User & Group Names

Below is a table of required mnemonic user and group names. This specification makes no attempt to numerically assign uid or gid numbers. The exception is the uid and gid for "root" which are equal to 0.

Table 17-1. Required User & Group Names

UserGroupComments
rootrootAdministrative user with no restrictions
binbinLegacy UID/GID[a]
daemondaemonLegacy UID/GID[b]
Notes:
a. The 'bin' UID/GID is included for compatibility with legacy applications. New applications should no longer use the 'bin' UID/GID.
b. The 'daemon' UID/GID was used as an unprivileged UID/GID for daemons to execute under in order to limit their access to the system. Generally daemons should now run under individual UID/GIDs in order to further partition daemons from one another.

Below is a table of optional mnemonic user and group names. This specification makes no attempt to numerically assign uid or gid numbers. If the username exists on a system, then they should be in the suggested corresponding group. These user and group names are for use by distributions, not by applications.

Table 17-2. Optional User & Group Names

UserGroupComments
admadmAdministrative special privileges
lplpPrinter special privileges
syncsyncLogin to sync the system
shutdownshutdownLogin to shutdown the system
halthaltLogin to halt the system
mailmailMail special privileges
newsnewsNews special privileges
uucpuucpUUCP special privileges
operatorrootOperator special privileges
manmanMan special privileges
nobodynobodyUsed by NFS

The differences in numeric values of the uids and gids between systems on a network can be reconciled via NIS, rdist(1), rsync(1), or ugidd(8). Only a minimum working set of "user names" and their corresponding "user groups" are required. Applications cannot assume non system user or group names will be defined.

Applications cannot assume any policy for the default umask or the default directory permissions a user may have. Applications should enforce user only file permissions on private files such as mailboxes. The location of the users home directory is also not defined by policy other than the recommendations of the FHS and must be obtained by the *pwnam(3) calls.