GROUPS(7) Miscellaneous Information Manual GROUPS(7)

groupsstandard group names

A standard NetBSD installation has the following user group names:

Users authorized to elevate themselves to the super-user privileges of the root user, meaning uid 0. Normally the wheel group has gid 0.

Users who are not in the group wheel are never allowed by su(1) to gain root privileges.

Used by the set-group-id (setuid(7)) programs lpq(1), lpr(1), and lprm(1).
Historic group. Unused in modern NetBSD.
Used by the set-group-id (setuid(7)) programs wall(1) and write(1) to allow users to send messages to another tty even if they don't own it. Static tty device nodes in /dev are all in the group tty, and the mount_ptyfs(8) program passes the gid of the tty group to the kernel so that all nodes in /dev/pts or equivalent are in the group too.
Users authorized to take backups of disk devices and shut down the machine.

The disk device nodes in /dev such as /dev/rwd0a are in the group operator and group-readable so users in the group can read from disk devices, for example with dump(8). The tape device nodes in /dev such as /dev/rst0 are in the group operator and are both group-readable and group-writable so users in the group can write to tape devices.

The shutdown(8) program is executable only by root and members of the operator group.

Historic group. Unused in modern NetBSD.
Historic group. Unused in modern NetBSD.
Historic group. Unused in modern NetBSD.
Used by the set-group-id (setuid(7)) programs postdrop(1) and postqueue(1) to submit to and examine the postfix(1) mail queue at /var/spool/postfix/maildrop and /var/spool/postfix/public.
Primary group for the postfix pseudo-user used by the postfix(1) mail transfer agent.
Used by various set-group-id (setuid(7)) games to maintain high-scores files and other common files in /var/games.
Primary group for the named pseudo-user used by the named(8) DNS nameserver daemon.
Primary group for the ntpd pseudo-user used by the ntpd(8) network time protocol daemon.
Primary group for the sshd pseudo-user used by the sshd(8) secure shell daemon.
Primary group for the _pflogd pseudo-user used by the pflogd(8) log daemon with the pf(4) packet filter.
Primary group for the _rwhod pseudo-user used by the rwhod(8) system status daemon.
Staff users, in contrast to regular or guest users. Not used by NetBSD; available for the administrator's interpretation.
Primary group for the _proxy pseudo-user used by the ftp-proxy(8) and tftp-proxy(8) proxy daemons with packet filters such as pf(4) or ipnat(4).
Primary group for the _timedc pseudo-user used by the timedc(8) tool to communicate with the timed(8) time server daemon.
Primary group for the _sdpd pseudo-user used by the sdpd(8) Bluetooth service discovery protocol daemon.
Primary group for the _httpd pseudo-user used by the httpd(8) (bozohttpd) web server.
Primary group for the _mdnsd pseudo-user used by the mdnsd(8) multicast DNS and DNS service discovery daemon.
Primary group for the _tests pseudo-user used by atf(7) automatic tests that request to run unprivileged.
Primary group for the _tcpdump pseudo-user used by the tcpdump(8) network traffic dumper and analyzer.
Primary group for the _tss pseudo-user used by the tcsd(8) ‘Trusted Computing’ daemon to manage a TPM.
Users authorized to read and write GPIO pins; see gpio(4) and gpioctl(8).
Primary group for the _dhcpcd pseudo-user used by the dhcpcd(8) DHCP Client Daemon.
Primary group for the _rtadvd pseudo-user used by the rtadvd(8) IPv6 network router advertisement daemon.
Guest users, in contrast to staff or regular users. Not used by NetBSD; available for the administrator's interpretation.
Primary group for the _unbound pseudo-user used by the unbound(8) recursive DNS resolver.
Primary group for the _nsd pseudo-user used by the nsd(8) authoritative DNS nameserver.
Users authorized to use the nvmm(4) NetBSD Virtual Machine Monitor.
Primary group for the traditional nobody pseudo-user. Modern practice is to assign to each different daemon its own separate pseudo-user account and group so that if one daemon is compromised it does not compromise all the other daemons.
Group of utmp(5) login records.
Used by the set-group-id (setuid(7)) program authpf(8) to configure authenticated gateways.
Regular users, in contrast to staff or guest users.

Default primary group for new users, as set in the default usermgmt.conf(5) file. Some administrators may instead prefer to assign to each user a unique group with the same name as the user by passing the ‘-g =uid’ option to useradd(8).

Users authorized to make outgoing modem calls. Unused in modern NetBSD.
Pseudo-group.

users(7)

April 2, 2020 NetBSD 10.99