- NetBSD Manual Pages
USERS(7) NetBSD Miscellaneous Information Manual USERS(7)
Powered by man-cgi (2021-06-01).
Maintained for NetBSD
by Kimmo Suominen.
Based on man-cgi by Panagiotis Christias.
users -- standard user account names
A standard NetBSD installation has the following user account names:
root The super-user, uid 0, with the highest administrative privi-
leges. Normally not used for login directly, only via su(1) or
equivalent by users in the wheel group; see groups(7).
Secondary groups: guest, kmem, nvmm, operator, staff, sys, tty.
toor Like root, this is the super-user with uid 0, but with no sec-
ondary group memberships.
Historically, root had a login shell of /bin/csh while toor had
a login shell of /bin/sh. However, today both default to
/bin/sh. This user account name is not used for anything in
NetBSD; it is purely a convenience for actual users.
daemon Historic user for general daemonic activity.
Owner of /var/msgs; see msgs(1). Used only by rpcbind(8), with
the -s flag.
operator Historic user. Unused in modern NetBSD.
bin Historic user. Unused in modern NetBSD.
games Owner of high-score files and other shared files for games.
postfix Pseudo-user for use by the postfix(1) mail transfer agent.
named Pseudo-user for use by the named(8) DNS nameserver daemon.
ntpd Pseudo-user for use by the ntpd(8) network time protocol dae-
sshd Pseudo-user for use by the sshd(8) secure shell daemon.
_pflogd Pseudo-user for use by the pflogd(8) log daemon with the pf(4)
_rwhod Pseudo-user for use by the rwhod(8) system status daemon.
_proxy Pseudo-user for use by the ftp-proxy(8) and tftp-proxy(8) proxy
daemons with packet filters such as pf(4) or ipnat(4).
_timedc Pseudo-user for use by the timedc(8) tool to communicate with
the timed(8) time server daemon.
_sdpd Pseudo-user for use by the sdpd(8) Bluetooth service discovery
_httpd Pseudo-user for use by the httpd(8) (bozohttpd) web server.
_mdnsd Pseudo-user for use by the mdnsd(8) multicast DNS and DNS ser-
vice discovery daemon.
_tests Pseudo-user for use by atf(7) automatic tests that request to
run unprivileged. Default value for the `unprivileged-user'
configuration variable; see tests(7).
_tcpdump Pseudo-user for use by the tcpdump(8) network traffic dumper
_tss Pseudo-user for use by the tcsd(8) `Trusted Computing' daemon
TPM to manage a TPM.
_dhcpcd Pseudo-user for use by the dhcpcd(8) DHCP Client Daemon.
_rtadvd Pseudo-user for use by the rtadvd(8) IPv6 network router adver-
_unbound Pseudo-user for the unbound(8) recursive DNS resolver.
_nsd Pseudo-user for the nsd(8) authoritative DNS nameserver.
uucp Pseudo-user for use by historic UUCP software, available now in
nobody Traditional pseudo-user used for dropping privileges. Modern
practice is to assign to each different daemon its own separate
pseudo-user account and group so that if one daemon is compro-
mised it does not compromise all the other daemons.
All new standard NetBSD pseudo-user account names should begin with an
underscore `_' to distinguish them from accounts that real users might
add, and should have a primary group of the same name; real users should
accordingly avoid such account names.
NetBSD 10.99 April 2, 2020 NetBSD 10.99