diff options
Diffstat (limited to 'static/netbsd/man7/groups.7')
| -rw-r--r-- | static/netbsd/man7/groups.7 | 330 |
1 files changed, 330 insertions, 0 deletions
diff --git a/static/netbsd/man7/groups.7 b/static/netbsd/man7/groups.7 new file mode 100644 index 00000000..3ec4cd22 --- /dev/null +++ b/static/netbsd/man7/groups.7 @@ -0,0 +1,330 @@ +.\" $NetBSD: groups.7,v 1.8 2020/04/02 20:57:20 roy Exp $ +.\" +.\" Copyright (c) 2020 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd April 2, 2020 +.Dt GROUPS 7 +.Os +.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" +.Sh NAME +.Nm groups +.Nd standard group names +.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" +.Sh DESCRIPTION +A standard +.Nx +installation has the following user group names: +.\" These are currently sorted by gid; perhaps they should be sorted +.\" lexicographically by name instead. +.Bl -tag -width ".Em _tcpdump" +.It Em wheel +Users authorized to elevate themselves to the super-user privileges of +the root user, meaning uid\~0. +Normally the +.Em wheel +group has gid\~0. +.Pp +Users who are not in the group +.Em wheel +are never allowed by +.Xr su 1 +to gain root privileges. +.It Em daemon +Used by the set-group-id +.Pq Xr setuid 7 +programs +.Xr lpq 1 , +.Xr lpr 1 , +and +.Xr lprm 1 . +.\" Unclear why. Maybe used to be used by uucp stuff too, since +.\" /var/spool/lock ownership is uucp:daemon? +.It Em sys +Historic group. +Unused in modern +.Nx . +.It Em tty +Used by the set-group-id +.Pq Xr setuid 7 +programs +.Xr wall 1 +and +.Xr write 1 +to allow users to send messages to another tty even if they don't own +it. +Static tty device nodes in +.Pa /dev +are all in the group +.Em tty , +and the +.Xr mount_ptyfs 8 +program passes the gid of the +.Em tty +group to the kernel so that all nodes in +.Pa /dev/pts +or equivalent are in the group too. +.It Em operator +Users authorized to take backups of disk devices and shut down the +machine. +.Pp +The disk device nodes in +.Pa /dev +such as +.Pa /dev/rwd0a +are in the group +.Em operator +and group-readable so users in the group can read from disk devices, +for example with +.Xr dump 8 . +The tape device nodes in +.Pa /dev +such as +.Pa /dev/rst0 +are in the group +.Em operator +and are both group-readable and group-writable so users in the group +can write to tape devices. +.Pp +The +.Xr shutdown 8 +program is executable only by root and members of the +.Em operator +group. +.It Em mail +Historic group. +Unused in modern +.Nx . +.\" Is this true? Hard to grep for this in src... +.It Em bin +Historic group. +Unused in modern +.Nx . +.It Em wsrc +Historic group. +Unused in modern +.Nx . +.\" Actually it seems to be used in the set lists somehow, but it's +.\" unclear to me how what the significance is. +.It Em maildrop +Used by the set-group-id +.Pq Xr setuid 7 +programs +.Xr postdrop 1 +and +.Xr postqueue 1 +to submit to and examine the +.Xr postfix 1 +mail queue at +.Pa /var/spool/postfix/maildrop +and +.Pa /var/spool/postfix/public . +.It Em postfix +Primary group for the +.Em postfix +pseudo-user used by the +.Xr postfix 1 +mail transfer agent. +.\" Why are various subdirectories of /var/spool/postfix owned by +.\" postfix:wheel and not postfix:postfix? +.It Em games +Used by various set-group-id +.Pq Xr setuid 7 +games to maintain high-scores files and other common files in +.Pa /var/games . +.It Em named +Primary group for the +.Em named +pseudo-user used by the +.Xr named 8 +DNS nameserver daemon. +.It Em ntpd +Primary group for the +.Em ntpd +pseudo-user used by the +.Xr ntpd 8 +network time protocol daemon. +.It Em sshd +Primary group for the +.Em sshd +pseudo-user used by the +.Xr sshd 8 +secure shell daemon. +.It Em _pflogd +Primary group for the +.Em _pflogd +pseudo-user used by the +.Xr pflogd 8 +log daemon with the +.Xr pf 4 +packet filter. +.It Em _rwhod +Primary group for the +.Em _rwhod +pseudo-user used by the +.Xr rwhod 8 +system status daemon. +.It Em staff +Staff users, in contrast to regular or guest users. +Not used by +.Nx ; +available for the administrator's interpretation. +.It Em _proxy +Primary group for the +.Em _proxy +pseudo-user used by the +.Xr ftp-proxy 8 +and +.Xr tftp-proxy 8 +proxy daemons with packet filters such as +.Xr pf 4 +or +.Xr ipnat 4 . +.It Em _timedc +Primary group for the +.Em _timedc +pseudo-user used by the +.Xr timedc 8 +tool to communicate with the +.Xr timed 8 +time server daemon. +.It Em _sdpd +Primary group for the +.Em _sdpd +pseudo-user used by the +.Xr sdpd 8 +Bluetooth service discovery protocol daemon. +.It Em _httpd +Primary group for the +.Em _httpd +pseudo-user used by the +.Xr httpd 8 Pq bozohttpd +web server. +.It Em _mdnsd +Primary group for the +.Em _mdnsd +pseudo-user used by the +.Xr mdnsd 8 +multicast DNS and DNS service discovery daemon. +.It Em _tests +Primary group for the +.Em _tests +pseudo-user used by +.Xr atf 7 +automatic tests that request to run unprivileged. +.It Em _tcpdump +Primary group for the +.Em _tcpdump +pseudo-user used by the +.Xr tcpdump 8 +network traffic dumper and analyzer. +.It Em _tss +Primary group for the +.Em _tss +pseudo-user used by the +.Xr tcsd 8 +.Sq Trusted Computing +daemon to manage a TPM. +.It Em _gpio +Users authorized to read and write GPIO pins; see +.Xr gpio 4 +and +.Xr gpioctl 8 . +.It Em _dhcpcd +Primary group for the +.Em _dhcpcd +pseudo-user used by the +.Xr dhcpcd 8 +DHCP Client Daemon. +.It Em _rtadvd +Primary group for the +.Em _rtadvd +pseudo-user used by the +.Xr rtadvd 8 +IPv6 network router advertisement daemon. +.It Em guest +Guest users, in contrast to staff or regular users. +Not used by +.Nx ; +available for the administrator's interpretation. +.It Em _unbound +Primary group for the +.Em _unbound +pseudo-user used by the +.Xr unbound 8 +recursive DNS resolver. +.It Em _nsd +Primary group for the +.Em _nsd +pseudo-user used by the +.Xr nsd 8 +authoritative DNS nameserver. +.It Em nvmm +Users authorized to use the +.Xr nvmm 4 +.Nx +Virtual Machine Monitor. +.It Em nobody +Primary group for the traditional +.Em nobody +pseudo-user. +Modern practice is to assign to each different daemon its own separate +pseudo-user account and group so that if one daemon is compromised it +does not compromise all the other daemons. +.It Em utmp +Group of +.Xr utmp 5 +login records. +.\" Why? +.It Em authpf +Used by the set-group-id +.Pq Xr setuid 7 +program +.Xr authpf 8 +to configure authenticated gateways. +.\" Does it actually use the sgid bit? It's also suid root... +.It Em users +Regular users, in contrast to staff or guest users. +.Pp +Default primary group for new users, as set in the default +.Xr usermgmt.conf 5 +file. +Some administrators may instead prefer to assign to each user a unique +group with the same name as the user by passing the +.So +.Fl g Cm "=uid" +.Sc +option to +.Xr useradd 8 . +.It Em dialer +Users authorized to make outgoing modem calls. +Unused in modern +.Nx . +.It Em nogroup +Pseudo-group. +.\" For...? +.El +.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" +.Sh SEE ALSO +.Xr users 7 |