Updated: 2020/Jul/29


GROUPS(7)              Miscellaneous Information Manual              GROUPS(7)

NAME
     groups - standard group names

DESCRIPTION
     A standard NetBSD installation has the following user group names:

     wheel         Users authorized to elevate themselves to the super-user
                   privileges of the root user, meaning uid 0.  Normally the
                   wheel group has gid 0.

                   Users who are not in the group wheel are never allowed by
                   su(1) to gain root privileges.

     daemon        Used by the set-group-id (setuid(7)) programs lpq(1),
                   lpr(1), and lprm(1).

     sys           Historic group.  Unused in modern NetBSD.

     tty           Used by the set-group-id (setuid(7)) programs wall(1) and
                   write(1) to allow users to send messages to another tty
                   even if they don't own it.  Static tty device nodes in /dev
                   are all in the group tty, and the mount_ptyfs(8) program
                   passes the gid of the tty group to the kernel so that all
                   nodes in /dev/pts or equivalent are in the group too.

     operator      Users authorized to take backups of disk devices and shut
                   down the machine.

                   The disk device nodes in /dev such as /dev/rwd0a are in the
                   group operator and group-readable so users in the group can
                   read from disk devices, for example with dump(8).  The tape
                   device nodes in /dev such as /dev/rst0 are in the group
                   operator and are both group-readable and group-writable so
                   users in the group can write to tape devices.

                   The shutdown(8) program is executable only by root and
                   members of the operator group.

     mail          Historic group.  Unused in modern NetBSD.

     bin           Historic group.  Unused in modern NetBSD.

     wsrc          Historic group.  Unused in modern NetBSD.

     maildrop      Used by the set-group-id (setuid(7)) programs postdrop(1)
                   and postqueue(1) to submit to and examine the postfix(1)
                   mail queue at /var/spool/postfix/maildrop and
                   /var/spool/postfix/public.

     postfix       Primary group for the postfix pseudo-user used by the
                   postfix(1) mail transfer agent.

     games         Used by various set-group-id (setuid(7)) games to maintain
                   high-scores files and other common files in /var/games.

     named         Primary group for the named pseudo-user used by the
                   named(8) DNS nameserver daemon.

     ntpd          Primary group for the ntpd pseudo-user used by the ntpd(8)
                   network time protocol daemon.

     sshd          Primary group for the sshd pseudo-user used by the sshd(8)
                   secure shell daemon.

     _pflogd       Primary group for the _pflogd pseudo-user used by the
                   pflogd(8) log daemon with the pf(4) packet filter.

     _rwhod        Primary group for the _rwhod pseudo-user used by the
                   rwhod(8) system status daemon.

     staff         Staff users, in contrast to regular or guest users.  Not
                   used by NetBSD; available for the administrator's
                   interpretation.

     _proxy        Primary group for the _proxy pseudo-user used by the
                   ftp-proxy(8) and tftp-proxy(8) proxy daemons with packet
                   filters such as pf(4) or ipnat(4).

     _timedc       Primary group for the _timedc pseudo-user used by the
                   timedc(8) tool to communicate with the timed(8) time server
                   daemon.

     _sdpd         Primary group for the _sdpd pseudo-user used by the sdpd(8)
                   Bluetooth service discovery protocol daemon.

     _httpd        Primary group for the _httpd pseudo-user used by the
                   httpd(8) (bozohttpd) web server.

     _mdnsd        Primary group for the _mdnsd pseudo-user used by the
                   mdnsd(8) multicast DNS and DNS service discovery daemon.

     _tests        Primary group for the _tests pseudo-user used by atf(7)
                   automatic tests that request to run unprivileged.

     _tcpdump      Primary group for the _tcpdump pseudo-user used by the
                   tcpdump(8) network traffic dumper and analyzer.

     _tss          Primary group for the _tss pseudo-user used by the tcsd(8)
                   `Trusted Computing' daemon to manage a TPM.

     _gpio         Users authorized to read and write GPIO pins; see gpio(4)
                   and gpioctl(8).

     _dhcpcd       Primary group for the _dhcpcd pseudo-user used by the
                   dhcpcd(8) DHCP Client Daemon.

     _rtadvd       Primary group for the _rtadvd pseudo-user used by the
                   rtadvd(8) IPv6 network router advertisement daemon.

     guest         Guest users, in contrast to staff or regular users.  Not
                   used by NetBSD; available for the administrator's
                   interpretation.

     _unbound      Primary group for the _unbound pseudo-user used by the
                   unbound(8) recursive DNS resolver.

     _nsd          Primary group for the _nsd pseudo-user used by the nsd(8)
                   authoritative DNS nameserver.

     nvmm          Users authorized to use the nvmm(4) NetBSD Virtual Machine
                   Monitor.

     nobody        Primary group for the traditional nobody pseudo-user.
                   Modern practice is to assign to each different daemon its
                   own separate pseudo-user account and group so that if one
                   daemon is compromised it does not compromise all the other
                   daemons.

     utmp          Group of utmp(5) login records.

     authpf        Used by the set-group-id (setuid(7)) program authpf(8) to
                   configure authenticated gateways.

     users         Regular users, in contrast to staff or guest users.

                   Default primary group for new users, as set in the default
                   usermgmt.conf(5) file.  Some administrators may instead
                   prefer to assign to each user a unique group with the same
                   name as the user by passing the `-g =uid' option to
                   useradd(8).

     dialer        Users authorized to make outgoing modem calls.  Unused in
                   modern NetBSD.

     nogroup       Pseudo-group.

SEE ALSO
     users(7)

NetBSD 9.99                      April 2, 2020                     NetBSD 9.99