Copyright (c) 2020 The NetBSD Foundation, Inc.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
.Dd April 2, 2020 .Dt GROUPS 7 .Os """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
.Sh NAME .Nm groups .Nd standard group names """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
.Sh DESCRIPTION A standard .Nx installation has the following user group names: These are currently sorted by gid; perhaps they should be sorted
lexicographically by name instead.
l -tag -width ".Em _tcpdump" t Em wheel Users authorized to elevate themselves to the super-user privileges of the root user, meaning uid\~0. Normally the .Em wheel group has gid\~0.
p Users who are not in the group .Em wheel are never allowed by .Xr su 1 to gain root privileges. t Em daemon Used by the set-group-id
q Xr setuid 7
programs
.Xr lpq 1 ,
.Xr lpr 1 ,
and
.Xr lprm 1 .
Unclear why. Maybe used to be used by uucp stuff too, since
/var/spool/lock ownership is uucp:daemon?
t Em sys Historic group.
Unused in modern
.Nx .
t Em tty Used by the set-group-id
q Xr setuid 7 programs .Xr wall 1 and .Xr write 1 to allow users to send messages to another tty even if they don't own it. Static tty device nodes in
a /dev are all in the group .Em tty , and the .Xr mount_ptyfs 8 program passes the gid of the .Em tty group to the kernel so that all nodes in
a /dev/pts or equivalent are in the group too. t Em operator Users authorized to take backups of disk devices and shut down the machine.
p The disk device nodes in
a /dev such as
a /dev/rwd0a are in the group .Em operator and group-readable so users in the group can read from disk devices, for example with .Xr dump 8 . The tape device nodes in
a /dev such as
a /dev/rst0 are in the group .Em operator and are both group-readable and group-writable so users in the group can write to tape devices.
p
The
.Xr shutdown 8
program is executable only by root and members of the
.Em operator
group.
t Em mail Historic group.
Unused in modern
.Nx .
Is this true? Hard to grep for this in src...
t Em bin Historic group.
Unused in modern
.Nx .
t Em wsrc Historic group.
Unused in modern
.Nx .
Actually it seems to be used in the set lists somehow, but it's
unclear to me how what the significance is.
t Em maildrop Used by the set-group-id
q Xr setuid 7 programs .Xr postdrop 1 and .Xr postqueue 1 to submit to and examine the .Xr postfix 1 mail queue at
a /var/spool/postfix/maildrop and
a /var/spool/postfix/public .
t Em postfix Primary group for the
.Em postfix
pseudo-user used by the
.Xr postfix 1
mail transfer agent.
Why are various subdirectories of /var/spool/postfix owned by
postfix:wheel and not postfix:postfix?
t Em games Used by various set-group-id
q Xr setuid 7 games to maintain high-scores files and other common files in
a /var/games .
t Em named Primary group for the
.Em named
pseudo-user used by the
.Xr named 8
DNS nameserver daemon.
t Em ntpd Primary group for the
.Em ntpd
pseudo-user used by the
.Xr ntpd 8
network time protocol daemon.
t Em sshd Primary group for the
.Em sshd
pseudo-user used by the
.Xr sshd 8
secure shell daemon.
t Em _pflogd Primary group for the
.Em _pflogd
pseudo-user used by the
.Xr pflogd 8
log daemon with the
.Xr pf 4
packet filter.
t Em _rwhod Primary group for the
.Em _rwhod
pseudo-user used by the
.Xr rwhod 8
system status daemon.
t Em staff Staff users, in contrast to regular or guest users.
Not used by
.Nx ;
available for the administrator's interpretation.
t Em _proxy Primary group for the
.Em _proxy
pseudo-user used by the
.Xr ftp-proxy 8
and
.Xr tftp-proxy 8
proxy daemons with packet filters such as
.Xr pf 4
or
.Xr ipnat 4 .
t Em _timedc Primary group for the
.Em _timedc
pseudo-user used by the
.Xr timedc 8
tool to communicate with the
.Xr timed 8
time server daemon.
t Em _sdpd Primary group for the
.Em _sdpd
pseudo-user used by the
.Xr sdpd 8
Bluetooth service discovery protocol daemon.
t Em _httpd Primary group for the
.Em _httpd
pseudo-user used by the
.Xr httpd 8 Pq bozohttpd
web server.
t Em _mdnsd Primary group for the
.Em _mdnsd
pseudo-user used by the
.Xr mdnsd 8
multicast DNS and DNS service discovery daemon.
t Em _tests Primary group for the
.Em _tests
pseudo-user used by
.Xr atf 7
automatic tests that request to run unprivileged.
t Em _tcpdump Primary group for the
.Em _tcpdump
pseudo-user used by the
.Xr tcpdump 8
network traffic dumper and analyzer.
t Em _tss Primary group for the
.Em _tss
pseudo-user used by the
.Xr tcsd 8
.Sq Trusted Computing
daemon to manage a TPM.
t Em _gpio Users authorized to read and write GPIO pins; see
.Xr gpio 4
and
.Xr gpioctl 8 .
t Em _dhcpcd Primary group for the
.Em _dhcpcd
pseudo-user used by the
.Xr dhcpcd 8
DHCP Client Daemon.
t Em _rtadvd Primary group for the
.Em _rtadvd
pseudo-user used by the
.Xr rtadvd 8
IPv6 network router advertisement daemon.
t Em guest Guest users, in contrast to staff or regular users.
Not used by
.Nx ;
available for the administrator's interpretation.
t Em _unbound Primary group for the
.Em _unbound
pseudo-user used by the
.Xr unbound 8
recursive DNS resolver.
t Em _nsd Primary group for the
.Em _nsd
pseudo-user used by the
.Xr nsd 8
authoritative DNS nameserver.
t Em nvmm Users authorized to use the
.Xr nvmm 4
.Nx
Virtual Machine Monitor.
t Em nobody Primary group for the traditional
.Em nobody
pseudo-user.
Modern practice is to assign to each different daemon its own separate
pseudo-user account and group so that if one daemon is compromised it
does not compromise all the other daemons.
t Em utmp Group of
.Xr utmp 5
login records.
Why?
t Em authpf Used by the set-group-id
q Xr setuid 7
program
.Xr authpf 8
to configure authenticated gateways.
Does it actually use the sgid bit? It's also suid root...
t Em users Regular users, in contrast to staff or guest users.
p
Default primary group for new users, as set in the default
.Xr usermgmt.conf 5
file.
Some administrators may instead prefer to assign to each user a unique
group with the same name as the user by passing the
.So
.Fl g Cm "=uid"
.Sc
option to
.Xr useradd 8 .
t Em dialer Users authorized to make outgoing modem calls.
Unused in modern
.Nx .
t Em nogroup Pseudo-group.
For...?
.El
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
.Sh SEE ALSO
.Xr users 7
Indexes created Sun Nov 02 07:10:05 GMT 2025