1 files changed, 206 insertions, 0 deletions
diff --git a/static/netbsd/man7/users.7 b/static/netbsd/man7/users.7
new file mode 100644
index 00000000..345a5ed6
--- /dev/null
+++ b/static/netbsd/man7/users.7
@@ -0,0 +1,206 @@
+.\"	$NetBSD: users.7,v 1.5 2020/04/02 20:57:20 roy Exp $
+.\"
+.\" Copyright (c) 2020 The NetBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd April 2, 2020
+.Dt USERS 7
+.Os
+.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
+.Sh NAME
+.Nm users
+.Nd standard user account names
+.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
+.Sh DESCRIPTION
+A standard
+.Nx
+installation has the following user account names:
+.\" These are currently sorted by uid; perhaps they should be sorted
+.\" lexicographically by name instead.
+.Bl -tag -width ".Em _tcpdump"
+.It Em root
+The super-user, uid 0, with the highest administrative privileges.
+Normally not used for login directly, only via
+.Xr su 1
+or equivalent by users in the
+.Em wheel
+group; see
+.Xr groups 7 .
+.Pp
+Secondary groups:
+.Em guest ,
+.Em kmem ,
+.Em nvmm ,
+.Em operator ,
+.Em staff ,
+.Em sys ,
+.Em tty .
+.It Em toor
+Like
+.Em root ,
+this is the super-user with uid 0, but with no secondary group
+memberships.
+.Pp
+Historically,
+.Em root
+had a login shell of
+.Pa /bin/csh
+while
+.Em toor
+had a login shell of
+.Pa /bin/sh .
+However, today both default to
+.Pa /bin/sh .
+This user account name is not used for anything in
+.Nx ;
+it is purely a convenience for actual users.
+.\" Maybe we should just remove this.
+.It Em daemon
+Historic user for general daemonic activity.
+.Pp
+Owner of
+.Pa /var/msgs ;
+see
+.Xr msgs 1 .
+Used only by
+.Xr rpcbind 8 ,
+with the
+.Fl s
+flag.
+.It Em operator
+Historic user.
+Unused in modern
+.Nx .
+.It Em bin
+Historic user.
+Unused in modern
+.Nx .
+.It Em games
+Owner of high-score files and other shared files for games.
+.It Em postfix
+Pseudo-user for use by the
+.Xr postfix 1
+mail transfer agent.
+.It Em named
+Pseudo-user for use by the
+.Xr named 8
+DNS nameserver daemon.
+.It Em ntpd
+Pseudo-user for use by the
+.Xr ntpd 8
+network time protocol daemon.
+.It Em sshd
+Pseudo-user for use by the
+.Xr sshd 8
+secure shell daemon.
+.It Em _pflogd
+Pseudo-user for use by the
+.Xr pflogd 8
+log daemon with the
+.Xr pf 4
+packet filter.
+.It Em _rwhod
+Pseudo-user for use by the
+.Xr rwhod 8
+system status daemon.
+.It Em _proxy
+Pseudo-user for use by the
+.Xr ftp-proxy 8
+and
+.Xr tftp-proxy 8
+proxy daemons with packet filters such as
+.Xr pf 4
+or
+.Xr ipnat 4 .
+.It Em _timedc
+Pseudo-user for use by the
+.Xr timedc 8
+tool to communicate with the
+.Xr timed 8
+time server daemon.
+.It Em _sdpd
+Pseudo-user for use by the
+.Xr sdpd 8
+Bluetooth service discovery protocol daemon.
+.It Em _httpd
+Pseudo-user for use by the
+.Xr httpd 8 Pq bozohttpd
+web server.
+.It Em _mdnsd
+Pseudo-user for use by the
+.Xr mdnsd 8
+multicast DNS and DNS service discovery daemon.
+.It Em _tests
+Pseudo-user for use by
+.Xr atf 7
+automatic tests that request to run unprivileged.
+Default value for the
+.Sq unprivileged-user
+configuration variable; see
+.Xr tests 7 .
+.It Em _tcpdump
+Pseudo-user for use by the
+.Xr tcpdump 8
+network traffic dumper and analyzer.
+.It Em _tss
+Pseudo-user for use by the
+.Xr tcsd 8
+.Sq Trusted Computing
+daemon TPM to manage a TPM.
+.It Em _dhcpcd
+Pseudo-user for use by the
+.Xr dhcpcd 8
+DHCP Client Daemon.
+.It Em _rtadvd
+Pseudo-user for use by the
+.Xr rtadvd 8
+IPv6 network router advertisement daemon.
+.It Em _unbound
+Pseudo-user for the
+.Xr unbound 8
+recursive DNS resolver.
+.It Em _nsd
+Pseudo-user for the
+.Xr nsd 8
+authoritative DNS nameserver.
+.It Em uucp
+Pseudo-user for use by historic UUCP software, available now in
+.Xr pkgsrc 7 .
+.It Em nobody
+Traditional pseudo-user used for dropping privileges.
+Modern practice is to assign to each different daemon its own separate
+pseudo-user account and group so that if one daemon is compromised it
+does not compromise all the other daemons.
+.El
+.Pp
+All new standard
+.Nx
+pseudo-user account names should begin with an underscore
+.Sq "_"
+to distinguish them from accounts that real users might add, and should
+have a primary group of the same name; real users should accordingly
+avoid such account names.
+.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
+.Sh SEE ALSO
+.Xr groups 7