1.\" $NetBSD: users.7,v 1.5 2020/04/02 20:57:20 roy Exp $ 2.\" 3.\" Copyright (c) 2020 The NetBSD Foundation, Inc. 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 16.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 17.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 18.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 19.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25.\" POSSIBILITY OF SUCH DAMAGE. 26.\" 27.Dd April 2, 2020 28.Dt USERS 7 29.Os 30.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" 31.Sh NAME 32.Nm users 33.Nd standard user account names 34.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" 35.Sh DESCRIPTION 36A standard 37.Nx 38installation has the following user account names: 39.\" These are currently sorted by uid; perhaps they should be sorted 40.\" lexicographically by name instead. 41.Bl -tag -width ".Em _tcpdump" 42.It Em root 43The super-user, uid 0, with the highest administrative privileges. 44Normally not used for login directly, only via 45.Xr su 1 46or equivalent by users in the 47.Em wheel 48group; see 49.Xr groups 7 . 50.Pp 51Secondary groups: 52.Em guest , 53.Em kmem , 54.Em nvmm , 55.Em operator , 56.Em staff , 57.Em sys , 58.Em tty . 59.It Em toor 60Like 61.Em root , 62this is the super-user with uid 0, but with no secondary group 63memberships. 64.Pp 65Historically, 66.Em root 67had a login shell of 68.Pa /bin/csh 69while 70.Em toor 71had a login shell of 72.Pa /bin/sh . 73However, today both default to 74.Pa /bin/sh . 75This user account name is not used for anything in 76.Nx ; 77it is purely a convenience for actual users. 78.\" Maybe we should just remove this. 79.It Em daemon 80Historic user for general daemonic activity. 81.Pp 82Owner of 83.Pa /var/msgs ; 84see 85.Xr msgs 1 . 86Used only by 87.Xr rpcbind 8 , 88with the 89.Fl s 90flag. 91.It Em operator 92Historic user. 93Unused in modern 94.Nx . 95.It Em bin 96Historic user. 97Unused in modern 98.Nx . 99.It Em games 100Owner of high-score files and other shared files for games. 101.It Em postfix 102Pseudo-user for use by the 103.Xr postfix 1 104mail transfer agent. 105.It Em named 106Pseudo-user for use by the 107.Xr named 8 108DNS nameserver daemon. 109.It Em ntpd 110Pseudo-user for use by the 111.Xr ntpd 8 112network time protocol daemon. 113.It Em sshd 114Pseudo-user for use by the 115.Xr sshd 8 116secure shell daemon. 117.It Em _pflogd 118Pseudo-user for use by the 119.Xr pflogd 8 120log daemon with the 121.Xr pf 4 122packet filter. 123.It Em _rwhod 124Pseudo-user for use by the 125.Xr rwhod 8 126system status daemon. 127.It Em _proxy 128Pseudo-user for use by the 129.Xr ftp-proxy 8 130and 131.Xr tftp-proxy 8 132proxy daemons with packet filters such as 133.Xr pf 4 134or 135.Xr ipnat 4 . 136.It Em _timedc 137Pseudo-user for use by the 138.Xr timedc 8 139tool to communicate with the 140.Xr timed 8 141time server daemon. 142.It Em _sdpd 143Pseudo-user for use by the 144.Xr sdpd 8 145Bluetooth service discovery protocol daemon. 146.It Em _httpd 147Pseudo-user for use by the 148.Xr httpd 8 Pq bozohttpd 149web server. 150.It Em _mdnsd 151Pseudo-user for use by the 152.Xr mdnsd 8 153multicast DNS and DNS service discovery daemon. 154.It Em _tests 155Pseudo-user for use by 156.Xr atf 7 157automatic tests that request to run unprivileged. 158Default value for the 159.Sq unprivileged-user 160configuration variable; see 161.Xr tests 7 . 162.It Em _tcpdump 163Pseudo-user for use by the 164.Xr tcpdump 8 165network traffic dumper and analyzer. 166.It Em _tss 167Pseudo-user for use by the 168.Xr tcsd 8 169.Sq Trusted Computing 170daemon TPM to manage a TPM. 171.It Em _dhcpcd 172Pseudo-user for use by the 173.Xr dhcpcd 8 174DHCP Client Daemon. 175.It Em _rtadvd 176Pseudo-user for use by the 177.Xr rtadvd 8 178IPv6 network router advertisement daemon. 179.It Em _unbound 180Pseudo-user for the 181.Xr unbound 8 182recursive DNS resolver. 183.It Em _nsd 184Pseudo-user for the 185.Xr nsd 8 186authoritative DNS nameserver. 187.It Em uucp 188Pseudo-user for use by historic UUCP software, available now in 189.Xr pkgsrc 7 . 190.It Em nobody 191Traditional pseudo-user used for dropping privileges. 192Modern practice is to assign to each different daemon its own separate 193pseudo-user account and group so that if one daemon is compromised it 194does not compromise all the other daemons. 195.El 196.Pp 197All new standard 198.Nx 199pseudo-user account names should begin with an underscore 200.Sq "_" 201to distinguish them from accounts that real users might add, and should 202have a primary group of the same name; real users should accordingly 203avoid such account names. 204.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" 205.Sh SEE ALSO 206.Xr groups 7 207