Page MenuHomeFreeBSD
Files F152318472

D54114.id167668.diff
No OneTemporary
Actions

D54114.id167668.diff
View Options

diff --git a/share/man/man7/Makefile b/share/man/man7/Makefile
--- a/share/man/man7/Makefile
+++ b/share/man/man7/Makefile
@@ -14,6 +14,7 @@
development.7 \
environ.7 \
firewall.7 \
+ groups.7 \
growfs.7 \
hier.7 \
hostname.7 \
diff --git a/share/man/man7/groups.7 b/share/man/man7/groups.7
new file mode 100644
--- /dev/null
+++ b/share/man/man7/groups.7
@@ -0,0 +1,346 @@
+.\" $NetBSD: groups.7,v 1.8 2020/04/02 20:57:20 roy Exp $
+.\"
+.\" Copyright (c) 2020 The NetBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd Dec 8, 2025
+.Dt GROUPS 7
+.Os
+.Sh NAME
+.Nm groups
+.Nd standard group names
+.Sh DESCRIPTION
+A standard
+.Fx
+installation has the following user group names:
+.Bl -tag -width "realtime"
+.It Em wheel
+Users authorized to elevate themselves to the super-user privileges of
+the root user, meaning uid\~0.
+Normally the
+.Em wheel
+group has gid\~0.
+.Pp
+Users who are not in the group
+.Em wheel
+are never allowed by
+.Xr su 1
+to gain root privileges.
+.It Em daemon
+Used by the set-group-id
+.Pq Xr setuid 7
+programs
+.Xr lpr 1
+and
+.Xr rwho 1 .
+.It Em kmem
+Used by the set-group-id
+.Pq Xr setuid 7
+programs (like
+.Xr ktrdump 8 )
+that need to access kernel memory
+.Po Pa /dev/mem
+and
+.Pa /dev/kmem
+are in the group
+.Em kmem
+.Pc .
+See
+.Xr mem 4 .
+.It Em sys
+Historic group.
+Unused in modern
+.Fx .
+.It Em tty
+Used by the set-group-id
+.Pq Xr setuid 7
+programs
+.Xr wall 1
+and
+.Xr write 1
+to allow users to send messages to another tty even if they don't own
+it (static tty device nodes
+.Pa /dev/pts/*
+are all in the group
+.Em tty ) .
+See
+.Xr tty 4 .
+.It Em operator
+Users authorized to take backups of disk devices and shut down the
+machine.
+.Pp
+The disk device nodes
+(such as
+.Pa /dev/ada0 )
+are in the group
+.Em operator
+and group-readable so users in the group can read from disk devices,
+for example with
+.Xr dump 8 .
+The tape device nodes
+(such as
+.Pa /dev/sa0 )
+are in the group
+.Em operator
+and are both group-readable and group-writable so users in the group
+can write to tape devices.
+.Pp
+The
+.Xr shutdown 8
+program is executable only by root and members of the
+.Em operator
+group.
+.It Em mail
+Used by mail agents (like
+.Xr dma 8 ) .
+.Pp
+By default, root mail
+.Pq Pa /var/mail/root
+is in the
+.Em mail
+group.
+.It Em bin
+Historic group.
+Unused in modern
+.Fx .
+.It Em news
+Historic group.
+Unused in modern
+.Fx .
+.It Em man
+Historic group; used to be used for managing manual pages (see
+.Xr man 1 ) .
+.It Em games
+Used by various set-group-id
+.Pq Xr setuid 7
+games to maintain high-scores files and other common files in
+.Pa /var/games .
+See also
+.Xr intro 6 .
+.It Em ftp
+Used to be used by
+.Xr sysinstall 8
+(which is now replaced with
+.Xr bsdinstall 8 )
+for setting up anonymous FTP.
+Unused in modern
+.Fx .
+.It Em staff
+Staff users, in contrast to guest users (see
+.Em guest
+group).
+Not used by
+.Fx ;
+available for the administrator's interpretation.
+See
+.Xr security 7
+for some recommendations on managing accounts in
+.Em staff
+group.
+.It Em sshd
+Primary group for the
+.Em sshd
+pseudo-user used by the
+.Xr sshd 8
+secure shell daemon.
+.It Em smmsp
+Primary group for user
+.Em smmsp ,
+which is used by
+.Xr sendmail 8
+if no non-root users were configured for running it.
+.Pp
+The name of the group means "SendMail Message Submission Program".
+.It Em mailnull
+Used by electronic mail transport agent
+.Xr sendmail 8
+as group for its default user
+.Em mailnull .
+.It Em guest
+Guest users, in contrast to staff users (see
+.Em staff
+group).
+Not used by
+.Fx ;
+available for the administrator's interpretation.
+.It Em video
+Used for access to
+.Pa /dev/drm/*
+devices, which are used for GPU hardware acceleration.
+See
+.Xr drm 7 .
+.It Em realtime
+Used by
+.Xr mac_priotiry 4
+to allow members of this group to run threads and processes with
+realtime scheduling priority.
+See also
+.Xr rtprio 1 .
+.It Em idletime
+Used by
+.Xr mac_priority 4
+to allow members of this group to run processes with idle scheduling
+priority.
+See also
+.Xr idprio 1 .
+.It Em bind
+Primary group for the
+.Em bind
+pseudo-user used by
+.Xr named 8
+Internet domain name server.
+.It Em unbound
+Primary group for the
+.Em unbound
+pseudo-user used by the
+.Xr unbound 8
+recursive DNS resolver.
+.It Em proxy
+Primary group for the
+.Em proxy
+pseudo-user used by the
+.Xr ftp-proxy 8
+proxy daemon with packet filters such as
+.Xr pf 4 .
+.It Em authpf
+Used by the set-group-id
+.Pq Xr setuid 7
+program
+.Xr authpf 8
+to configure authenticated gateways.
+.It Em _pflogd
+Primary group for the
+.Em _pflogd
+pseudo-user used by the
+.Xr pflogd 8
+log daemon with the
+.Xr pf 4
+packet filter.
+.It Em _dhcp
+Primary group for the
+.Em _dhcp
+pseudo-user used by the
+.Xr dhclient 8
+DHCP Client.
+.It Em dialer
+Users authorized to make outgoing modem calls (see
+.Xr cu 1
+and
+.Pa /dev/cuauN
+devices).
+.It Em network
+Historic group.
+Unused in modern
+.Fx .
+.It Em audit
+Primary group for the
+.Em auditdistd
+pseudo-user used by
+.Xr auditd 8
+and
+.Xr auditdistd 8
+audit daemons.
+.It Em www
+Historic group for accessing World Wide Web.
+Unused in modern
+.Fx .
+.It Em u2f
+Used for users who need to access
+.Pa /dev/u2f/*
+devices (see
+.Xr u2f 4 ) .
+.It Em ntpd
+Primary group for the
+.Em ntpd
+pseudo-user used by the
+.Xr ntpd 8
+network time protocol daemon.
+.It Em _ypldap
+Primary group for the
+.Em _ypldap
+pseudo-user used by
+.Xr ypldap 8
+daemon.
+.It Em hast
+Primary group for the
+.Em hast
+pseudo-user used by
+Highly Available Storage daemon
+.Xr hastd 8 .
+.It Em tests
+Primary group for the
+.Em tests
+pseudo-user used by
+automatic tests that request to run unprivileged.
+See
+.Xr tests 7 .
+.It Em nogroup
+Pseudo-group (fake group).
+It differs from group
+.Em nobody
+in way that
+.Em nogroup
+doesn't have a dedicated user for it.
+For instance, this group is used for users
+.Em tty
+and
+.Em kmem .
+.It Em nobody
+Primary group for the traditional
+.Em nobody
+pseudo-user.
+Modern practice is to assign to each different daemon its own separate
+pseudo-user account and group so that if one daemon is compromised it
+does not compromise all the other daemons.
+.Pp
+See also group
+.Em nogroup .
+.El
+.Sh FILES
+.Bl -tag -width "/usr/src/etc/group" -compact
+.It Pa /etc/group
+Main group permissions file.
+.It Pa /usr/src/etc/group
+Group permissions file for the base system.
+.It Pa /usr/ports/GIDs
+A list of GIDs (group IDs) reserved for ports (see
+.Xr ports 7 ) .
+.El
+.Pp
+See
+.Xr group 5
+for the format of abovementioned files.
+.Sh SEE ALSO
+.Xr groups 1
+.Xr group 5
+.Xr pw 8
+.Sh HISTORY
+The
+.Nm
+manual page appeared in
+.Nx 10.0 .
+It was ported to
+.Fx
+and first appeared in
+.Fx 15.1 .

File Metadata

Mime Type
text/plain
Expires
Wed, Apr 15, 3:28 AM (43 m, 45 s)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
31516708
Default Alt Text
D54114.id167668.diff (7 KB)

Event Timeline