Distributed audit daemon committed (was: svn commit: r243752 - in head: etc etc/defaults etc/mail etc/mtree etc/rc.d share/man/man4 usr.sbin usr.sbin/auditdistd (fwd))

[Robert Watson]

On Sun, 2 Dec 2012, O. Hartmann wrote:

>> Does mergemaster -p help?
>
> I had the very same problem and complained about it on current at . 
> "mergemaster -p" definitely helped for me and I was given the advise to use 
> mergemaster -p prior to every make installworld.

Just to follow up on this thread, since the question has come up a number of 
times.  "mergemaser -p" should be run prior to installworld always, but most 
of the time will do very little.  One of its responsibilities is to add any 
necessary accounts and groups depended on by base system components -- e.g., 
that will be referenced during installworld as part of setting file ownership 
and groups.

One of the primary sources of new users and groups has been chroot/etc 
sandboxes -- independent from the role of a daemon as a file owner.  My hope 
is that this will reduce over time with increasing use Capsicum sandboxes, 
which don't require custom UIDs/GIDs.  However, there are still cases where 
you want a daemon, for reasons of file and group ownership, to run as a 
specific user, as is the case with auditdistd, which does support Capsicum 
(where enabled).

Robert