Updated: 2020/Jul/29


USERS(7)               Miscellaneous Information Manual               USERS(7)

NAME
     users - standard user account names

DESCRIPTION
     A standard NetBSD installation has the following user account names:

     root          The super-user, uid 0, with the highest administrative
                   privileges.  Normally not used for login directly, only via
                   su(1) or equivalent by users in the wheel group; see
                   groups(7).

                   Secondary groups: guest, kmem, nvmm, operator, staff, sys,
                   tty.

     toor          Like root, this is the super-user with uid 0, but with no
                   secondary group memberships.

                   Historically, root had a login shell of /bin/csh while toor
                   had a login shell of /bin/sh.  However, today both default
                   to /bin/sh.  This user account name is not used for
                   anything in NetBSD; it is purely a convenience for actual
                   users.

     daemon        Historic user for general daemonic activity.

                   Owner of /var/msgs; see msgs(1).  Used only by rpcbind(8),
                   with the -s flag.

     operator      Historic user.  Unused in modern NetBSD.

     bin           Historic user.  Unused in modern NetBSD.

     games         Owner of high-score files and other shared files for games.

     postfix       Pseudo-user for use by the postfix(1) mail transfer agent.

     named         Pseudo-user for use by the named(8) DNS nameserver daemon.

     ntpd          Pseudo-user for use by the ntpd(8) network time protocol
                   daemon.

     sshd          Pseudo-user for use by the sshd(8) secure shell daemon.

     _pflogd       Pseudo-user for use by the pflogd(8) log daemon with the
                   pf(4) packet filter.

     _rwhod        Pseudo-user for use by the rwhod(8) system status daemon.

     _proxy        Pseudo-user for use by the ftp-proxy(8) and tftp-proxy(8)
                   proxy daemons with packet filters such as pf(4) or
                   ipnat(4).

     _timedc       Pseudo-user for use by the timedc(8) tool to communicate
                   with the timed(8) time server daemon.

     _sdpd         Pseudo-user for use by the sdpd(8) Bluetooth service
                   discovery protocol daemon.

     _httpd        Pseudo-user for use by the httpd(8) (bozohttpd) web server.

     _mdnsd        Pseudo-user for use by the mdnsd(8) multicast DNS and DNS
                   service discovery daemon.

     _tests        Pseudo-user for use by atf(7) automatic tests that request
                   to run unprivileged.  Default value for the
                   `unprivileged-user' configuration variable; see tests(7).

     _tcpdump      Pseudo-user for use by the tcpdump(8) network traffic
                   dumper and analyzer.

     _tss          Pseudo-user for use by the tcsd(8) `Trusted Computing'
                   daemon TPM to manage a TPM.

     _dhcpcd       Pseudo-user for use by the dhcpcd(8) DHCP Client Daemon.

     _rtadvd       Pseudo-user for use by the rtadvd(8) IPv6 network router
                   advertisement daemon.

     _unbound      Pseudo-user for the unbound(8) recursive DNS resolver.

     _nsd          Pseudo-user for the nsd(8) authoritative DNS nameserver.

     uucp          Pseudo-user for use by historic UUCP software, available
                   now in pkgsrc(7).

     nobody        Traditional pseudo-user used for dropping privileges.
                   Modern practice is to assign to each different daemon its
                   own separate pseudo-user account and group so that if one
                   daemon is compromised it does not compromise all the other
                   daemons.

     All new standard NetBSD pseudo-user account names should begin with an
     underscore `_' to distinguish them from accounts that real users might
     add, and should have a primary group of the same name; real users should
     accordingly avoid such account names.

SEE ALSO
     groups(7)

NetBSD 9.99                      April 2, 2020                     NetBSD 9.99