xref: /netbsd-src/share/man/man7/users.7 (revision 61a9079563d1468cb1d97ae836b518b20d4d95c3)

.\"	$NetBSD: users.7,v 1.5 2020/04/02 20:57:20 roy Exp $
.\"
.\" Copyright (c) 2020 The NetBSD Foundation, Inc.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd April 2, 2020
.Dt USERS 7
.Os
.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
.Sh NAME
.Nm users
.Nd standard user account names
.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
.Sh DESCRIPTION
A standard
.Nx
installation has the following user account names:
.\" These are currently sorted by uid; perhaps they should be sorted
.\" lexicographically by name instead.
.Bl -tag -width ".Em _tcpdump"
.It Em root
The super-user, uid 0, with the highest administrative privileges.
Normally not used for login directly, only via
.Xr su 1
or equivalent by users in the
.Em wheel
group; see
.Xr groups 7 .
.Pp
Secondary groups:
.Em guest ,
.Em kmem ,
.Em nvmm ,
.Em operator ,
.Em staff ,
.Em sys ,
.Em tty .
.It Em toor
Like
.Em root ,
this is the super-user with uid 0, but with no secondary group
memberships.
.Pp
Historically,
.Em root
had a login shell of
.Pa /bin/csh
while
.Em toor
had a login shell of
.Pa /bin/sh .
However, today both default to
.Pa /bin/sh .
This user account name is not used for anything in
.Nx ;
it is purely a convenience for actual users.
.\" Maybe we should just remove this.
.It Em daemon
Historic user for general daemonic activity.
.Pp
Owner of
.Pa /var/msgs ;
see
.Xr msgs 1 .
Used only by
.Xr rpcbind 8 ,
with the
.Fl s
flag.
.It Em operator
Historic user.
Unused in modern
.Nx .
.It Em bin
Historic user.
Unused in modern
.Nx .
.It Em games
Owner of high-score files and other shared files for games.
.It Em postfix
Pseudo-user for use by the
.Xr postfix 1
mail transfer agent.
.It Em named
Pseudo-user for use by the
.Xr named 8
DNS nameserver daemon.
.It Em ntpd
Pseudo-user for use by the
.Xr ntpd 8
network time protocol daemon.
.It Em sshd
Pseudo-user for use by the
.Xr sshd 8
secure shell daemon.
.It Em _pflogd
Pseudo-user for use by the
.Xr pflogd 8
log daemon with the
.Xr pf 4
packet filter.
.It Em _rwhod
Pseudo-user for use by the
.Xr rwhod 8
system status daemon.
.It Em _proxy
Pseudo-user for use by the
.Xr ftp-proxy 8
and
.Xr tftp-proxy 8
proxy daemons with packet filters such as
.Xr pf 4
or
.Xr ipnat 4 .
.It Em _timedc
Pseudo-user for use by the
.Xr timedc 8
tool to communicate with the
.Xr timed 8
time server daemon.
.It Em _sdpd
Pseudo-user for use by the
.Xr sdpd 8
Bluetooth service discovery protocol daemon.
.It Em _httpd
Pseudo-user for use by the
.Xr httpd 8 Pq bozohttpd
web server.
.It Em _mdnsd
Pseudo-user for use by the
.Xr mdnsd 8
multicast DNS and DNS service discovery daemon.
.It Em _tests
Pseudo-user for use by
.Xr atf 7
automatic tests that request to run unprivileged.
Default value for the
.Sq unprivileged-user
configuration variable; see
.Xr tests 7 .
.It Em _tcpdump
Pseudo-user for use by the
.Xr tcpdump 8
network traffic dumper and analyzer.
.It Em _tss
Pseudo-user for use by the
.Xr tcsd 8
.Sq Trusted Computing
daemon TPM to manage a TPM.
.It Em _dhcpcd
Pseudo-user for use by the
.Xr dhcpcd 8
DHCP Client Daemon.
.It Em _rtadvd
Pseudo-user for use by the
.Xr rtadvd 8
IPv6 network router advertisement daemon.
.It Em _unbound
Pseudo-user for the
.Xr unbound 8
recursive DNS resolver.
.It Em _nsd
Pseudo-user for the
.Xr nsd 8
authoritative DNS nameserver.
.It Em uucp
Pseudo-user for use by historic UUCP software, available now in
.Xr pkgsrc 7 .
.It Em nobody
Traditional pseudo-user used for dropping privileges.
Modern practice is to assign to each different daemon its own separate
pseudo-user account and group so that if one daemon is compromised it
does not compromise all the other daemons.
.El
.Pp
All new standard
.Nx
pseudo-user account names should begin with an underscore
.Sq "_"
to distinguish them from accounts that real users might add, and should
have a primary group of the same name; real users should accordingly
avoid such account names.
.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
.Sh SEE ALSO
.Xr groups 7