331 lines
7.7 KiB
Groff
331 lines
7.7 KiB
Groff
.\" $NetBSD: groups.7,v 1.8 2020/04/02 20:57:20 roy Exp $
|
|
.\"
|
|
.\" Copyright (c) 2020 The NetBSD Foundation, Inc.
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
|
|
.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
|
.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
|
|
.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
.\" POSSIBILITY OF SUCH DAMAGE.
|
|
.\"
|
|
.Dd April 2, 2020
|
|
.Dt GROUPS 7
|
|
.Os
|
|
.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
|
|
.Sh NAME
|
|
.Nm groups
|
|
.Nd standard group names
|
|
.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
|
|
.Sh DESCRIPTION
|
|
A standard
|
|
.Nx
|
|
installation has the following user group names:
|
|
.\" These are currently sorted by gid; perhaps they should be sorted
|
|
.\" lexicographically by name instead.
|
|
.Bl -tag -width ".Em _tcpdump"
|
|
.It Em wheel
|
|
Users authorized to elevate themselves to the super-user privileges of
|
|
the root user, meaning uid\~0.
|
|
Normally the
|
|
.Em wheel
|
|
group has gid\~0.
|
|
.Pp
|
|
Users who are not in the group
|
|
.Em wheel
|
|
are never allowed by
|
|
.Xr su 1
|
|
to gain root privileges.
|
|
.It Em daemon
|
|
Used by the set-group-id
|
|
.Pq Xr setuid 7
|
|
programs
|
|
.Xr lpq 1 ,
|
|
.Xr lpr 1 ,
|
|
and
|
|
.Xr lprm 1 .
|
|
.\" Unclear why. Maybe used to be used by uucp stuff too, since
|
|
.\" /var/spool/lock ownership is uucp:daemon?
|
|
.It Em sys
|
|
Historic group.
|
|
Unused in modern
|
|
.Nx .
|
|
.It Em tty
|
|
Used by the set-group-id
|
|
.Pq Xr setuid 7
|
|
programs
|
|
.Xr wall 1
|
|
and
|
|
.Xr write 1
|
|
to allow users to send messages to another tty even if they don't own
|
|
it.
|
|
Static tty device nodes in
|
|
.Pa /dev
|
|
are all in the group
|
|
.Em tty ,
|
|
and the
|
|
.Xr mount_ptyfs 8
|
|
program passes the gid of the
|
|
.Em tty
|
|
group to the kernel so that all nodes in
|
|
.Pa /dev/pts
|
|
or equivalent are in the group too.
|
|
.It Em operator
|
|
Users authorized to take backups of disk devices and shut down the
|
|
machine.
|
|
.Pp
|
|
The disk device nodes in
|
|
.Pa /dev
|
|
such as
|
|
.Pa /dev/rwd0a
|
|
are in the group
|
|
.Em operator
|
|
and group-readable so users in the group can read from disk devices,
|
|
for example with
|
|
.Xr dump 8 .
|
|
The tape device nodes in
|
|
.Pa /dev
|
|
such as
|
|
.Pa /dev/rst0
|
|
are in the group
|
|
.Em operator
|
|
and are both group-readable and group-writable so users in the group
|
|
can write to tape devices.
|
|
.Pp
|
|
The
|
|
.Xr shutdown 8
|
|
program is executable only by root and members of the
|
|
.Em operator
|
|
group.
|
|
.It Em mail
|
|
Historic group.
|
|
Unused in modern
|
|
.Nx .
|
|
.\" Is this true? Hard to grep for this in src...
|
|
.It Em bin
|
|
Historic group.
|
|
Unused in modern
|
|
.Nx .
|
|
.It Em wsrc
|
|
Historic group.
|
|
Unused in modern
|
|
.Nx .
|
|
.\" Actually it seems to be used in the set lists somehow, but it's
|
|
.\" unclear to me how what the significance is.
|
|
.It Em maildrop
|
|
Used by the set-group-id
|
|
.Pq Xr setuid 7
|
|
programs
|
|
.Xr postdrop 1
|
|
and
|
|
.Xr postqueue 1
|
|
to submit to and examine the
|
|
.Xr postfix 1
|
|
mail queue at
|
|
.Pa /var/spool/postfix/maildrop
|
|
and
|
|
.Pa /var/spool/postfix/public .
|
|
.It Em postfix
|
|
Primary group for the
|
|
.Em postfix
|
|
pseudo-user used by the
|
|
.Xr postfix 1
|
|
mail transfer agent.
|
|
.\" Why are various subdirectories of /var/spool/postfix owned by
|
|
.\" postfix:wheel and not postfix:postfix?
|
|
.It Em games
|
|
Used by various set-group-id
|
|
.Pq Xr setuid 7
|
|
games to maintain high-scores files and other common files in
|
|
.Pa /var/games .
|
|
.It Em named
|
|
Primary group for the
|
|
.Em named
|
|
pseudo-user used by the
|
|
.Xr named 8
|
|
DNS nameserver daemon.
|
|
.It Em ntpd
|
|
Primary group for the
|
|
.Em ntpd
|
|
pseudo-user used by the
|
|
.Xr ntpd 8
|
|
network time protocol daemon.
|
|
.It Em sshd
|
|
Primary group for the
|
|
.Em sshd
|
|
pseudo-user used by the
|
|
.Xr sshd 8
|
|
secure shell daemon.
|
|
.It Em _pflogd
|
|
Primary group for the
|
|
.Em _pflogd
|
|
pseudo-user used by the
|
|
.Xr pflogd 8
|
|
log daemon with the
|
|
.Xr pf 4
|
|
packet filter.
|
|
.It Em _rwhod
|
|
Primary group for the
|
|
.Em _rwhod
|
|
pseudo-user used by the
|
|
.Xr rwhod 8
|
|
system status daemon.
|
|
.It Em staff
|
|
Staff users, in contrast to regular or guest users.
|
|
Not used by
|
|
.Nx ;
|
|
available for the administrator's interpretation.
|
|
.It Em _proxy
|
|
Primary group for the
|
|
.Em _proxy
|
|
pseudo-user used by the
|
|
.Xr ftp-proxy 8
|
|
and
|
|
.Xr tftp-proxy 8
|
|
proxy daemons with packet filters such as
|
|
.Xr pf 4
|
|
or
|
|
.Xr ipnat 4 .
|
|
.It Em _timedc
|
|
Primary group for the
|
|
.Em _timedc
|
|
pseudo-user used by the
|
|
.Xr timedc 8
|
|
tool to communicate with the
|
|
.Xr timed 8
|
|
time server daemon.
|
|
.It Em _sdpd
|
|
Primary group for the
|
|
.Em _sdpd
|
|
pseudo-user used by the
|
|
.Xr sdpd 8
|
|
Bluetooth service discovery protocol daemon.
|
|
.It Em _httpd
|
|
Primary group for the
|
|
.Em _httpd
|
|
pseudo-user used by the
|
|
.Xr httpd 8 Pq bozohttpd
|
|
web server.
|
|
.It Em _mdnsd
|
|
Primary group for the
|
|
.Em _mdnsd
|
|
pseudo-user used by the
|
|
.Xr mdnsd 8
|
|
multicast DNS and DNS service discovery daemon.
|
|
.It Em _tests
|
|
Primary group for the
|
|
.Em _tests
|
|
pseudo-user used by
|
|
.Xr atf 7
|
|
automatic tests that request to run unprivileged.
|
|
.It Em _tcpdump
|
|
Primary group for the
|
|
.Em _tcpdump
|
|
pseudo-user used by the
|
|
.Xr tcpdump 8
|
|
network traffic dumper and analyzer.
|
|
.It Em _tss
|
|
Primary group for the
|
|
.Em _tss
|
|
pseudo-user used by the
|
|
.Xr tcsd 8
|
|
.Sq Trusted Computing
|
|
daemon to manage a TPM.
|
|
.It Em _gpio
|
|
Users authorized to read and write GPIO pins; see
|
|
.Xr gpio 4
|
|
and
|
|
.Xr gpioctl 8 .
|
|
.It Em _dhcpcd
|
|
Primary group for the
|
|
.Em _dhcpcd
|
|
pseudo-user used by the
|
|
.Xr dhcpcd 8
|
|
DHCP Client Daemon.
|
|
.It Em _rtadvd
|
|
Primary group for the
|
|
.Em _rtadvd
|
|
pseudo-user used by the
|
|
.Xr rtadvd 8
|
|
IPv6 network router advertisement daemon.
|
|
.It Em guest
|
|
Guest users, in contrast to staff or regular users.
|
|
Not used by
|
|
.Nx ;
|
|
available for the administrator's interpretation.
|
|
.It Em _unbound
|
|
Primary group for the
|
|
.Em _unbound
|
|
pseudo-user used by the
|
|
.Xr unbound 8
|
|
recursive DNS resolver.
|
|
.It Em _nsd
|
|
Primary group for the
|
|
.Em _nsd
|
|
pseudo-user used by the
|
|
.Xr nsd 8
|
|
authoritative DNS nameserver.
|
|
.It Em nvmm
|
|
Users authorized to use the
|
|
.Xr nvmm 4
|
|
.Nx
|
|
Virtual Machine Monitor.
|
|
.It Em nobody
|
|
Primary group for the traditional
|
|
.Em nobody
|
|
pseudo-user.
|
|
Modern practice is to assign to each different daemon its own separate
|
|
pseudo-user account and group so that if one daemon is compromised it
|
|
does not compromise all the other daemons.
|
|
.It Em utmp
|
|
Group of
|
|
.Xr utmp 5
|
|
login records.
|
|
.\" Why?
|
|
.It Em authpf
|
|
Used by the set-group-id
|
|
.Pq Xr setuid 7
|
|
program
|
|
.Xr authpf 8
|
|
to configure authenticated gateways.
|
|
.\" Does it actually use the sgid bit? It's also suid root...
|
|
.It Em users
|
|
Regular users, in contrast to staff or guest users.
|
|
.Pp
|
|
Default primary group for new users, as set in the default
|
|
.Xr usermgmt.conf 5
|
|
file.
|
|
Some administrators may instead prefer to assign to each user a unique
|
|
group with the same name as the user by passing the
|
|
.So
|
|
.Fl g Cm "=uid"
|
|
.Sc
|
|
option to
|
|
.Xr useradd 8 .
|
|
.It Em dialer
|
|
Users authorized to make outgoing modem calls.
|
|
Unused in modern
|
|
.Nx .
|
|
.It Em nogroup
|
|
Pseudo-group.
|
|
.\" For...?
|
|
.El
|
|
.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
|
|
.Sh SEE ALSO
|
|
.Xr users 7
|