1.\" $NetBSD: users.7,v 1.4 2020/02/28 07:30:51 kim Exp $ 2.\" 3.\" Copyright (c) 2020 The NetBSD Foundation, Inc. 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 16.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 17.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 18.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 19.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25.\" POSSIBILITY OF SUCH DAMAGE. 26.\" 27.Dd February 25, 2020 28.Dt USERS 7 29.Os 30.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" 31.Sh NAME 32.Nm users 33.Nd standard user account names 34.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" 35.Sh DESCRIPTION 36A standard 37.Nx 38installation has the following user account names: 39.\" These are currently sorted by uid; perhaps they should be sorted 40.\" lexicographically by name instead. 41.Bl -tag -width ".Em _tcpdump" 42.It Em root 43The super-user, uid 0, with the highest administrative privileges. 44Normally not used for login directly, only via 45.Xr su 1 46or equivalent by users in the 47.Em wheel 48group; see 49.Xr groups 7 . 50.Pp 51Secondary groups: 52.Em guest , 53.Em kmem , 54.Em nvmm , 55.Em operator , 56.Em staff , 57.Em sys , 58.Em tty . 59.It Em toor 60Like 61.Em root , 62this is the super-user with uid 0, but with no secondary group 63memberships. 64.Pp 65Historically, 66.Em root 67had a login shell of 68.Pa /bin/csh 69while 70.Em toor 71had a login shell of 72.Pa /bin/sh . 73However, today both default to 74.Pa /bin/sh . 75This user account name is not used for anything in 76.Nx ; 77it is purely a convenience for actual users. 78.\" Maybe we should just remove this. 79.It Em daemon 80Historic user for general daemonic activity. 81.Pp 82Owner of 83.Pa /var/msgs ; 84see 85.Xr msgs 1 . 86Used only by 87.Xr rpcbind 8 , 88with the 89.Fl s 90flag. 91.It Em operator 92Historic user. 93Unused in modern 94.Nx . 95.It Em bin 96Historic user. 97Unused in modern 98.Nx . 99.It Em games 100Owner of high-score files and other shared files for games. 101.It Em postfix 102Pseudo-user for use by the 103.Xr postfix 1 104mail transfer agent. 105.It Em named 106Pseudo-user for use by the 107.Xr named 8 108DNS nameserver daemon. 109.It Em ntpd 110Pseudo-user for use by the 111.Xr ntpd 8 112network time protocol daemon. 113.It Em sshd 114Pseudo-user for use by the 115.Xr sshd 8 116secure shell daemon. 117.It Em _pflogd 118Pseudo-user for use by the 119.Xr pflogd 8 120log daemon with the 121.Xr pf 4 122packet filter. 123.It Em _rwhod 124Pseudo-user for use by the 125.Xr rwhod 8 126system status daemon. 127.It Em _proxy 128Pseudo-user for use by the 129.Xr ftp-proxy 8 130and 131.Xr tftp-proxy 8 132proxy daemons with packet filters such as 133.Xr pf 4 134or 135.Xr ipnat 4 . 136.It Em _timedc 137Pseudo-user for use by the 138.Xr timedc 8 139tool to communicate with the 140.Xr timed 8 141time server daemon. 142.It Em _sdpd 143Pseudo-user for use by the 144.Xr sdpd 8 145Bluetooth service discovery protocol daemon. 146.It Em _httpd 147Pseudo-user for use by the 148.Xr httpd 8 Pq bozohttpd 149web server. 150.It Em _mdnsd 151Pseudo-user for use by the 152.Xr mdnsd 8 153multicast DNS and DNS service discovery daemon. 154.It Em _tests 155Pseudo-user for use by 156.Xr atf 7 157automatic tests that request to run unprivileged. 158Default value for the 159.Sq unprivileged-user 160configuration variable; see 161.Xr tests 7 . 162.It Em _tcpdump 163Pseudo-user for use by the 164.Xr tcpdump 8 165network traffic dumper and analyzer. 166.It Em _tss 167Pseudo-user for use by the 168.Xr tcsd 8 169.Sq Trusted Computing 170daemon TPM to manage a TPM. 171.It Em _rtadvd 172Pseudo-user for use by the 173.Xr rtadvd 8 174IPv6 network router advertisement daemon. 175.It Em _unbound 176Pseudo-user for the 177.Xr unbound 8 178recursive DNS resolver. 179.It Em _nsd 180Pseudo-user for the 181.Xr nsd 8 182authoritative DNS nameserver. 183.It Em uucp 184Pseudo-user for use by historic UUCP software, available now in 185.Xr pkgsrc 7 . 186.It Em nobody 187Traditional pseudo-user used for dropping privileges. 188Modern practice is to assign to each different daemon its own separate 189pseudo-user account and group so that if one daemon is compromised it 190does not compromise all the other daemons. 191.El 192.Pp 193All new standard 194.Nx 195pseudo-user account names should begin with an underscore 196.Sq "_" 197to distinguish them from accounts that real users might add, and should 198have a primary group of the same name; real users should accordingly 199avoid such account names. 200.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" 201.Sh SEE ALSO 202.Xr groups 7 203