xref: /netbsd-src/share/man/man7/groups.7 (revision 61a9079563d1468cb1d97ae836b518b20d4d95c3)

.\"	$NetBSD: groups.7,v 1.8 2020/04/02 20:57:20 roy Exp $
.\"
.\" Copyright (c) 2020 The NetBSD Foundation, Inc.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd April 2, 2020
.Dt GROUPS 7
.Os
.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
.Sh NAME
.Nm groups
.Nd standard group names
.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
.Sh DESCRIPTION
A standard
.Nx
installation has the following user group names:
.\" These are currently sorted by gid; perhaps they should be sorted
.\" lexicographically by name instead.
.Bl -tag -width ".Em _tcpdump"
.It Em wheel
Users authorized to elevate themselves to the super-user privileges of
the root user, meaning uid\~0.
Normally the
.Em wheel
group has gid\~0.
.Pp
Users who are not in the group
.Em wheel
are never allowed by
.Xr su 1
to gain root privileges.
.It Em daemon
Used by the set-group-id
.Pq Xr setuid 7
programs
.Xr lpq 1 ,
.Xr lpr 1 ,
and
.Xr lprm 1 .
.\" Unclear why.  Maybe used to be used by uucp stuff too, since
.\" /var/spool/lock ownership is uucp:daemon?
.It Em sys
Historic group.
Unused in modern
.Nx .
.It Em tty
Used by the set-group-id
.Pq Xr setuid 7
programs
.Xr wall 1
and
.Xr write 1
to allow users to send messages to another tty even if they don't own
it.
Static tty device nodes in
.Pa /dev
are all in the group
.Em tty ,
and the
.Xr mount_ptyfs 8
program passes the gid of the
.Em tty
group to the kernel so that all nodes in
.Pa /dev/pts
or equivalent are in the group too.
.It Em operator
Users authorized to take backups of disk devices and shut down the
machine.
.Pp
The disk device nodes in
.Pa /dev
such as
.Pa /dev/rwd0a
are in the group
.Em operator
and group-readable so users in the group can read from disk devices,
for example with
.Xr dump 8 .
The tape device nodes in
.Pa /dev
such as
.Pa /dev/rst0
are in the group
.Em operator
and are both group-readable and group-writable so users in the group
can write to tape devices.
.Pp
The
.Xr shutdown 8
program is executable only by root and members of the
.Em operator
group.
.It Em mail
Historic group.
Unused in modern
.Nx .
.\" Is this true?  Hard to grep for this in src...
.It Em bin
Historic group.
Unused in modern
.Nx .
.It Em wsrc
Historic group.
Unused in modern
.Nx .
.\" Actually it seems to be used in the set lists somehow, but it's
.\" unclear to me how what the significance is.
.It Em maildrop
Used by the set-group-id
.Pq Xr setuid 7
programs
.Xr postdrop 1
and
.Xr postqueue 1
to submit to and examine the
.Xr postfix 1
mail queue at
.Pa /var/spool/postfix/maildrop
and
.Pa /var/spool/postfix/public .
.It Em postfix
Primary group for the
.Em postfix
pseudo-user used by the
.Xr postfix 1
mail transfer agent.
.\" Why are various subdirectories of /var/spool/postfix owned by
.\" postfix:wheel and not postfix:postfix?
.It Em games
Used by various set-group-id
.Pq Xr setuid 7
games to maintain high-scores files and other common files in
.Pa /var/games .
.It Em named
Primary group for the
.Em named
pseudo-user used by the
.Xr named 8
DNS nameserver daemon.
.It Em ntpd
Primary group for the
.Em ntpd
pseudo-user used by the
.Xr ntpd 8
network time protocol daemon.
.It Em sshd
Primary group for the
.Em sshd
pseudo-user used by the
.Xr sshd 8
secure shell daemon.
.It Em _pflogd
Primary group for the
.Em _pflogd
pseudo-user used by the
.Xr pflogd 8
log daemon with the
.Xr pf 4
packet filter.
.It Em _rwhod
Primary group for the
.Em _rwhod
pseudo-user used by the
.Xr rwhod 8
system status daemon.
.It Em staff
Staff users, in contrast to regular or guest users.
Not used by
.Nx ;
available for the administrator's interpretation.
.It Em _proxy
Primary group for the
.Em _proxy
pseudo-user used by the
.Xr ftp-proxy 8
and
.Xr tftp-proxy 8
proxy daemons with packet filters such as
.Xr pf 4
or
.Xr ipnat 4 .
.It Em _timedc
Primary group for the
.Em _timedc
pseudo-user used by the
.Xr timedc 8
tool to communicate with the
.Xr timed 8
time server daemon.
.It Em _sdpd
Primary group for the
.Em _sdpd
pseudo-user used by the
.Xr sdpd 8
Bluetooth service discovery protocol daemon.
.It Em _httpd
Primary group for the
.Em _httpd
pseudo-user used by the
.Xr httpd 8 Pq bozohttpd
web server.
.It Em _mdnsd
Primary group for the
.Em _mdnsd
pseudo-user used by the
.Xr mdnsd 8
multicast DNS and DNS service discovery daemon.
.It Em _tests
Primary group for the
.Em _tests
pseudo-user used by
.Xr atf 7
automatic tests that request to run unprivileged.
.It Em _tcpdump
Primary group for the
.Em _tcpdump
pseudo-user used by the
.Xr tcpdump 8
network traffic dumper and analyzer.
.It Em _tss
Primary group for the
.Em _tss
pseudo-user used by the
.Xr tcsd 8
.Sq Trusted Computing
daemon to manage a TPM.
.It Em _gpio
Users authorized to read and write GPIO pins; see
.Xr gpio 4
and
.Xr gpioctl 8 .
.It Em _dhcpcd
Primary group for the
.Em _dhcpcd
pseudo-user used by the
.Xr dhcpcd 8
DHCP Client Daemon.
.It Em _rtadvd
Primary group for the
.Em _rtadvd
pseudo-user used by the
.Xr rtadvd 8
IPv6 network router advertisement daemon.
.It Em guest
Guest users, in contrast to staff or regular users.
Not used by
.Nx ;
available for the administrator's interpretation.
.It Em _unbound
Primary group for the
.Em _unbound
pseudo-user used by the
.Xr unbound 8
recursive DNS resolver.
.It Em _nsd
Primary group for the
.Em _nsd
pseudo-user used by the
.Xr nsd 8
authoritative DNS nameserver.
.It Em nvmm
Users authorized to use the
.Xr nvmm 4
.Nx
Virtual Machine Monitor.
.It Em nobody
Primary group for the traditional
.Em nobody
pseudo-user.
Modern practice is to assign to each different daemon its own separate
pseudo-user account and group so that if one daemon is compromised it
does not compromise all the other daemons.
.It Em utmp
Group of
.Xr utmp 5
login records.
.\" Why?
.It Em authpf
Used by the set-group-id
.Pq Xr setuid 7
program
.Xr authpf 8
to configure authenticated gateways.
.\" Does it actually use the sgid bit?  It's also suid root...
.It Em users
Regular users, in contrast to staff or guest users.
.Pp
Default primary group for new users, as set in the default
.Xr usermgmt.conf 5
file.
Some administrators may instead prefer to assign to each user a unique
group with the same name as the user by passing the
.So
.Fl g Cm "=uid"
.Sc
option to
.Xr useradd 8 .
.It Em dialer
Users authorized to make outgoing modem calls.
Unused in modern
.Nx .
.It Em nogroup
Pseudo-group.
.\" For...?
.El
.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
.Sh SEE ALSO
.Xr users 7