CVS commit: src

Tue, 25 Feb 2020 23:32:45 -0800 

Module Name:    src
Committed By:   riastradh
Date:           Wed Feb 26 07:31:51 UTC 2020

Modified Files:
        src/distrib/sets/lists/man: mi
        src/share/man/man7: Makefile intro.7
Added Files:
        src/share/man/man7: groups.7 users.7

Log Message:
Draft man pages for the standard users and groups.

These are currently listed in order of uid because I went through
src/etc/group and src/etc/master.passwd line by line, and sorting any
other way after the fact -- like lexicographically, how it should be
-- was kinda inconvenient.

Feel free to sort, add information, add historical references,
correct any mistakes, &c., so that these remain living documents
describing NetBSD's standard users and groups and practices around
them.


To generate a diff of this commit:
cvs rdiff -u -r1.1680 -r1.1681 src/distrib/sets/lists/man/mi
cvs rdiff -u -r1.33 -r1.34 src/share/man/man7/Makefile
cvs rdiff -u -r0 -r1.1 src/share/man/man7/groups.7 src/share/man/man7/users.7
cvs rdiff -u -r1.26 -r1.27 src/share/man/man7/intro.7

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/distrib/sets/lists/man/mi
diff -u src/distrib/sets/lists/man/mi:1.1680 src/distrib/sets/lists/man/mi:1.1681
--- src/distrib/sets/lists/man/mi:1.1680	Sun Feb  9 16:06:17 2020
+++ src/distrib/sets/lists/man/mi	Wed Feb 26 07:31:51 2020
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.1680 2020/02/09 16:06:17 jmcneill Exp $
+# $NetBSD: mi,v 1.1681 2020/02/26 07:31:51 riastradh Exp $
 #
 # Note: don't delete entries from here - mark them as "obsolete" instead.
 #
@@ -5403,6 +5403,7 @@
 ./usr/share/man/html7/editline.html		man-sys-htmlman		html
 ./usr/share/man/html7/environ.html		man-reference-htmlman	html
 ./usr/share/man/html7/glob.html			man-reference-htmlman	html
+./usr/share/man/html7/groups.html		man-reference-htmlman	html
 ./usr/share/man/html7/hier.html			man-reference-htmlman	html
 ./usr/share/man/html7/hostname.html		man-reference-htmlman	html
 ./usr/share/man/html7/intro.html		man-reference-htmlman	html
@@ -5436,6 +5437,7 @@
 ./usr/share/man/html7/symlink.html		man-reference-htmlman	html
 ./usr/share/man/html7/sysctl.html		man-reference-htmlman	html
 ./usr/share/man/html7/tests.html		man-reference-htmlman	html
+./usr/share/man/html7/users.html		man-reference-htmlman	html
 ./usr/share/man/html7/zpool-features.html	man-zfs-htmlman		zfs,html
 ./usr/share/man/html8/MAKEDEV.html		man-sysutil-htmlman	html
 ./usr/share/man/html8/MAKEDEV.local.html	man-sysutil-htmlman	html
@@ -8460,6 +8462,7 @@
 ./usr/share/man/man7/editline.7			man-sys-man		.man
 ./usr/share/man/man7/environ.7			man-reference-man	.man
 ./usr/share/man/man7/glob.7			man-reference-man	.man
+./usr/share/man/man7/groups.7			man-reference-man	.man
 ./usr/share/man/man7/hier.7			man-reference-man	.man
 ./usr/share/man/man7/hostname.7			man-reference-man	.man
 ./usr/share/man/man7/intro.7			man-reference-man	.man
@@ -8496,6 +8499,7 @@
 ./usr/share/man/man7/symlink.7			man-reference-man	.man
 ./usr/share/man/man7/sysctl.7			man-reference-man	.man
 ./usr/share/man/man7/tests.7			man-reference-man	.man
+./usr/share/man/man7/users.7			man-reference-man	.man
 ./usr/share/man/man7/zpool-features.7		man-zfs-man		zfs,.man
 ./usr/share/man/man8/MAKEDEV.8			man-sysutil-man		.man
 ./usr/share/man/man8/MAKEDEV.local.8		man-sysutil-man		.man

Index: src/share/man/man7/Makefile
diff -u src/share/man/man7/Makefile:1.33 src/share/man/man7/Makefile:1.34
--- src/share/man/man7/Makefile:1.33	Mon May 28 00:18:06 2018
+++ src/share/man/man7/Makefile	Wed Feb 26 07:31:51 2020
@@ -1,14 +1,14 @@
-#	$NetBSD: Makefile,v 1.33 2018/05/28 00:18:06 nat Exp $
+#	$NetBSD: Makefile,v 1.34 2020/02/26 07:31:51 riastradh Exp $
 #	@(#)Makefile	8.1 (Berkeley) 6/5/93
 
 .include <bsd.init.mk>
 
 # missing: eqnchar.7 man.7 ms.7 term.7
 
-MAN=	ascii.7 c.7 environ.7 glob.7 hier.7 hostname.7 intro.7 mailaddr.7 \
-	module.7 nls.7 operator.7 orders.7 pkgsrc.7 release.7  rfc6056.7 \
-	security.7 script.7 setuid.7 signal.7 src.7 sticky.7 symlink.7 \
-	sysctl.7 tests.7
+MAN=	ascii.7 c.7 environ.7 glob.7 groups.7 hier.7 hostname.7 intro.7 \
+	mailaddr.7 module.7 nls.7 operator.7 orders.7 pkgsrc.7 release.7 \
+	rfc6056.7 security.7 script.7 setuid.7 signal.7 src.7 sticky.7 \
+	symlink.7 sysctl.7 tests.7 users.7
 
 CLEANFILES=	tests.7
 .if ${MKKYUA} != "no"

Index: src/share/man/man7/intro.7
diff -u src/share/man/man7/intro.7:1.26 src/share/man/man7/intro.7:1.27
--- src/share/man/man7/intro.7:1.26	Mon May 28 00:18:06 2018
+++ src/share/man/man7/intro.7	Wed Feb 26 07:31:51 2020
@@ -1,4 +1,4 @@
-.\"	$NetBSD: intro.7,v 1.26 2018/05/28 00:18:06 nat Exp $
+.\"	$NetBSD: intro.7,v 1.27 2020/02/26 07:31:51 riastradh Exp $
 .\"
 .\" Copyright (c) 1983, 1990, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -48,6 +48,10 @@ user environment
 shell-style pattern matching
 .\" .It Sy eqnchar
 .\" special character definitions for eqn
+.It Xr groups 7
+standard
+.Nx
+group names
 .It Xr hier 7
 file system hierarchy in
 .Nx
@@ -110,6 +114,10 @@ system information variables in
 test suite
 .\" .It Sy term
 .\" conventional names for terminals
+.It Xr users 7
+standard
+.Nx
+user account names
 .El
 .Sh HISTORY
 The

Added files:

Index: src/share/man/man7/groups.7
diff -u /dev/null src/share/man/man7/groups.7:1.1
--- /dev/null	Wed Feb 26 07:31:51 2020
+++ src/share/man/man7/groups.7	Wed Feb 26 07:31:51 2020
@@ -0,0 +1,325 @@
+.\"	$NetBSD: groups.7,v 1.1 2020/02/26 07:31:51 riastradh Exp $
+.\"
+.\" Copyright (c) 2020 The NetBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd February 25, 2020
+.Dt GROUPS 5
+.Os
+.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
+.Sh NAME
+.Nm groups
+.Nd standard group names
+.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
+.Sh DESCRIPTION
+A standard
+.Nx
+installation has the following user group names:
+.\" These are currently sorted by gid; perhaps they should be sorted
+.\" lexicographically by name instead.
+.Bl -tag -width "_tcpdump"
+.It Em wheel
+Users authorized to elevate themselves to the super-user privileges of
+the root user, meaning uid 0.
+Normally the
+.Em wheel
+group has gid 0.
+.Pp
+Users who are not in the group
+.Em wheel
+are never allowed by
+.Xr su 8
+to gain root privileges.
+.It Em daemon
+Used by the set-group-id
+.Pq Xr setuid 7
+programs
+.Xr lpq 8 ,
+.Xr lpr 8 ,
+and
+.Xr lprm 8 .
+.\" Unclear why.  Maybe used to be used by uucp stuff too, since
+.\" /var/spool/lock ownership is uucp:daemon?
+.It Em sys
+Historic group.
+Unused in modern
+.Nx .
+.It Em tty
+Used by the set-group-id
+.Pq Xr setuid 7
+programs
+.Xr wall 8
+and
+.Xr write 1
+to allow users to send messages to another tty even if they don't own
+it.
+Static tty device nodes in
+.Pa /dev
+are all in the group
+.Em tty ,
+and the
+.Xr mount_ptyfs 8
+program passes the gid of the
+.Em tty
+group to the kernel so that all nodes in
+.Pa /dev/pts
+or equivalent are in the group too.
+.It Em operator
+Users authorized to take backups of disk devices and shut down the
+machine.
+.Pp
+The disk device nodes in
+.Pa /dev
+such as
+.Pa /dev/rwd0a
+are in the group
+.Em operator
+and group-readable so users in the group can read from disk devices,
+for example with
+.Xr dump 8 .
+The tape device nodes in
+.Pa /dev
+such as
+.Pa /dev/rst0
+are in the group
+.Em operator
+and are both group-readable and group-writable so users in the group
+can write to tape devices.
+.Pp
+The
+.Xr shutdown 8
+program is executable only by root and members of the
+.Em operator
+group.
+.It Em mail
+Historic group.
+Unused in modern
+.Nx .
+.\" Is this true?  Hard to grep for this in src...
+.It Em bin
+Historic group.
+Unused in modern
+.Nx .
+.It Em wsrc
+Historic group.
+Unused in modern
+.Nx .
+.\" Actually it seems to be used in the set lists somehow, but it's
+ \" unclear to me how what the significance is.
+.It Em maildrop
+Used by the set-group-id
+.Pq Xr setuid 7
+programs
+.Xr postdrop 8
+and
+.Xr postqueue 8
+to submit to and examine the
+.Xr postfix 8
+mail queue at
+.Pa /var/spool/postfix/maildrop
+and
+.Pa /var/spool/postfix/public .
+.It Em postfix
+Primary group for the
+.Em postfix
+pseudo-user used by the
+.Xr postfix 8
+mail transfer agent.
+.\" Why are various subdirectories of /var/spool/postfix owned by
+.\" postfix:wheel and not postfix:postfix?
+.It Em games
+Used by various set-group-id
+.Pq Xr setuid 7
+games to maintain high-scores files and other common files in
+.Pa /var/games .
+.It Em named
+Primary group for the
+.Em named
+pseudo-user used by the
+.Xr named 8
+DNS nameserver daemon.
+.It Em ntpd
+Primary group for the
+.Em named
+pseudo-user used by the
+.Xr ntpd 8
+network time protocol daemon.
+.It Em sshd
+Primary group for the
+.Em sshd
+pseudo-user used by the
+.Xr sshd 8
+secure shell daemon.
+.It Em _pflogd
+Primary group for the
+.Em _pflogd
+pseudo-user used by the
+.Xr pflogd 8
+log daemon with the
+.Xr pf 4
+packet filter.
+.It Em _rwhod
+Primary group for the
+.Em _rwhod
+pseudo-user used by the
+.Xr rwhod 8
+system status daemon.
+.It Em staff
+Staff users, in contrast to regular or guest users.
+Not used by
+.Nx ;
+available for the administrator's interpretation.
+.It Em _proxy
+Primary group for the
+.Em _proxy
+pseudo-user used by the
+.Xr ftp-proxy 8
+and
+.Xr tftp-proxy 8
+proxy daemons with packet filters such as
+.Xr pf 4
+or
+.Xr ipnat 4 .
+.It Em _timedc
+Primary group for the
+.Em _timedc
+pseudo-user used by the
+.Xr timedc 8
+tool to communicate with the
+.Xr timed 8
+time server daemon.
+.It Em _sdpd
+Primary group for the
+.Em _sdpd
+pseudo-user used by the
+.Xr sdpd 8
+Bluetooth service discovery protocol daemon.
+.It Em _httpd
+Primary group for the
+.Em _httpd
+pseudo-user used by the
+.Xr httpd 8 Pq bozohttpd
+web server.
+.It Em _mdnsd
+Primary group for the
+.Em _mdnsd
+pseudo-user used by the
+.Xr mdnsd 8
+multicast DNS and DNS service discovery daemon.
+.It Em _tests
+Primary group for the
+.Em _tests
+pseudo-user used by
+.Xr atf 7
+automatic tests that request to run unprivileged.
+.It Em _tcpdump
+Primary group for the
+.Em _tcpdump
+pseudo-user used by the
+.Xr tcpdump 8
+network traffic dumper and analyzer.
+.It Em _tss
+Primary group for the
+.Em _tss
+pseudo-user used by the
+.Xr tcsd 8
+.Sq Trusted Computing
+daemon TPM to manage a TPM.
+.It Em _gpio
+Users authorized to read and write GPIO pins; see
+.Xr gpio 4
+and
+.Xr gpioctl 8 .
+.It Em _rtadvd
+Primary group for the
+.Em _rtadvd
+pseudo-user used by the
+.Xr rtadvd 8
+IPv6 network router advertisement daemon.
+.It Em guest
+Guest users, in contrast to staff or regular users.
+Not used by
+.Nx ;
+available for the administrator's interpretation.
+.It Em _unbound
+Primary group for the
+.Em _unbound
+pseudo-user used by the
+.Xr unbound 8
+recursive DNS resolver.
+.It Em _nsd
+Primary group for the
+.Em _nsd
+pseudo-user used by the
+.Xr nsd 8
+authoritative DNS nameserver.
+.It Em nvmm
+Users authorized to use the
+.Xr nvmm 8
+.Nx
+Virtual Machine Monitor.
+.It Em nobody
+Primary group for the traditional
+.Em nobody
+pseudo-user.
+Modern practice is to assign to each different daemon its own separate
+pseudo-user account and group so that if one daemon is compromised it
+does not compromise all the other daemons.
+.It Em utmp
+Group of
+.Xr utmp 5
+login records.
+.\" Why?
+.It Em authpf
+Used by the set-group-id
+.Pq Xr setuid 7
+program
+.Xr authpf 8
+to configure authenticated gateways.
+.\" Does it actually use the sgid bit?  It's also suid root...
+.It Em users
+Regular users, in contrast to staff or guest users.
+.Pp
+Default primary group for new users, as set in the default
+.Xr usermgmt.conf 5
+file.
+Some administrators may instead prefer to assign to each user a unique
+group with the same name as the user by passing the
+.So
+.Fl g
+.Ar "=uid"
+.Sc
+option to
+.Xr useradd 8 .
+.It Em dialer
+Users authorized to make outgoing modem calls.
+Unused in modern
+.Nx .
+.It Em nogroup
+Pseudo-group.
+.\" For...?
+.El
+.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
+.Sh SEE ALSO
+.Xr users 7
Index: src/share/man/man7/users.7
diff -u /dev/null src/share/man/man7/users.7:1.1
--- /dev/null	Wed Feb 26 07:31:51 2020
+++ src/share/man/man7/users.7	Wed Feb 26 07:31:51 2020
@@ -0,0 +1,202 @@
+.\"	$NetBSD: users.7,v 1.1 2020/02/26 07:31:51 riastradh Exp $
+.\"
+.\" Copyright (c) 2020 The NetBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd February 25, 2020
+.Dt USERS 5
+.Os
+.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
+.Sh NAME
+.Nm users
+.Nd standard user account names
+.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
+.Sh DESCRIPTION
+A standard
+.Nx
+installation has the following user account names:
+.\" These are currently sorted by uid; perhaps they should be sorted
+.\" lexicographically by name instead.
+.Bl -tag -width "_tcpdump"
+.It Em root
+The super-user, uid 0, with the highest administrative privileges.
+Normally not used for login directly, only via
+.Xr su 8
+or equivalent by users in the
+.Em wheel
+group; see
+.Xr groups 7 .
+.Pp
+Secondary groups:
+.Em guest ,
+.Em kmem ,
+.Em nvmm ,
+.Em operator ,
+.Em staff ,
+.Em sys ,
+.Em tty .
+.It Em toor
+Like
+.Em root ,
+this is the super-user with uid 0, but with no secondary group
+memberships.
+.Pp
+Historically,
+.Em root
+had a login shell of
+.Pa /bin/csh
+while
+.Em toor
+had a login shell of
+.Pa /bin/sh .
+However, today both default to
+.Pa /bin/sh .
+This user account name is not used for anything in
+.Nx ;
+it is purely a convenience for actual users.
+.\" Maybe we should just remove this.
+.It Em daemon
+Historic user for general daemonic activity.
+.Pp
+Owner of
+.Pa /var/msgs ;
+see
+.Xr msgs 1 .
+Used only by
+.Xr rpcbind 8 ,
+with the
+.Fl s
+flag.
+.It Em operator
+Historic user.
+Unused in modern
+.Nx .
+.It Em bin
+Historic user.
+Unused in modern
+.Nx .
+.It Em games
+Owner of high-score files and other shared files for games.
+.It Em postfix
+Pseudo-user for use by the
+.Xr postfix 8
+mail transfer agent.
+.It Em named
+Pseudo-user for use by the
+.Xr named 8
+DNS nameserver daemon.
+.It Em ntpd
+Pseudo-user for use by the
+.Xr ntpd 8
+network time protocol daemon.
+.It Em sshd
+Pseudo-user for use by the
+.Xr sshd 8
+secure shell daemon.
+.It Em _pflogd
+Pseudo-user for use by the
+.Xr pflogd 8
+log daemon with the
+.Xr pf 4
+packet filter.
+.It Em _rwhod
+Pseudo-user for use by the
+.Xr rwhod 8
+system status daemon.
+.It Em _proxy
+Pseudo-user for use by the
+.Xr ftp-proxy 8
+and
+.Xr tftp-proxy 8
+proxy daemons with packet filters such as
+.Xr pf 4
+or
+.Xr ipnat 4 .
+.It Em _timedc
+Pseudo-user for use by the
+.Xr timedc 8
+tool to communicate with the
+.Xr timed 8
+time server daemon.
+.It Em _sdpd
+Pseudo-user for use by the
+.Xr sdpd 8
+Bluetooth service discovery protocol daemon.
+.It Em _httpd
+Pseudo-user for use by the
+.Xr httpd 8 Pq bozohttpd
+web server.
+.It Em _mdnsd
+Pseudo-user for use by the
+.Xr mdnsd 8
+multicast DNS and DNS service discovery daemon.
+.It Em _tests
+Pseudo-user for use by
+.Xr atf 7
+automatic tests that request to run unprivileged.
+Default value for the
+.Sq unprivileged-user
+configuration variable; see
+.Xr tests 7 .
+.It Em _tcpdump
+Pseudo-user for use by the
+.Xr tcpdump 8
+network traffic dumper and analyzer.
+.It Em _tss
+Pseudo-user for use by the
+.Xr tcsd 8
+.Sq Trusted Computing
+daemon TPM to manage a TPM.
+.It Em _rtadvd
+Pseudo-user for use by the
+.Xr rtadvd 8
+IPv6 network router advertisement daemon.
+.It Em _unbound
+Pseudo-user for the
+.Xr unbound 8
+recursive DNS resolver.
+.It Em _nsd
+Pseudo-user for the
+.Xr nsd 8
+authoritative DNS nameserver.
+.It Em uucp
+Pseudo-user for use by historic UUCP software, available now in
+.Xr pkgsrc 7 .
+.It Em nobody
+Traditional pseudo-user used for dropping privileges.
+Modern practice is to assign to each different daemon its own separate
+pseudo-user account and group so that if one daemon is compromised it
+does not compromise all the other daemons.
+.El
+.Pp
+All new standard
+.Nx
+pseudo-user account names should begin with an underscore
+.Sq "_"
+to distinguish them from accounts that real users might add, and should
+have a primary group of the same name; real users should accordingly
+avoid such account names.
+.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
+.Sh SEE ALSO
+.Xr groups 7

Reply via email to