Updated: 2025/Nov/16
Please read Privacy Policy. It's for your privacy.
GROUPS(7) Miscellaneous Information Manual GROUPS(7)
NAME
groups - standard group names
DESCRIPTION
A standard NetBSD installation has the following user group names:
wheel Users authorized to elevate themselves to the super-user
privileges of the root user, meaning uid 0. Normally the
wheel group has gid 0.
Users who are not in the group wheel are never allowed by
su(1) to gain root privileges.
daemon Used by the set-group-id (setuid(7)) programs lpq(1),
lpr(1), and lprm(1).
sys Historic group. Unused in modern NetBSD.
tty Used by the set-group-id (setuid(7)) programs wall(1) and
write(1) to allow users to send messages to another tty
even if they don't own it. Static tty device nodes in /dev
are all in the group tty, and the mount_ptyfs(8) program
passes the gid of the tty group to the kernel so that all
nodes in /dev/pts or equivalent are in the group too.
operator Users authorized to take backups of disk devices and shut
down the machine.
The disk device nodes in /dev such as /dev/rwd0a are in the
group operator and group-readable so users in the group can
read from disk devices, for example with dump(8). The tape
device nodes in /dev such as /dev/rst0 are in the group
operator and are both group-readable and group-writable so
users in the group can write to tape devices.
The shutdown(8) program is executable only by root and
members of the operator group.
mail Historic group. Unused in modern NetBSD.
bin Historic group. Unused in modern NetBSD.
wsrc Historic group. Unused in modern NetBSD.
maildrop Used by the set-group-id (setuid(7)) programs postdrop(1)
and postqueue(1) to submit to and examine the postfix(1)
mail queue at /var/spool/postfix/maildrop and
/var/spool/postfix/public.
postfix Primary group for the postfix pseudo-user used by the
postfix(1) mail transfer agent.
games Used by various set-group-id (setuid(7)) games to maintain
high-scores files and other common files in /var/games.
named Primary group for the named pseudo-user used by the
named(8) DNS nameserver daemon.
ntpd Primary group for the ntpd pseudo-user used by the ntpd(8)
network time protocol daemon.
sshd Primary group for the sshd pseudo-user used by the sshd(8)
secure shell daemon.
_pflogd Primary group for the _pflogd pseudo-user used by the
pflogd(8) log daemon with the pf(4) packet filter.
_rwhod Primary group for the _rwhod pseudo-user used by the
rwhod(8) system status daemon.
staff Staff users, in contrast to regular or guest users. Not
used by NetBSD; available for the administrator's
interpretation.
_proxy Primary group for the _proxy pseudo-user used by the
ftp-proxy(8) and tftp-proxy(8) proxy daemons with packet
filters such as pf(4) or ipnat(4).
_timedc Primary group for the _timedc pseudo-user used by the
timedc(8) tool to communicate with the timed(8) time server
daemon.
_sdpd Primary group for the _sdpd pseudo-user used by the sdpd(8)
Bluetooth service discovery protocol daemon.
_httpd Primary group for the _httpd pseudo-user used by the
httpd(8) (bozohttpd) web server.
_mdnsd Primary group for the _mdnsd pseudo-user used by the
mdnsd(8) multicast DNS and DNS service discovery daemon.
_tests Primary group for the _tests pseudo-user used by atf(7)
automatic tests that request to run unprivileged.
_tcpdump Primary group for the _tcpdump pseudo-user used by the
tcpdump(8) network traffic dumper and analyzer.
_tss Primary group for the _tss pseudo-user used by the tcsd(8)
`Trusted Computing' daemon to manage a TPM.
_gpio Users authorized to read and write GPIO pins; see gpio(4)
and gpioctl(8).
_dhcpcd Primary group for the _dhcpcd pseudo-user used by the
dhcpcd(8) DHCP Client Daemon.
_rtadvd Primary group for the _rtadvd pseudo-user used by the
rtadvd(8) IPv6 network router advertisement daemon.
guest Guest users, in contrast to staff or regular users. Not
used by NetBSD; available for the administrator's
interpretation.
_unbound Primary group for the _unbound pseudo-user used by the
unbound(8) recursive DNS resolver.
_nsd Primary group for the _nsd pseudo-user used by the nsd(8)
authoritative DNS nameserver.
nvmm Users authorized to use the nvmm(4) NetBSD Virtual Machine
Monitor.
nobody Primary group for the traditional nobody pseudo-user.
Modern practice is to assign to each different daemon its
own separate pseudo-user account and group so that if one
daemon is compromised it does not compromise all the other
daemons.
utmp Group of utmp(5) login records.
authpf Used by the set-group-id (setuid(7)) program authpf(8) to
configure authenticated gateways.
users Regular users, in contrast to staff or guest users.
Default primary group for new users, as set in the default
usermgmt.conf(5) file. Some administrators may instead
prefer to assign to each user a unique group with the same
name as the user by passing the `-g =uid' option to
useradd(8).
dialer Users authorized to make outgoing modem calls. Unused in
modern NetBSD.
nogroup Pseudo-group.
SEE ALSO
users(7)
NetBSD 11.99 April 2, 2020 NetBSD 11.99