11:0:operator:/root:/bin/bash
games:x:12:100:games:/usr/games:
ftp:x:14:50::/home/ftp:
smmsp:x:25:25:smmsp:/var/spool/clientmqueue:
mysql:x:27:27:MySQL:/var/lib/mysql:/bin/bash
rpc:x:32:32:RPC portmap user:/:/bin/false
gdm:x:42:42:GDM:/var/state/gdm:/bin/bash
pop:x:90:90:POP:/:
nobody:x:99:99:nobody:/:
group
root::0:root
bin::1:root,bin,daemon
daemon::2:root,bin,daemon
sys::3:root,bin,adm
adm::4:root,adm,daemon
tty::5:
disk::6:root,adm
lp::7:lp
mem::8:
kmem::9:
wheel::10:root
floppy::11:root
mail::12:mail
news::13:news
uucp::14:uucp
man::15:
games::20:
slocate:x:21:
smmsp::25:smmsp
mysql::27:
rpc:x:32:
gdm::42:
ftp::50:
pop::90:pop
nobody::98:nobody
nogroup::99:
users::100:
console:x:101:
8.1 -> 9.0
No changes.
9.0 -> 9.1
passwd
17a18
> sshd:x:33:33:sshd:/:
group
18c18,19
< slocate:x:21:
---
> slocate::21:
> utmp::22:
21c22,23
< rpc:x:32:
---
> rpc::32:
> sshd::33:sshd
22a25
> shadow::43:
28c31
< console:x:101:
---
> console::101:
ChangeLog
Tue Jun 17 16:20:17 PDT 2003
a/etc-5.1-noarch-3.tgz: Added /etc/shadow entry for sshd user.
+--------------------------+
Fri Jun 13 23:02:35 PDT 2003
a/etc-5.1-noarch-2.tgz: Removed 'x' from non-shadowed /etc/group entries.
Added sshd user to /etc/passwd and sshd group to /etc/group.
Fixed a bug installing a new /var/run/utmp.
l/utempter-0.5.2-i486-2.tgz: Don't include an 'x' if group utmp must be added.
+--------------------------+
Sun Jun 8 20:53:01 PDT 2003
a/etc-5.1-noarch-1.tgz: Added utmp and shadow to /etc/group.
/etc/shadow is now readable by group shadow, and /var/run/utmp and
/var/log/wtmp are read-writable by group utmp.
9.1 -> 10.0
passwd
No changes.
group
16a17,19
> audio::17:
> video::18:
> cdrom::19:
ChangeLog
Sun Jun 20 02:07:22 PDT 2004
This is Slackware 10.0 release candidate 2.
a/etc-5.1-noarch-9.tgz: Make sure audio/video/cdrom groups are installed.
(Thanks to Piter PUNK)
+--------------------------+
Fri May 21 01:39:02 PDT 2004
a/etc-5.1-noarch-8.tgz: Add to /etc/group: audio(17), video(18), cdrom(19).
10.0 -> 10.1
No changes.
10.1 -> 10.2
passwd
No changes.
group
30a31
> scanner::93:
ChangeLog
Fri Jul 29 10:33:59 PDT 2005
a/etc-5.1-noarch-10.tgz: Added scanner group.
10.2 -> 11.0
No changes.
11.0 -> 12.0
passwd
2,5c2,5
< bin:x:1:1:bin:/bin:
< daemon:x:2:2:daemon:/sbin:
< adm:x:3:4:adm:/var/log:
< lp:x:4:7:lp:/var/spool/lpd:
---
> bin:x:1:1:bin:/bin:/bin/false
> daemon:x:2:2:daemon:/sbin:/bin/false
> adm:x:3:4:adm:/var/log:/bin/false
> lp:x:4:7:lp:/var/spool/lpd:/bin/false
9,11c9,11
< mail:x:8:12:mail:/:
< news:x:9:13:news:/usr/lib/news:
< uucp:x:10:14:uucp:/var/spool/uucppublic:
---
> mail:x:8:12:mail:/:/bin/false
> news:x:9:13:news:/usr/lib/news:/bin/false
> uucp:x:10:14:uucp:/var/spool/uucppublic:/bin/false
13,15c13,15
< games:x:12:100:games:/usr/games:
< ftp:x:14:50::/home/ftp:
< smmsp:x:25:25:smmsp:/var/spool/clientmqueue:
---
> games:x:12:100:games:/usr/games:/bin/false
> ftp:x:14:50::/home/ftp:/bin/false
> smmsp:x:25:25:smmsp:/var/spool/clientmqueue:/bin/false
18c18
< sshd:x:33:33:sshd:/:
---
> sshd:x:33:33:sshd:/:/bin/false
20,21c20,24
< pop:x:90:90:POP:/:
< nobody:x:99:99:nobody:/:
---
> apache:x:80:80:User for Apache:/srv/httpd:/bin/false
> messagebus:x:81:81:User for D-BUS:/var/run/dbus:/bin/false
> haldaemon:x:82:82:User for HAL:/var/run/hald:/bin/false
> pop:x:90:90:POP:/:/bin/false
> nobody:x:99:99:nobody:/:/bin/false
group
11.0 -> 12.0
29a30,34
> apache:x:80:
> messagebus:x:81:
> haldaemon:x:82:
> plugdev:x:83:
> power:x:84:
ChangeLog
Mon May 28 20:03:53 CDT 2007
a/etc-11.1-noarch-6.tgz: Added power (84) group to /etc/group.
Added haldaemon (82) user to /etc/passwd, group to /etc/group, and empty
shadow line to /etc/shadow.
+--------------------------+
Sat May 19 15:49:00 CDT 2007
a/etc-11.1-noarch-5.tgz: Added plugdev group (83). Added apache user and
group (80).
+--------------------------+
Tue May 15 21:50:17 CDT 2007
a/etc-11.1-noarch-4.tgz: The lack of a shadow entry for "messagebus" was
bothering some people, so it was added (but it should make no difference).
+--------------------------+
Sat Mar 17 19:14:35 CDT 2007
a/etc-11.1-noarch-1.tgz:
Added messagebus uid/gid (81).
12.0 -> 12.1
passwd
16c16
< mysql:x:27:27:MySQL:/var/lib/mysql:/bin/bash
---
> mysql:x:27:27:MySQL:/var/lib/mysql:/bin/false
group
All the group entries now have :x:.
1,29c1,30
< root::0:root
< bin::1:root,bin,daemon
< daemon::2:root,bin,daemon
< sys::3:root,bin,adm
< adm::4:root,adm,daemon
< tty::5:
< disk::6:root,adm
< lp::7:lp
< mem::8:
< kmem::9:
< wheel::10:root
< floppy::11:root
< mail::12:mail
< news::13:news
< uucp::14:uucp
< man::15:
< audio::17:
< video::18:
< cdrom::19:
< games::20:
< slocate::21:
< utmp::22:
< smmsp::25:smmsp
< mysql::27:
< rpc::32:
< sshd::33:sshd
< gdm::42:
< shadow::43:
< ftp::50:
---
> root:x:0:root
> bin:x:1:root,bin
> daemon:x:2:root,bin,daemon
> sys:x:3:root,bin,adm
> adm:x:4:root,adm,daemon
> tty:x:5:
> disk:x:6:root,adm
> lp:x:7:lp
> mem:x:8:
> kmem:x:9:
> wheel:x:10:root
> floppy:x:11:root
> mail:x:12:mail
> news:x:13:news
> uucp:x:14:uucp
> man:x:15:
> audio:x:17:root
> video:x:18:root
> cdrom:x:19:root
> games:x:20:
> slocate:x:21:
> utmp:x:22:
> smmsp:x:25:smmsp
> tape:x:26:root
> mysql:x:27:
> rpc:x:32:
> sshd:x:33:sshd
> gdm:x:42:
> shadow:x:43:
> ftp:x:50:
33c34
< plugdev:x:83:
---
> plugdev:x:83:root
35,40c36,41
< pop::90:pop
< scanner::93:
< nobody::98:nobody
< nogroup::99:
< users::100:
< console::101:
---
> pop:x:90:pop
> scanner:x:93:
> nobody:x:98:nobody
> nogroup:x:99:
> users:x:100:
> console:x:101:
ChangeLog
Tue Apr 1 02:41:32 CDT 2008
a/etc-12.1-noarch-4.tgz: Give the mysql user a /bin/false "shell".
Thanks to Noel for the suggestion.
+--------------------------+
Fri Mar 28 23:35:22 CDT 2008
a/etc-12.1-noarch-3.tgz: Installed root into the audio, cdrom, video, plugdev,
and floppy groups _correctly_. This was noticed by a lot of people -- sorry
for the bogus entries in there before. I don't know how I managed that.
(easily ;-)
+--------------------------+
Wed Mar 26 00:21:34 CDT 2008
a/etc-12.1-noarch-2.tgz: Add root to the groups audio, cdrom, video, plugdev,
and floppy. Root already has access to most of these devices, but it doesn't
hurt to provide an example for people who edit /etc/groups manually.
+--------------------------+
Tue Oct 16 14:51:30 CDT 2007
a/etc-12.1-noarch-1.tgz: Added "tape" group.
12.1 -> 12.2
No changes.
12.2 -> 13.0
passwd
19a20
> oprofile:x:51:51:oprofile:/:/bin/false
group
16a17
> dialout:x:16:uucp
30a32
> oprofile:x:51:
35c37,38
< power:x:84:
---
> power:x:84:root
> netdev:x:86:root
37c40
< scanner:x:93:
---
> scanner:x:93:root
ChangeLog
Sun Aug 23 02:32:16 CDT 2009
a/etc-13.0-i486-2.txz:
Ensure that groups added through the install script have "root" as
members where appropriate.
+--------------------------+
Tue Aug 11 01:04:25 CDT 2009
a/etc-13.0-noarch-1.txz: Upgraded.
Added root to power, netdev, and scanner groups in /etc/group.
+--------------------------+
Mon Apr 20 23:38:45 CDT 2009
a/etc-12.34567890-noarch-3.tgz: Added the uucp user to the dialout group.
+--------------------------+
Tue Mar 24 14:00:54 CDT 2009
a/etc-12.34567890-noarch-2.tgz: Fix missing :x: for oprofile in /etc/passwd.
+--------------------------+
Mon Mar 9 21:25:51 CDT 2009
a/etc-12.34567890-noarch-1.tgz: Added uid 51 (oprofile), gid 16 (dialout),
gid 51 (oprofile), and gid 86 (netdev).
13.0 -> 13.1
passwd
No changes.
group
12c12
< floppy:x:11:root
---
> floppy:x:11:
18,20c18,20
< audio:x:17:root
< video:x:18:root
< cdrom:x:19:root
---
> audio:x:17:
> video:x:18:
> cdrom:x:19:
25c25
< tape:x:26:root
---
> tape:x:26:
36,38c36,38
< plugdev:x:83:root
< power:x:84:root
< netdev:x:86:root
---
> plugdev:x:83:
> power:x:84:
> netdev:x:86:
40c40
< scanner:x:93:root
---
> scanner:x:93:
ChangeLog
Mon Mar 1 22:43:53 UTC 2010
a/etc-13.013-i486-1.txz: Rebuilt.
Removed root from several groups in /etc/group where the group is only used
for root-owned files anyway. Updated /etc/services.
13.1 -> 13.37
No changes.
13.37 -> 14.0
No changes.
14.1 -> 14.2
passwd
19c19
< gdm:x:42:42:GDM:/var/state/gdm:/bin/bash
---
> gdm:x:42:42:GDM:/var/lib/gdm:/sbin/nologin
20a21,23
> usbmux:x:52:83:User for usbmux daemon:/var/empty:/bin/false
> sddm:x:64:64:User for SDDM:/var/empty:/bin/false
> pulse:x:65:65:User for PulseAudio:/var/run/pulse:/bin/false
23a27
> polkitd:x:87:87:PolicyKit daemon owner:/var/lib/polkit:/bin/false
group
18c18
< audio:x:17:
---
> audio:x:17:root,pulse
32a33,35
> sddm:x:64:
> pulse:x:65:
> input:x:71:
38a42
> polkitd:x:87:
ChangeLog
Wed Jun 22 21:56:53 UTC 2016
a/etc-14.2-i586-7.txz: Rebuilt.
Added root to the audio group.
+--------------------------+
Sat Mar 26 23:20:34 UTC 2016
a/etc-14.2-i586-6.txz: Rebuilt.
Added polkitd user (UID 87) and group (GID 87).
+--------------------------+
Wed Jan 13 00:01:23 UTC 2016
a/etc-14.2-i586-5.txz: Rebuilt.
Added user (pulse) and group (pulse) for PulseAudio.
Added pulse user to the audio group.
+--------------------------+
Fri Nov 20 05:25:18 UTC 2015
a/etc-14.2-i586-4.txz: Rebuilt.
Added input group, GID 71.
Added SDDM user/group, UID 64, GID 64.
+--------------------------+
Tue Apr 21 23:44:00 UTC 2015
a/etc-14.2-i486-1.txz: Upgraded.
Added usbmux user to /etc/passwd.
15.0
ChangeLog:
Tue Aug 14 00:10:54 UTC 2018
a/etc-15.0-x86_64-8.txz: Rebuilt.
/etc/passwd: Added icecc (UID 49).
/etc/group: Added icecc (GID 49).