groups
— standard
group names
A standard NetBSD installation has the
following user group names:
- wheel
- Users authorized to elevate themselves to the super-user privileges of the
root user, meaning uid 0. Normally the wheel
group has gid 0.
Users who are not in the group wheel are
never allowed by su(1) to gain
root privileges.
- daemon
- Used by the set-group-id
(setuid(7)) programs
lpq(1),
lpr(1), and
lprm(1).
- sys
- Historic group. Unused in modern NetBSD.
- tty
- Used by the set-group-id
(setuid(7)) programs
wall(1) and
write(1) to allow users to
send messages to another tty even if they don't own it. Static tty device
nodes in /dev are all in the group
tty, and the
mount_ptyfs(8) program
passes the gid of the tty group to the kernel so that
all nodes in /dev/pts or equivalent are in the
group too.
- operator
- Users authorized to take backups of disk devices and shut down the
machine.
The disk device nodes in /dev such as
/dev/rwd0a are in the group
operator and group-readable so users in the group can
read from disk devices, for example with
dump(8). The tape device
nodes in /dev such as
/dev/rst0 are in the group
operator and are both group-readable and
group-writable so users in the group can write to tape devices.
The
shutdown(8) program is
executable only by root and members of the operator
group.
- mail
- Historic group. Unused in modern NetBSD.
- bin
- Historic group. Unused in modern NetBSD.
- wsrc
- Historic group. Unused in modern NetBSD.
- maildrop
- Used by the set-group-id
(setuid(7)) programs
postdrop(1) and
postqueue(1) to submit to
and examine the postfix(1)
mail queue at /var/spool/postfix/maildrop and
/var/spool/postfix/public.
- postfix
- Primary group for the postfix pseudo-user used by the
postfix(1) mail transfer
agent.
- games
- Used by various set-group-id
(setuid(7)) games to
maintain high-scores files and other common files in
/var/games.
- named
- Primary group for the named pseudo-user used by the
named(8) DNS nameserver
daemon.
- ntpd
- Primary group for the ntpd pseudo-user used by the
ntpd(8) network time protocol
daemon.
- sshd
- Primary group for the sshd pseudo-user used by the
sshd(8) secure shell
daemon.
- _pflogd
- Primary group for the _pflogd pseudo-user used by the
pflogd(8) log daemon with
the pf(4) packet filter.
- _rwhod
- Primary group for the _rwhod pseudo-user used by the
rwhod(8) system status
daemon.
- staff
- Staff users, in contrast to regular or guest users. Not used by
NetBSD; available for the administrator's
interpretation.
- _proxy
- Primary group for the _proxy pseudo-user used by the
ftp-proxy(8) and
tftp-proxy(8) proxy
daemons with packet filters such as
pf(4) or
ipnat(4).
- _timedc
- Primary group for the _timedc pseudo-user used by the
timedc(8) tool to
communicate with the timed(8)
time server daemon.
- _sdpd
- Primary group for the _sdpd pseudo-user used by the
sdpd(8) Bluetooth service
discovery protocol daemon.
- _httpd
- Primary group for the _httpd pseudo-user used by the
httpd(8) (bozohttpd) web
server.
- _mdnsd
- Primary group for the _mdnsd pseudo-user used by the
mdnsd(8) multicast DNS and
DNS service discovery daemon.
- _tests
- Primary group for the _tests pseudo-user used by
atf(7) automatic tests that
request to run unprivileged.
- _tcpdump
- Primary group for the _tcpdump pseudo-user used by the
tcpdump(8) network traffic
dumper and analyzer.
- _tss
- Primary group for the _tss pseudo-user used by the
tcsd(8) ‘Trusted
Computing’ daemon to manage a TPM.
- _gpio
- Users authorized to read and write GPIO pins; see
gpio(4) and
gpioctl(8).
- _dhcpcd
- Primary group for the _dhcpcd pseudo-user used by the
dhcpcd(8) DHCP Client
Daemon.
- _rtadvd
- Primary group for the _rtadvd pseudo-user used by the
rtadvd(8) IPv6 network
router advertisement daemon.
- guest
- Guest users, in contrast to staff or regular users. Not used by
NetBSD; available for the administrator's
interpretation.
- _unbound
- Primary group for the _unbound pseudo-user used by the
unbound(8) recursive DNS
resolver.
- _nsd
- Primary group for the _nsd pseudo-user used by the
nsd(8) authoritative DNS
nameserver.
- nvmm
- Users authorized to use the
nvmm(4)
NetBSD Virtual Machine Monitor.
- nobody
- Primary group for the traditional nobody pseudo-user.
Modern practice is to assign to each different daemon its own separate
pseudo-user account and group so that if one daemon is compromised it does
not compromise all the other daemons.
- utmp
- Group of utmp(5) login
records.
- authpf
- Used by the set-group-id
(setuid(7)) program
authpf(8) to configure
authenticated gateways.
- users
- Regular users, in contrast to staff or guest users.
Default primary group for new users, as set in the default
usermgmt.conf(5)
file. Some administrators may instead prefer to assign to each user a
unique group with the same name as the user by passing the
‘-g
=uid
’
option to useradd(8).
- dialer
- Users authorized to make outgoing modem calls. Unused in modern
NetBSD.
- nogroup
- Pseudo-group.