1 # $NetBSD: special,v 1.130 2009/09/17 11:52:02 tron Exp $
2 # @(#)special 8.2 (Berkeley) 1/23/94
4 # This file may be overwritten on upgrades.
5 # Put your custom specifications in /etc/mtree/special.local instead.
6 # See security.conf(5) for details.
9 # /etc/security checks:
10 # - All of these are checked if $check_mtree is enabled.
11 # - Files with "nodiff" tags are highlighted if they change.
12 # - Files without "nodiff" or "exclude" tags are displayed
13 # with diff(1)s if $check_changelist is enabled.
16 /set uname=root gname=wheel
20 ./boot.cfg type=file mode=0644 optional
22 ./dev type=dir mode=0755
23 ./dev/drum type=char mode=0640 gname=kmem
24 ./dev/fd type=dir mode=0755 ignore
25 ./dev/kmem type=char mode=0640 gname=kmem
26 ./dev/mem type=char mode=0640 gname=kmem
28 ./etc type=dir mode=0755
29 ./etc/Distfile type=file mode=0644 optional
30 ./etc/amd type=dir mode=0755 optional
31 ./etc/apm type=dir mode=0755 optional
32 ./etc/bluetooth type=dir mode=0755
33 ./etc/bluetooth/btattach.conf type=file mode=0644
34 ./etc/bluetooth/btdevctl.conf type=file mode=0644
35 ./etc/bluetooth/hosts type=file mode=0644
36 ./etc/bluetooth/protocols type=file mode=0644
37 ./etc/bootparams type=file mode=0644 optional
38 ./etc/bootptab type=file mode=0644 optional
39 ./etc/ccd.conf type=file mode=0644 optional
40 ./etc/cgd type=dir mode=0700 optional
41 ./etc/cgd/cgd.conf type=file mode=0600 optional
42 ./etc/changelist type=file mode=0644
43 ./etc/crontab type=file mode=0644 optional
44 ./etc/csh.cshrc type=file mode=0644
45 ./etc/csh.login type=file mode=0644
46 ./etc/csh.logout type=file mode=0644
47 ./etc/daily type=file mode=0644
48 ./etc/daily.conf type=file mode=0644
49 ./etc/daily.local type=file mode=0644 optional
50 ./etc/defaultdomain type=file mode=0644 optional
51 ./etc/defaults type=dir mode=0755
52 ./etc/defaults/daily.conf type=file mode=0444
53 ./etc/defaults/monthly.conf type=file mode=0444
54 ./etc/defaults/rc.conf type=file mode=0444
55 ./etc/defaults/security.conf type=file mode=0444
56 ./etc/defaults/weekly.conf type=file mode=0444
57 ./etc/dhclient-enter-hooks type=file mode=0644 optional
58 ./etc/dhclient-exit-hooks type=file mode=0644 optional
59 ./etc/dhclient.conf type=file mode=0644 optional
60 ./etc/dhcpcd.conf type=file mode=0644
61 ./etc/dhcpcd.duid type=file mode=0644 optional
62 ./etc/dhcpcd.hook type=file mode=0644 optional
63 ./etc/dhcpd.conf type=file mode=0644 optional
64 ./etc/disktab type=file mode=0644
65 ./etc/dm.conf type=file mode=0644
66 ./etc/dumpdates type=file mode=0664 gname=operator optional tags=exclude
67 ./etc/envsys.conf type=file mode=0644 optional
68 ./etc/ethers type=file mode=0644 optional
69 ./etc/exports type=file mode=0644 optional
70 ./etc/floppytab type=file mode=0644
71 ./etc/fstab type=file mode=0644
72 ./etc/ftpchroot type=file mode=0644
73 ./etc/ftpd.conf type=file mode=0644 optional
74 ./etc/ftpusers type=file mode=0644
75 ./etc/ftpwelcome type=file mode=0644 optional
76 ./etc/gateways type=file mode=0644 optional
77 ./etc/gettytab type=file mode=0644
78 ./etc/gpio.conf type=file mode=644
79 ./etc/group type=file mode=0644
80 ./etc/hesiod.conf type=file mode=0644 optional
81 ./etc/hosts type=file mode=0644
82 ./etc/hosts.allow type=file mode=0644 optional
83 ./etc/hosts.deny type=file mode=0644 optional
84 ./etc/hosts.equiv type=file mode=0600 optional
85 ./etc/hosts.lpd type=file mode=0644 optional
86 ./etc/ifaliases type=file mode=0644 optional
87 ./etc/inetd.conf type=file mode=0644
88 ./etc/ipf.conf type=file mode=0644 optional
89 ./etc/ipf6.conf type=file mode=0644 optional
90 ./etc/ipnat.conf type=file mode=0644 optional
91 ./etc/ipsec.conf type=file mode=0600 optional tags=nodiff
92 ./etc/iscsi type=dir mode=0755
93 ./etc/iscsi/auths type=file mode=0600
94 ./etc/iscsi/targets type=file mode=0644
95 ./etc/ld.so.conf type=file mode=0644 optional
96 ./etc/localtime type=link mode=0755
97 ./etc/locate.conf type=file mode=0644 optional
98 ./etc/login.conf type=file mode=0644 optional
99 ./etc/mail type=dir mode=0755
100 ./etc/mail/aliases type=file mode=0644
101 ./etc/mail/aliases.db type=file mode=0644 optional tags=exclude
102 ./etc/mail.rc type=file mode=0644
103 ./etc/mailer.conf type=file mode=0644
104 ./etc/man.conf type=file mode=0644
105 ./etc/master.passwd type=file mode=0600 tags=nodiff
106 ./etc/mk.conf type=file mode=0644 optional
107 ./etc/moduli type=file mode=0444
108 ./etc/monthly type=file mode=0644
109 ./etc/monthly.conf type=file mode=0644
110 ./etc/monthly.local type=file mode=0644 optional
111 ./etc/mrouted.conf type=file mode=0644
112 ./etc/mtree type=dir mode=0755
113 ./etc/mtree/special type=file mode=0444
114 ./etc/mtree/special.local type=file mode=0644 optional
115 ./etc/mygate type=file mode=0644 optional
116 ./etc/mygate6 type=file mode=0644 optional
117 ./etc/myname type=file mode=0644 optional
118 ./etc/named.conf type=file mode=0644 optional
119 ./etc/namedb type=dir mode=0755
120 ./etc/netconfig type=file mode=0644
121 ./etc/netgroup type=file mode=0644 optional
122 ./etc/netstart.local type=file mode=0644 optional
123 ./etc/networks type=file mode=0644
124 ./etc/newsyslog.conf type=file mode=0644
125 ./etc/nsswitch.conf type=file mode=0644
126 ./etc/ntp.conf type=file mode=0644 optional
127 ./etc/pam.conf type=file mode=0644 optional
128 ./etc/pam.d type=dir mode=0755
129 ./etc/pam.d/display_manager type=file mode=0644
130 ./etc/pam.d/ftpd type=file mode=0644
131 ./etc/pam.d/gdm type=file mode=0644
132 ./etc/pam.d/imap type=file mode=0644
133 ./etc/pam.d/kde type=file mode=0644
134 ./etc/pam.d/login type=file mode=0644
135 ./etc/pam.d/other type=file mode=0644
136 ./etc/pam.d/passwd type=file mode=0644
137 ./etc/pam.d/pop3 type=file mode=0644
138 ./etc/pam.d/ppp type=file mode=0644
139 ./etc/pam.d/rexecd type=file mode=0644
140 ./etc/pam.d/rsh type=file mode=0644
141 ./etc/pam.d/sshd type=file mode=0644
142 ./etc/pam.d/su type=file mode=0644
143 ./etc/pam.d/system type=file mode=0644
144 ./etc/pam.d/telnetd type=file mode=0644
145 ./etc/pam.d/xdm type=file mode=0644
146 ./etc/pam.d/xserver type=file mode=0644
147 ./etc/passwd type=file mode=0644
148 ./etc/passwd.conf type=file mode=0644 optional
149 ./etc/pf.conf type=file mode=0644
150 ./etc/pf.os type=file mode=0444
151 ./etc/phones type=file mode=0644
152 ./etc/postfix type=dir mode=0755 optional
153 ./etc/postfix/main.cf type=file mode=0644 optional
154 ./etc/postfix/master.cf type=file mode=0644 optional
155 ./etc/powerd type=dir mode=0755 optional
156 ./etc/powerd/scripts type=dir mode=0755 optional
157 ./etc/powerd/scripts/acadapter type=file mode=0555 optional
158 ./etc/powerd/scripts/hotkey_button type=file mode=0555 optional
159 ./etc/powerd/scripts/lid_switch type=file mode=0555 optional
160 ./etc/powerd/scripts/power_button type=file mode=0555 optional
161 ./etc/powerd/scripts/reset_button type=file mode=0555 optional
162 ./etc/powerd/scripts/sensor_battery type=file mode=0555 optional
163 ./etc/powerd/scripts/sensor_drive type=file mode=0555 optional
164 ./etc/powerd/scripts/sensor_fan type=file mode=0555 optional
165 ./etc/powerd/scripts/sensor_indicator type=file mode=0555 optional
166 ./etc/powerd/scripts/sensor_power type=file mode=0555 optional
167 ./etc/powerd/scripts/sensor_resistance type=file mode=0555 optional
168 ./etc/powerd/scripts/sensor_temperature type=file mode=0555 optional
169 ./etc/powerd/scripts/sensor_voltage type=file mode=0555 optional
170 ./etc/powerd/scripts/sleep_button type=file mode=0555 optional
171 ./etc/ppp type=dir mode=0755 optional
172 ./etc/ppp/options type=file mode=0644 optional
173 ./etc/printcap type=file mode=0644
174 ./etc/profile type=file mode=0644
175 ./etc/protocols type=file mode=0644
176 ./etc/rbootd.conf type=file mode=0644 optional
177 ./etc/rc type=file mode=0644
178 ./etc/rc.conf type=file mode=0644
179 ./etc/rc.d type=dir mode=0755
180 ./etc/rc.d/DAEMON type=file mode=0555
181 ./etc/rc.d/DISKS type=file mode=0555
182 ./etc/rc.d/LOGIN type=file mode=0555
183 ./etc/rc.d/NETWORKING type=file mode=0555
184 ./etc/rc.d/SERVERS type=file mode=0555
185 ./etc/rc.d/accounting type=file mode=0555
186 ./etc/rc.d/altqd type=file mode=0555
187 ./etc/rc.d/amd type=file mode=0555
188 ./etc/rc.d/apmd type=file mode=0555
189 ./etc/rc.d/bootconf.sh type=file mode=0555
190 ./etc/rc.d/bootparams type=file mode=0555
191 ./etc/rc.d/btattach type=file mode=0555
192 ./etc/rc.d/btconfig type=file mode=0555
193 ./etc/rc.d/btdevctl type=file mode=0555
194 ./etc/rc.d/bthcid type=file mode=0555
195 ./etc/rc.d/ccd type=file mode=0555
196 ./etc/rc.d/cgd type=file mode=0555
197 ./etc/rc.d/cleartmp type=file mode=0555
198 ./etc/rc.d/cron type=file mode=0555
199 ./etc/rc.d/dhclient type=file mode=0555
200 ./etc/rc.d/dhcpd type=file mode=0555
201 ./etc/rc.d/dhcrelay type=file mode=0555
202 ./etc/rc.d/dmesg type=file mode=0555
203 ./etc/rc.d/downinterfaces type=file mode=0555
204 ./etc/rc.d/envsys type=file mode=0555
205 ./etc/rc.d/fsck type=file mode=0555
206 ./etc/rc.d/fsck_root type=file mode=0555
207 ./etc/rc.d/ftp_proxy type=file mode=0555
208 ./etc/rc.d/ftpd type=file mode=0555
209 ./etc/rc.d/gpio type=file mode=0555
210 ./etc/rc.d/hostapd type=file mode=0555
211 ./etc/rc.d/httpd type=file mode=0555
212 ./etc/rc.d/identd type=file mode=0555
213 ./etc/rc.d/ifwatchd type=file mode=0555
214 ./etc/rc.d/inetd type=file mode=0555
215 ./etc/rc.d/ipfilter type=file mode=0555
216 ./etc/rc.d/ipfs type=file mode=0555
217 ./etc/rc.d/ipmon type=file mode=0555
218 ./etc/rc.d/ipnat type=file mode=0555
219 ./etc/rc.d/ipsec type=file mode=0555
220 ./etc/rc.d/irdaattach type=file mode=0555
221 ./etc/rc.d/iscsi_target type=file mode=0555
222 ./etc/rc.d/isdnd type=file mode=0555
223 ./etc/rc.d/kdc type=file mode=0555
224 ./etc/rc.d/ldconfig type=file mode=0555
225 ./etc/rc.d/local type=file mode=0555
226 ./etc/rc.d/lpd type=file mode=0555
227 ./etc/rc.d/lvm type=file mode=0555
228 ./etc/rc.d/mixerctl type=file mode=0555
229 ./etc/rc.d/mopd type=file mode=0555
230 ./etc/rc.d/motd type=file mode=0555
231 ./etc/rc.d/mountall type=file mode=0555
232 ./etc/rc.d/mountcritlocal type=file mode=0555
233 ./etc/rc.d/mountcritremote type=file mode=0555
234 ./etc/rc.d/mountd type=file mode=0555
235 ./etc/rc.d/moused type=file mode=0555
236 ./etc/rc.d/mrouted type=file mode=0555
237 ./etc/rc.d/named type=file mode=0555
238 ./etc/rc.d/ndbootd type=file mode=0555
239 ./etc/rc.d/network type=file mode=0555
240 ./etc/rc.d/newsyslog type=file mode=0555
241 ./etc/rc.d/nfsd type=file mode=0555
242 ./etc/rc.d/nfslocking type=file mode=0555
243 ./etc/rc.d/ntpd type=file mode=0555
244 ./etc/rc.d/ntpdate type=file mode=0555
245 ./etc/rc.d/perusertmp type=file mode=0555
246 ./etc/rc.d/pf type=file mode=0555
247 ./etc/rc.d/pf_boot type=file mode=0555
248 ./etc/rc.d/pflogd type=file mode=0555
249 ./etc/rc.d/postfix type=file mode=0555
250 ./etc/rc.d/powerd type=file mode=0555
251 ./etc/rc.d/ppp type=file mode=0555
252 ./etc/rc.d/pwcheck type=file mode=0555
253 ./etc/rc.d/quota type=file mode=0555
254 ./etc/rc.d/racoon type=file mode=0555
255 ./etc/rc.d/raidframe type=file mode=0555
256 ./etc/rc.d/raidframeparity type=file mode=0555
257 ./etc/rc.d/rarpd type=file mode=0555
258 ./etc/rc.d/rbootd type=file mode=0555
259 ./etc/rc.d/rndctl type=file mode=0555
260 ./etc/rc.d/root type=file mode=0555
261 ./etc/rc.d/route6d type=file mode=0555
262 ./etc/rc.d/routed type=file mode=0555
263 ./etc/rc.d/rpcbind type=file mode=0555
264 ./etc/rc.d/rtadvd type=file mode=0555
265 ./etc/rc.d/rtclocaltime type=file mode=0555
266 ./etc/rc.d/rtsold type=file mode=0555
267 ./etc/rc.d/rwho type=file mode=0555
268 ./etc/rc.d/savecore type=file mode=0555
269 ./etc/rc.d/screenblank type=file mode=0555
270 ./etc/rc.d/sdpd type=file mode=0555
271 ./etc/rc.d/securelevel type=file mode=0555
272 ./etc/rc.d/sshd type=file mode=0555
273 ./etc/rc.d/staticroute type=file mode=0555
274 ./etc/rc.d/swap1 type=file mode=0555
275 ./etc/rc.d/swap2 type=file mode=0555
276 ./etc/rc.d/sysctl type=file mode=0555
277 ./etc/rc.d/sysdb type=file mode=0555
278 ./etc/rc.d/syslogd type=file mode=0555
279 ./etc/rc.d/timed type=file mode=0555
280 ./etc/rc.d/tpctl type=file mode=0555
281 ./etc/rc.d/ttys type=file mode=0555
282 ./etc/rc.d/veriexec type=file mode=0555
283 ./etc/rc.d/virecover type=file mode=0555
284 ./etc/rc.d/wdogctl type=file mode=0555
285 ./etc/rc.d/wpa_supplicant type=file mode=0555
286 ./etc/rc.d/wscons type=file mode=0555
287 ./etc/rc.d/wsmoused type=file mode=0555
288 ./etc/rc.d/xdm type=file mode=0555
289 ./etc/rc.d/xfs type=file mode=0555
290 ./etc/rc.d/ypbind type=file mode=0555
291 ./etc/rc.d/yppasswdd type=file mode=0555
292 ./etc/rc.d/ypserv type=file mode=0555
293 ./etc/rc.local type=file mode=0644 optional
294 ./etc/rc.shutdown type=file mode=0644
295 ./etc/rc.shutdown.local type=file mode=0644 optional
296 ./etc/rc.subr type=file mode=0644
297 ./etc/remote type=file mode=0644
298 ./etc/resolv.conf type=file mode=0644 optional
299 ./etc/rpc type=file mode=0644
300 ./etc/rtadvd.conf type=file mode=0644 optional
301 ./etc/security type=file mode=0644
302 ./etc/security.conf type=file mode=0644
303 ./etc/security.local type=file mode=0644 optional
304 ./etc/services type=file mode=0644
305 ./etc/shells type=file mode=0644
306 ./etc/shosts.equiv type=file mode=0600 optional
307 ./etc/skel type=dir mode=0755 optional
308 ./etc/spwd.db type=file mode=0600 tags=exclude
309 ./etc/ssh type=dir mode=0755 optional
310 ./etc/ssh/ssh_config type=file mode=0644 optional
311 ./etc/ssh/ssh_host_dsa_key type=file mode=0600 optional tags=nodiff
312 ./etc/ssh/ssh_host_dsa_key.pub type=file mode=0644 optional
313 ./etc/ssh/ssh_host_key type=file mode=0600 optional tags=nodiff
314 ./etc/ssh/ssh_host_key.pub type=file mode=0644 optional
315 ./etc/ssh/ssh_host_rsa_key type=file mode=0600 optional tags=nodiff
316 ./etc/ssh/ssh_host_rsa_key.pub type=file mode=0644 optional
317 ./etc/ssh/ssh_known_hosts type=file mode=0644 optional
318 ./etc/ssh/ssh_known_hosts2 type=file mode=0644 optional
319 ./etc/ssh/sshd_config type=file mode=0644 optional
320 ./etc/sysctl.conf type=file mode=0644
321 ./etc/syslog.conf type=file mode=0644
322 ./etc/ttyaction type=file mode=0644 optional
323 ./etc/ttys type=file mode=0644
324 ./etc/usermgmt.conf type=file mode=0644 optional
325 ./etc/weekly type=file mode=0644
326 ./etc/weekly.conf type=file mode=0644
327 ./etc/weekly.local type=file mode=0644 optional
328 ./etc/wscons.conf type=file mode=0644
330 ./etc/racoon type=dir mode=0755 optional
331 ./etc/racoon/racoon.conf type=file mode=0644 optional
332 ./etc/racoon/psk.txt type=file mode=0600 optional tags=nodiff
334 ./private type=dir mode=0755 optional
335 ./private/tmp type=dir mode=0111 optional ignore
337 ./root type=dir mode=0755
338 ./root/.cshrc type=file mode=0644
339 ./root/.klogin type=file mode=0600 optional
340 ./root/.login type=file mode=0644
341 ./root/.profile type=file mode=0644
342 ./root/.rhosts type=file mode=0600 optional
343 ./root/.shosts type=file mode=0600 optional
344 ./root/.ssh type=dir mode=0700 optional
345 ./root/.ssh/authorized_keys type=file mode=0600 optional
346 ./root/.ssh/authorized_keys2 type=file mode=0600 optional
347 ./root/.ssh/config type=file mode=0644 optional
348 ./root/.ssh/id_dsa type=file mode=0600 optional tags=nodiff
349 ./root/.ssh/id_dsa.pub type=file mode=0644 optional
350 ./root/.ssh/id_rsa type=file mode=0600 optional tags=nodiff
351 ./root/.ssh/id_rsa.pub type=file mode=0644 optional
352 ./root/.ssh/identity type=file mode=0600 optional tags=nodiff
353 ./root/.ssh/identity.pub type=file mode=0644 optional
354 ./root/.ssh/known_hosts type=file mode=0644 optional
355 ./root/.ssh/known_hosts2 type=file mode=0644 optional
357 ./sbin type=dir mode=0755 ignore
359 ./usr type=dir mode=0755
360 ./usr/bin type=dir mode=0755 ignore
361 ./usr/games type=dir mode=0755 optional
362 ./usr/games/hide type=dir mode=0750 gname=games ignore optional
363 ./usr/include type=dir mode=0755 ignore
364 ./usr/lib type=dir mode=0755 ignore
365 ./usr/libdata type=dir mode=0755 ignore
366 ./usr/libexec type=dir mode=0755 ignore
367 ./usr/pkg type=dir mode=0755 ignore optional
368 ./usr/sbin type=dir mode=0755 ignore
369 ./usr/share type=dir mode=0755 ignore
371 ./var type=dir mode=0755
372 ./var/account type=dir mode=0755
373 ./var/account/acct type=file mode=0644 optional tags=exclude
374 ./var/at type=dir mode=0755 ignore
375 ./var/backups type=dir mode=0755 ignore
376 ./var/chroot type=dir mode=0755
377 ./var/chroot/ftp-proxy type=dir mode=0755
378 ./var/chroot/named type=dir mode=0755
379 ./var/chroot/named/dev type=dir mode=0755
380 ./var/chroot/named/etc type=dir mode=0755
381 ./var/chroot/named/etc/namedb type=dir mode=0755
382 ./var/chroot/named/etc/namedb/cache type=dir mode=0775 uname=named gname=named
383 ./var/chroot/named/usr type=dir mode=0755
384 ./var/chroot/named/usr/libexec type=dir mode=0755
385 ./var/chroot/named/var type=dir mode=0755
386 ./var/chroot/named/var/run type=dir mode=0775 gname=named
387 ./var/chroot/named/var/tmp type=dir mode=01775 gname=named
388 ./var/chroot/ntpd type=dir mode=0755
389 ./var/chroot/ntpd/dev type=dir mode=0755
390 ./var/chroot/ntpd/var type=dir mode=0755
391 ./var/chroot/ntpd/var/db type=dir mode=0775 gname=ntpd
392 ./var/chroot/ntpd/var/run type=dir mode=0775 gname=ntpd
393 ./var/chroot/pflogd type=dir mode=0755
394 ./var/chroot/sshd type=dir mode=0755
395 ./var/chroot/tftp-proxy type=dir mode=0755
396 ./var/cron type=dir mode=0755
397 ./var/cron/tabs type=dir mode=0700
398 ./var/cron/tabs/root type=file mode=0600
399 ./var/db type=dir mode=0755
400 ./var/log type=dir mode=0755
401 ./var/log/authlog type=file mode=0600 optional tags=exclude
402 ./var/log/lastlog type=file mode=0664 gname=utmp tags=exclude
403 ./var/log/lastlogx type=file mode=0664 gname=utmp tags=exclude
404 ./var/log/wtmp type=file mode=0664 gname=utmp tags=exclude
405 ./var/log/wtmpx type=file mode=0664 gname=utmp tags=exclude
406 ./var/mail type=dir mode=1777 ignore
407 ./var/preserve type=dir mode=0755 ignore
408 ./var/run type=dir mode=0755
409 ./var/run/mdnsd type=dir mode=0755 optional
410 ./var/run/utmp type=file mode=0664 gname=utmp tags=exclude
411 ./var/run/utmpx type=file mode=0664 gname=utmp tags=exclude
412 ./var/spool type=dir mode=0755
413 ./var/spool/ftp type=dir mode=0755 optional
414 ./var/spool/ftp/bin type=dir mode=0755 optional
415 ./var/spool/ftp/bin/ls type=file mode=0555 optional
416 ./var/spool/ftp/etc type=dir mode=0755 optional
417 ./var/spool/ftp/etc/group type=file mode=0644 optional
418 ./var/spool/ftp/etc/localtime type=file mode=0644 optional
419 ./var/spool/ftp/etc/master.passwd type=file mode=0600 optional
420 ./var/spool/ftp/etc/passwd type=file mode=0644 optional
421 ./var/spool/ftp/hidden type=dir mode=0111 ignore optional
422 ./var/spool/ftp/pub type=dir mode=0775 ignore optional
423 ./var/spool/output type=dir mode=0755 ignore
424 ./var/yp type=dir mode=0755
425 ./var/yp/Makefile type=file mode=0644 optional