All new accounts created on Gitlab now require administrator approval. If you invite any collaborators, please let Flux staff know so they can approve the accounts.

Commit da1f7c03 authored by Mike Hibler's avatar Mike Hibler

Merge branch 'master' of gitlab.flux.utah.edu:emulab/emulab-devel

parents 9e1ea712 280b80fe
......@@ -2015,6 +2015,9 @@ sub DoMaxExtension()
$webtask->output($errmsg) if (defined($errmsg));
$webtask->Exited($errcode);
}
if ($errcode < 0) {
print STDERR "\n\n" . $instance->webURL() . "\n";
}
exit($errcode);
}
......
......@@ -77,12 +77,12 @@ int parse_ptop(tb_pgraph &pg, tb_sgraph &sg, istream& input)
{
int num_nodes = 0;
int line=0,errors=0;
char inbuf[32768];
char inbuf[65536];
string_vector parsed_line;
while (!input.eof()) {
line++;
input.getline(inbuf,32768);
input.getline(inbuf,65536);
parsed_line = split_line(inbuf,' ');
if (parsed_line.size() == 0) {continue;}
......
......@@ -4617,6 +4617,7 @@ outfiles="Makeconf GNUmakefile setversion \
tmcc/ubuntu16/GNUmakefile \
tmcc/ubuntu16-ms/GNUmakefile \
tmcc/ubuntu18/GNUmakefile \
tmcc/ubuntu18-ms/GNUmakefile \
tmcc/linux-ms/GNUmakefile \
tmcc/archlinux/GNUmakefile \
tmcc/alpine/GNUmakefile \
......
......@@ -305,6 +305,7 @@ outfiles="Makeconf GNUmakefile setversion \
tmcc/ubuntu16/GNUmakefile \
tmcc/ubuntu16-ms/GNUmakefile \
tmcc/ubuntu18/GNUmakefile \
tmcc/ubuntu18-ms/GNUmakefile \
tmcc/linux-ms/GNUmakefile \
tmcc/archlinux/GNUmakefile \
tmcc/alpine/GNUmakefile \
......
......@@ -1701,7 +1701,7 @@ int
event_notification_insert_hmac(event_handle_t handle,
event_notification_t notification)
{
HMAC_CTX ctx;
HMAC_CTX *ctxp;
unsigned char mac[EVP_MAX_MD_SIZE];
unsigned int len = EVP_MAX_MD_SIZE;
......@@ -1720,22 +1720,42 @@ event_notification_insert_hmac(event_handle_t handle,
pubsub_notification_remove(notification->pubsub_notification,
"___elvin_ordered___", &handle->status);
memset(&ctx, 0, sizeof(ctx));
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
ctxp = HMAC_CTX_new();
if (!ctxp) {
ERROR("HMAC_CTX_new failed to alloc ctx\n");
return 1;
}
HMAC_Init_ex(ctxp, handle->keydata, handle->keylen, EVP_sha1(), NULL);
#else
HMAC_CTX ctx;
ctxp = &ctx;
memset(ctxp, 0, sizeof(ctx));
#if (OPENSSL_VERSION_NUMBER < 0x0090703f)
HMAC_Init(&ctx, handle->keydata, handle->keylen, EVP_sha1());
HMAC_Init(ctxp, handle->keydata, handle->keylen, EVP_sha1());
#else
HMAC_CTX_init(&ctx);
HMAC_Init_ex(&ctx, handle->keydata, handle->keylen, EVP_sha1(), NULL);
HMAC_CTX_init(ctxp);
HMAC_Init_ex(ctxp, handle->keydata, handle->keylen, EVP_sha1(), NULL);
#endif
#endif
if (!pubsub_notification_traverse(notification->pubsub_notification,
hmac_traverse,
&ctx, &handle->status)) {
ctxp, &handle->status)) {
ERROR("event_notification_insert_hmac failed: hmac_traverse\n");
HMAC_cleanup(&ctx);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
HMAC_CTX_free(ctxp);
#else
HMAC_cleanup(ctxp);
#endif
return 1;
}
HMAC_Final(&ctx, mac, &len);
HMAC_cleanup(&ctx);
HMAC_Final(ctxp, mac, &len);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
HMAC_CTX_free(ctxp);
#else
HMAC_cleanup(ctxp);
#endif
ctxp = NULL;
if (0) {
hmac_dump("event_notification_insert_hmac", mac, len);
......@@ -1833,7 +1853,10 @@ static int
event_notification_check_hmac(event_handle_t handle,
event_notification_t notification)
{
HMAC_CTX ctx;
#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
HMAC_CTX ctx;
#endif
HMAC_CTX *ctxp = NULL;
unsigned char srcmac[EVP_MAX_MD_SIZE], mac[EVP_MAX_MD_SIZE];
char *pmac;
unsigned int srclen, len = EVP_MAX_MD_SIZE;
......@@ -1842,6 +1865,11 @@ event_notification_check_hmac(event_handle_t handle,
#ifdef ELVIN_COMPAT
struct elvin_hashtable *hashtable;
#endif
#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
ctxp = &ctx;
#endif
if (0)
INFO("event_notification_check_hmac (key): %s\n",
handle->keydata);
......@@ -1900,18 +1928,32 @@ event_notification_check_hmac(event_handle_t handle,
* order, and uses __hmac__ to compare against.
*/
if (! elvin_ordered) {
memset(&ctx, 0, sizeof(ctx));
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
ctxp = HMAC_CTX_new();
if (!ctxp) {
ERROR("HMAC_CTX_new failed to alloc ctx\n");
return 1;
}
HMAC_Init_ex(ctxp, handle->keydata, handle->keylen, EVP_sha1(), NULL);
#else
memset(ctxp, 0, sizeof(ctx));
#if (OPENSSL_VERSION_NUMBER < 0x0090703f)
HMAC_Init(&ctx, handle->keydata, handle->keylen, EVP_sha1());
HMAC_Init(ctxp, handle->keydata, handle->keylen, EVP_sha1());
#else
HMAC_CTX_init(&ctx);
HMAC_Init_ex(&ctx, handle->keydata, handle->keylen,
HMAC_CTX_init(ctxp);
HMAC_Init_ex(ctxp, handle->keydata, handle->keylen,
EVP_sha1(), NULL);
#endif
#endif
hashtable = elvin_hashtable_alloc(0, &handle->status);
if (hashtable == NULL) {
ERROR("event_notification_check_hmac failed: "
"hashtable alloc\n");
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
HMAC_CTX_free(ctxp);
#else
HMAC_cleanup(ctxp);
#endif
return -1;
}
if (!pubsub_notification_traverse(pubsub_notification,
......@@ -1921,18 +1963,32 @@ event_notification_check_hmac(event_handle_t handle,
ERROR("event_notification_check_hmac failed: "
"hmac_fill_hash\n");
elvin_hashtable_free(hashtable);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
HMAC_CTX_free(ctxp);
#else
HMAC_cleanup(ctxp);
#endif
return -1;
}
if (!elvin_hashtable_traverse(hashtable, hmac_traverse,
&ctx, &handle->status)) {
ctxp, &handle->status)) {
ERROR("event_notification_check_hmac failed: "
"notify_traverse\n");
elvin_hashtable_free(hashtable);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
HMAC_CTX_free(ctxp);
#else
HMAC_cleanup(ctxp);
#endif
return -1;
}
elvin_hashtable_free(hashtable);
HMAC_Final(&ctx, mac, &len);
HMAC_cleanup(&ctx);
HMAC_Final(ctxp, mac, &len);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
HMAC_reset(ctxp);
#else
HMAC_cleanup(ctxp);
#endif
if (0) {
hmac_dump("event_notification_check_hmac (elvin)",
......@@ -1945,22 +2001,44 @@ event_notification_check_hmac(event_handle_t handle,
/*
* Do a normal HMAC check.
*/
memset(&ctx, 0, sizeof(ctx));
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
if (!ctxp) {
ctxp = HMAC_CTX_new();
if (!ctxp) {
ERROR("HMAC_CTX_new failed to alloc ctx\n");
return 1;
}
}
else {
HMAC_CTX_reset(ctxp);
}
HMAC_Init_ex(ctxp, handle->keydata, handle->keylen, EVP_sha1(), NULL);
#else
memset(ctxp, 0, sizeof(ctx));
#if (OPENSSL_VERSION_NUMBER < 0x0090703f)
HMAC_Init(&ctx, handle->keydata, handle->keylen, EVP_sha1());
HMAC_Init(ctxp, handle->keydata, handle->keylen, EVP_sha1());
#else
HMAC_CTX_init(&ctx);
HMAC_Init_ex(&ctx, handle->keydata, handle->keylen, EVP_sha1(), NULL);
HMAC_CTX_init(ctxp);
HMAC_Init_ex(ctxp, handle->keydata, handle->keylen, EVP_sha1(), NULL);
#endif
#endif
if (!pubsub_notification_traverse(pubsub_notification,
hmac_traverse,
&ctx, &handle->status)) {
HMAC_cleanup(&ctx);
ctxp, &handle->status)) {
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
HMAC_CTX_free(ctxp);
#else
HMAC_cleanup(ctxp);
#endif
return -1;
}
HMAC_Final(&ctx, mac, &len);
HMAC_cleanup(&ctx);
HMAC_Final(ctxp, mac, &len);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
HMAC_CTX_free(ctxp);
#else
HMAC_cleanup(ctxp);
#endif
if (0) {
hmac_dump("event_notification_check_hmac (plain)", mac, len);
......
......@@ -750,8 +750,12 @@ convpubkey(struct pubkeydata *k)
BN_bin2bn(k->modulus, k->keylength, mod);
BN_bin2bn(k->exponent, k->expsize, exp);
/* set up the RSA public key structure */
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
RSA_set0_key(rsa,mod,exp,NULL);
#else
rsa->n = mod;
rsa->e = exp;
#endif
return rsa;
}
......
......@@ -71,6 +71,8 @@ init_checksum(char *keyfile)
{
char str[1024];
FILE *file;
BIGNUM *n, *e, *dmp1, *dmq1, *iqmp;
n = e = dmp1 = dmq1 = iqmp = NULL;
if (keyfile == NULL || (file = fopen(keyfile, "r")) == NULL) {
fprintf(stderr, "%s: cannot open keyfile\n", keyfile);
......@@ -81,22 +83,33 @@ init_checksum(char *keyfile)
return 0;
}
if (fscanf(file, "%1024s", str) != 1)
goto bad;
BN_hex2bn(&signature_key->n, str);
BN_hex2bn(&n, str);
if (fscanf(file, "%1024s", str) != 1)
goto bad;
BN_hex2bn(&signature_key->e, str);
BN_hex2bn(&e, str);
if (fscanf(file, "%1024s", str) != 1)
goto bad;
BN_hex2bn(&signature_key->dmp1, str);
BN_hex2bn(&dmp1, str);
if (fscanf(file, "%1024s", str) != 1)
goto bad;
BN_hex2bn(&signature_key->dmq1, str);
BN_hex2bn(&dmq1, str);
if (fscanf(file, "%1024s", str) != 1)
goto bad;
BN_hex2bn(&signature_key->iqmp, str);
BN_hex2bn(&iqmp, str);
fclose(file);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
RSA_set0_key(signature_key, n, e, NULL);
RSA_set0_crt_params(signature_key, dmp1, dmq1, iqmp);
#else
signature_key->n = n;
signature_key->e = e;
signature_key->dmp1 = dmp1;
signature_key->dmq1 = dmq1;
signature_key->iqmp = iqmp;
#endif
return 1;
bad:
......
......@@ -1396,21 +1396,29 @@ decrypt_buffer(unsigned char *dest, const unsigned char *source,
int update_count = 0;
int final_count = 0;
int error = 0;
#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
EVP_CIPHER_CTX context;
#endif
EVP_CIPHER_CTX *contextp;
EVP_CIPHER const *ecipher;
EVP_CIPHER_CTX_init(&context);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
contextp = EVP_CIPHER_CTX_new();
#else
contextp = &context;
EVP_CIPHER_CTX_init(contextp);
#endif
ecipher = EVP_bf_cbc();
EVP_DecryptInit(&context, ecipher, NULL, header->enc_iv);
EVP_CIPHER_CTX_set_key_length(&context, ENC_MAX_KEYLEN);
EVP_DecryptInit(&context, NULL, encryption_key, NULL);
EVP_DecryptInit(contextp, ecipher, NULL, header->enc_iv);
EVP_CIPHER_CTX_set_key_length(contextp, ENC_MAX_KEYLEN);
EVP_DecryptInit(contextp, NULL, encryption_key, NULL);
/* decrypt */
EVP_DecryptUpdate(&context, dest, &update_count, source, header->size);
EVP_DecryptUpdate(contextp, dest, &update_count, source, header->size);
/* cleanup */
error = EVP_DecryptFinal(&context, dest + update_count, &final_count);
error = EVP_DecryptFinal(contextp, dest + update_count, &final_count);
if (!error) {
char keystr[ENC_MAX_KEYLEN*2 + 1];
fprintf(stderr, "Padding was incorrect.\n");
......
......@@ -3215,6 +3215,21 @@ output_public_key(char *imagename, RSA *key)
fprintf(stderr, "Cannot create keyfile %s\n", fname);
exit(1);
}
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
const BIGNUM *n = NULL, *e = NULL;
const BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
RSA_get0_key(key,&n,&e,NULL);
BN_print_fp(file, n);
fprintf(file, "\n");
BN_print_fp(file, e);
fprintf(file, "\n");
BN_print_fp(file, dmp1);
fprintf(file, "\n");
BN_print_fp(file, dmq1);
fprintf(file, "\n");
BN_print_fp(file, iqmp);
fprintf(file, "\n");
#else
BN_print_fp(file, key->n);
fprintf(file, "\n");
BN_print_fp(file, key->e);
......@@ -3225,6 +3240,7 @@ output_public_key(char *imagename, RSA *key)
fprintf(file, "\n");
BN_print_fp(file, key->iqmp);
fprintf(file, "\n");
#endif
fclose(file);
fprintf(stderr, "Signing pubkey written to %s\n", fname);
......@@ -3305,7 +3321,12 @@ checksum_finish(blockhdr_t *hdr)
/*
* Encryption functions
*/
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
static EVP_CIPHER_CTX *cipher_ctxp;
#else
static EVP_CIPHER_CTX cipher_ctx;
static EVP_CIPHER_CTX *cipher_ctxp = &cipher_ctx;
#endif
static const EVP_CIPHER *ecipher;
/* XXX: the size of the IV may have to change with different ciphers */
static uint8_t iv[ENC_MAX_KEYLEN];
......@@ -3325,7 +3346,11 @@ encrypt_start(blockhdr_t *hdr)
/*
* Pick our cipher - currently, only Blowfish in CBC mode is supported
*/
EVP_CIPHER_CTX_init(&cipher_ctx);
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
cipher_ctxp = EVP_CIPHER_CTX_new();
#else
EVP_CIPHER_CTX_init(cipher_ctxp);
#endif
ecipher = EVP_bf_cbc();
/*
......@@ -3367,13 +3392,13 @@ encrypt_start(blockhdr_t *hdr)
/*
* Set the cipher and IV
*/
EVP_EncryptInit(&cipher_ctx, ecipher, NULL, iv);
EVP_EncryptInit(cipher_ctxp, ecipher, NULL, iv);
/*
* Bump up the key length and set the key
*/
EVP_CIPHER_CTX_set_key_length(&cipher_ctx, ENC_MAX_KEYLEN);
EVP_EncryptInit(&cipher_ctx, NULL, enc_key, NULL);
EVP_CIPHER_CTX_set_key_length(cipher_ctxp, ENC_MAX_KEYLEN);
EVP_EncryptInit(cipher_ctxp, NULL, enc_key, NULL);
/*
* Copy the IV into the header
......@@ -3393,9 +3418,9 @@ encrypt_chunk(uint8_t *buf, off_t size, off_t maxsize)
int encrypted_this_round = 0;
/* man page says encrypted output could be this large */
assert(size + EVP_CIPHER_CTX_block_size(&cipher_ctx) - 1 <= maxsize);
assert(size + EVP_CIPHER_CTX_block_size(cipher_ctxp) - 1 <= maxsize);
EVP_EncryptUpdate(&cipher_ctx, ebuffer_current, &encrypted_this_round,
EVP_EncryptUpdate(cipher_ctxp, ebuffer_current, &encrypted_this_round,
buf, size);
encrypted_bytes += encrypted_this_round;
ebuffer_current = encryption_buffer + encrypted_bytes;
......@@ -3406,7 +3431,7 @@ encrypt_finish(blockhdr_t *hdr, uint8_t *outbuf, uint32_t *out_size)
{
int encrypted_this_round = 0;
EVP_EncryptFinal(&cipher_ctx, ebuffer_current, &encrypted_this_round);
EVP_EncryptFinal(cipher_ctxp, ebuffer_current, &encrypted_this_round);
encrypted_bytes += encrypted_this_round;
/*
......
......@@ -96,6 +96,9 @@ endif
ifeq ($(MDSUBDIR),redhat9)
MDSUBDIR = linux9
endif
ifeq ($(MDSUBDIR),MoonshotUbuntu18)
MDSUBDIR = ubuntu18-ms
endif
ifeq ($(MDSUBDIR),MoonshotUbuntu16)
MDSUBDIR = ubuntu16-ms
endif
......
......@@ -137,7 +137,9 @@ Linux)
rel=1.0 # XXX probably wrong
fi
if [ "$dist" = "Ubuntu" -a `uname -m` = "aarch64" ]; then
if [ "$rel" = "16.04" ]; then
if [ "$rel" = "18.04" ]; then
tag=MoonshotUbuntu18
elif [ "$rel" = "16.04" ]; then
tag=MoonshotUbuntu16
else
tag=Moonshot
......
setenv bootargs ${bootargs} root=/dev/sda1
#
# Copyright (c) 2000-2018 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
# This file is part of the Emulab network testbed software.
#
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
#
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
# License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this file. If not, see <http://www.gnu.org/licenses/>.
#
# }}}
#
#
# XXX ONLY RUN THIS INSTALL ON AN UBUNTU LINUX TESTBED NODE!
#
# Trivial. These things just need to be installed into the right place
# on a testbed node before cutting an image.
#
#
SRCDIR = @srcdir@
TESTBED_SRCDIR = @top_srcdir@
OBJDIR = @top_builddir@
SUBDIR = $(subst $(TESTBED_SRCDIR)/,,$(SRCDIR))
include $(OBJDIR)/Makeconf
SCRIPTS =
#
# Force dependencies on the scripts so that they will be rerun through
# configure if the .in file is changed.
#
all: supfile ifcfgs
include $(TESTBED_SRCDIR)/GNUmakerules
SYSETCDIR = $(DESTDIR)/etc
ETCDIR = $(DESTDIR)$(CLIENT_ETCDIR)
BINDIR = $(DESTDIR)$(CLIENT_BINDIR)
VARDIR = $(DESTDIR)$(CLIENT_VARDIR)
RCDIR = $(SYSETCDIR)
RRCDIR = /etc
INSTALL = /usr/bin/install -c
COMMON = $(SRCDIR)/../common
DEFRUNLVLDIR ?= $(SYSETCDIR)/rc3.d
install client-install: common-install etc-install \
script-install bin-install sysetc-fixup sysetc-install \
systemd-install
@echo "Remember to install the PEM files if necessary"
simple-install: common-install script-install bin-install
dir-install:
(cd ../ubuntu18; $(MAKE) DESTDIR=$(DESTDIR) RCDIR=$(RCDIR) dir-install)
$(INSTALL) -m 755 -o root -g root -d $(SYSETCDIR)/flash-kernel
$(INSTALL) -m 755 -o root -g root -d $(SYSETCDIR)/flash-kernel/ubootenv.d
common-install: dir-install
(cd ../common; $(MAKE) DESTDIR=$(DESTDIR) local-install)
bin-install: dir-install
(cd ../ubuntu18; $(MAKE) DESTDIR=$(DESTDIR) RCDIR=$(RCDIR) bin-install)
etc-install: dir-install common-sysetc-install
(cd ../ubuntu18; $(MAKE) DESTDIR=$(DESTDIR) RCDIR=$(RCDIR) etc-install)
$(INSTALL) -m 644 $(SRCDIR)/group $(ETCDIR)/group
$(INSTALL) -m 644 $(SRCDIR)/passwd $(ETCDIR)/passwd
$(INSTALL) -m 600 $(SRCDIR)/shadow $(ETCDIR)/shadow
$(INSTALL) -m 600 $(SRCDIR)/gshadow $(ETCDIR)/gshadow
common-sysetc-install: dir-install
(cd ../ubuntu18; $(MAKE) DESTDIR=$(DESTDIR) RCDIR=$(RCDIR) common-sysetc-install)
sysetc-fixup:
(cd ../ubuntu18; $(MAKE) DESTDIR=$(DESTDIR) RCDIR=$(RCDIR) sysetc-fixup)
sysetc-install: dir-install
(cd ../ubuntu18; $(MAKE) DESTDIR=$(DESTDIR) RCDIR=$(RCDIR) sysetc-install)
$(INSTALL) -m 644 $(SRCDIR)/99-emulab $(SYSETCDIR)/flash-kernel/ubootenv.d/99-emulab
systemd-install: dir-install
(cd ../ubuntu18; $(MAKE) DESTDIR=$(DESTDIR) RCDIR=$(RCDIR) systemd-install)
script-install: dir-install $(SCRIPTS)
(cd ../ubuntu18; $(MAKE) DESTDIR=$(DESTDIR) RCDIR=$(RCDIR) script-install)
genirack-install:
sfs-install:
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:syslog
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:
voice:x:22:
cdrom:x:24:
floppy:x:25:
tape:x:26:
sudo:x:27:
audio:x:29:
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:
staff:x:50:
games:x:60:
users:x:100:
nogroup:x:65534:
systemd-journal:x:101:
systemd-timesync:x:102:
systemd-network:x:103:
systemd-resolve:x:104:
input:x:106:
crontab:x:107:
syslog:x:108:
netdev:x:109:
messagebus:x:110:
uuidd:x:111:
mlocate:x:112:
ssh:x:113:
_cvsadmin:x:114:
ntp:x:115:
scanner:x:116:
colord:x:117:
ssl-cert:x:118:
postfix:x:105:
postdrop:x:119:
root:*::
daemon:*::
bin:*::
sys:*::
adm:*::syslog
tty:*::
disk:*::
lp:*::
mail:*::
news:*::
uucp:*::
man:*::