Go to TogaWare.com Home Page.
GNU/Linux Desktop Survival Guide
by Graham Williams
Google

Standard Groups


We list below the standard groups and users, but the reader is referred to /usr/share/doc/base-passwd/users-and-groups.html for further details.

Group gid Description
root 0 This is root's primary group.
daemon 1 A group for non-root daemons.
bin 2 This group exists for historical reasons and some programs won't run without it.
sys 3 This group exists for historical reasons and some programs won't run without it.
adm 4 Most of the log files (in /var/log) are group readable by users who belong to his group. You can add users who need to monitor such log files to this group. Note though that sometimes private information can be accidentally included in logs, like passwords when connecting via PPP over a Modem. This should not happen (the scripts that write the logs should identify these as not being echoed) but the potential for mistakes is there.
tty 5 The terminal devices with names beginning with /dev/tty are group accessible to group tty. Programs such as write and wall need access to /dev/tty and they set their group id (sgid) to tty.
disk 6 The disk device nodes are group accessible to disk so that programs that need access to them will set their group ID to be disk. This group has write access to all the raw disk devices (/dev/hd* and /dev/sd*), so assigning users to group disk is both dangerous and a security risk.
lp 7 Jobs associated with the lp (printer) daemon (lpd) are group accessible to the lp group so that lpd can access them without being root.
mail 8 mailbox spool directories belong to group mail, MUA software runs setgid mail. This makes dot locking possible. Also, mailboxes must be writeable by group mail (Policy Manual, 3.1.1.1, 5.6).
news 9 standard group for user news. Why does news have its own group, and many of the other daemon uids don't?
uucp 10 uucp jobs are group accessible to uucp.
proxy 13 web cache files are group accessible to proxy.
kmem 15 /proc/kmem is group accessible to kmem. Programs that need access are sgid kmem.
dialout 20 ppp- and isdn device nodes are group accessible to dialout. Include users allowed to initiate dialout in this group.
fax 21 fax jobs are group accessible to fax.
voice 22 voice messages are group accessible to voice (vgetty)
cdrom 24 The cdrom group is used to control who can access the CD-ROM.
floppy 25  
tape 26 for device nodes. Include users allowed to access these in the appropriate groups.
sudo 27  
audio 29 for device nodes. Include users allowed to access sound in this group
dip 30 For daemons running under their own uid/gid. Why are these static?
majordom 30 For daemons running under their own uid/gid. Why are these static?
postgres 32 For daemons running under their own uid/gid. Why are these static?
www-data 33 This has been discussed in the past, and the discussion is not finally finished. Today, www data files belong to this group and the web servers run with that group, thus being able to write the files. This has been considered a security hole, but was not yet changed.
backup 34  
msql 36 For daemons running under their own uid/gid. Why are these static?
operator 37  
list 38  
irc 39 For daemons running under their own uid/gid. Why are these static?
src 40 This group is intended for users who need to access source code, including files in /usr/src. Users in this group can thus manage system source code. Also, this group is the default group for access to the CSV repository in /var/lib/csv.
gnats 41 For daemons running under their own uid/gid. Why are these static?
shadow 42 Programs that should be able to access the shadow passwords are sgid shadow.

utmp 43 Programs that should be able to access utmp are sgid utmp.
video 44  
staff 50 This group is used to control access to /usr/local. Add users to this if they should be able to write to /usr/local and /var/local.
games 60 games that store user independent high score values in /var/lib/games are sgid games
qmail 70 used for qmail
users 100 All users belong to this group. Place files that all users should have access to in this group.

Copyright © 1995-2006 [email protected]
Contribue and access the PDF Version