Updated: 2022/Sep/29
Please read Privacy Policy. It's for your privacy.
USERS(7) Miscellaneous Information Manual USERS(7)
NAME
users - standard user account names
DESCRIPTION
A standard NetBSD installation has the following user account names:
root The super-user, uid 0, with the highest administrative
privileges. Normally not used for login directly, only via
su(1) or equivalent by users in the wheel group; see
groups(7).
Secondary groups: guest, kmem, nvmm, operator, staff, sys,
tty.
toor Like root, this is the super-user with uid 0, but with no
secondary group memberships.
Historically, root had a login shell of /bin/csh while toor
had a login shell of /bin/sh. However, today both default
to /bin/sh. This user account name is not used for
anything in NetBSD; it is purely a convenience for actual
users.
daemon Historic user for general daemonic activity.
Owner of /var/msgs; see msgs(1). Used only by rpcbind(8),
with the -s flag.
operator Historic user. Unused in modern NetBSD.
bin Historic user. Unused in modern NetBSD.
games Owner of high-score files and other shared files for games.
postfix Pseudo-user for use by the postfix(1) mail transfer agent.
named Pseudo-user for use by the named(8) DNS nameserver daemon.
ntpd Pseudo-user for use by the ntpd(8) network time protocol
daemon.
sshd Pseudo-user for use by the sshd(8) secure shell daemon.
_pflogd Pseudo-user for use by the pflogd(8) log daemon with the
pf(4) packet filter.
_rwhod Pseudo-user for use by the rwhod(8) system status daemon.
_proxy Pseudo-user for use by the ftp-proxy(8) and tftp-proxy(8)
proxy daemons with packet filters such as pf(4) or
ipnat(4).
_timedc Pseudo-user for use by the timedc(8) tool to communicate
with the timed(8) time server daemon.
_sdpd Pseudo-user for use by the sdpd(8) Bluetooth service
discovery protocol daemon.
_httpd Pseudo-user for use by the httpd(8) (bozohttpd) web server.
_mdnsd Pseudo-user for use by the mdnsd(8) multicast DNS and DNS
service discovery daemon.
_tests Pseudo-user for use by atf(7) automatic tests that request
to run unprivileged. Default value for the
`unprivileged-user' configuration variable; see tests(7).
_tcpdump Pseudo-user for use by the tcpdump(8) network traffic
dumper and analyzer.
_tss Pseudo-user for use by the tcsd(8) `Trusted Computing'
daemon TPM to manage a TPM.
_dhcpcd Pseudo-user for use by the dhcpcd(8) DHCP Client Daemon.
_rtadvd Pseudo-user for use by the rtadvd(8) IPv6 network router
advertisement daemon.
_unbound Pseudo-user for the unbound(8) recursive DNS resolver.
_nsd Pseudo-user for the nsd(8) authoritative DNS nameserver.
uucp Pseudo-user for use by historic UUCP software, available
now in pkgsrc(7).
nobody Traditional pseudo-user used for dropping privileges.
Modern practice is to assign to each different daemon its
own separate pseudo-user account and group so that if one
daemon is compromised it does not compromise all the other
daemons.
All new standard NetBSD pseudo-user account names should begin with an
underscore `_' to distinguish them from accounts that real users might
add, and should have a primary group of the same name; real users should
accordingly avoid such account names.
SEE ALSO
groups(7)
NetBSD 10.99 April 2, 2020 NetBSD 10.99