GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
* Sign Up! *

Support
Customer Portal
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
GROUPS(7) FreeBSD Miscellaneous Information Manual GROUPS(7)

groupsstandard group names

A standard FreeBSD installation has the following user group names:

Users authorized to elevate themselves to the super-user privileges of the root user, meaning uid 0. Normally the wheel group has gid 0.

Users who are not in the group wheel are never allowed by su(1) to gain root privileges.

Used by the set-group-id programs lpr(1) and rwho(1).
Used by the set-group-id programs (like ktrdump(8)) that need to access kernel memory (/dev/mem and /dev/kmem are in the group kmem). See mem(4).
Historic group. Unused in modern FreeBSD.
Used by the set-group-id programs wall(1) and write(1) to allow users to send messages to another tty even if they don't own it (static tty device nodes /dev/pts/* are all in the group tty). See tty(4).
Users authorized to take backups of disk devices and shut down the machine.

The disk device nodes (such as /dev/ada0) are in the group operator and group-readable so users in the group can read from disk devices, for example with dump(8). The tape device nodes (such as /dev/sa0) are in the group operator and are both group-readable and group-writable so users in the group can write to tape devices.

The shutdown(8) program is executable only by root and members of the operator group.

Used by mail agents (like dma(8)).

By default, root mail (/var/mail/root) is in the mail group.

Historic group. Unused in modern FreeBSD.
Historic group. Unused in modern FreeBSD.
Historic group; used to be used for managing manual pages (see man(1)).
Used by various set-group-id games to maintain high-scores files and other common files in /var/games. The members of this group are also allowed to access /dev/input/event* device nodes (see hgame(4)). See also intro(6).
Used to be used by sysinstall(8) (which is now replaced with bsdinstall(8)) for setting up anonymous FTP. Unused in modern FreeBSD.
Staff users, in contrast to guest users (see guest group). Not used by FreeBSD; available for the administrator's interpretation. See security(7) for some recommendations on managing accounts in staff group.
Primary group for the sshd pseudo-user used by the sshd(8) secure shell daemon.
Primary group for user smmsp, which is used by sendmail(8) if no non-root users were configured for running it.

The name of the group means "SendMail Message Submission Program".

Used by electronic mail transport agent sendmail(8) as group for its default user mailnull.
Guest users, in contrast to staff users (see staff group). Not used by FreeBSD; available for the administrator's interpretation.
Used for access to /dev/drm/* devices, which are used for GPU hardware acceleration. See drm(7).
Used by mac_priotiry(4) to allow members of this group to run threads and processes with realtime scheduling priority. See also rtprio(1).
Used by mac_priority(4) to allow members of this group to run processes with idle scheduling priority. See also idprio(1).
Used to be used as primary group for the bind pseudo-user used by named(8) Internet domain name server, which has been removed from the base system in FreeBSD 10.0.
Primary group for the unbound pseudo-user used by the local-unbound(8) recursive DNS resolver.
Primary group for the proxy pseudo-user used by the ftp-proxy(8) proxy daemon with packet filters such as pf(4).
Used by the set-group-id program authpf(8) to configure authenticated gateways.
Primary group for the _pflogd pseudo-user used by the pflogd(8) log daemon with the pf(4) packet filter.
Primary group for the _dhcp pseudo-user used by the dhclient(8) DHCP Client.
Users authorized to make outgoing modem calls (see cu(1) and /dev/cuauN devices).
Historic group. Unused in modern FreeBSD.
Primary group for the pseudo-user used by auditd(8) and auditdistd(8) audit daemons.
Historic group for accessing World Wide Web. Unused in modern FreeBSD.
Used for users who need to access /dev/u2f/* devices (see u2f(4)).
Primary group for the ntpd pseudo-user used by the ntpd(8) network time protocol daemon.
Primary group for the _ypldap pseudo-user used by ypldap(8) daemon.
Primary group for the hast pseudo-user used by Highly Available Storage daemon hastd(8).
Primary group for the tests pseudo-user used by automatic tests that request to run unprivileged. See tests(7).
Pseudo-group (fake group). It differs from group nobody in way that nogroup doesn't have a dedicated user for it. For instance, this group is used for users tty and kmem.
Primary group for the traditional nobody pseudo-user. Modern practice is to assign to each different daemon its own separate pseudo-user account and group so that if one daemon is compromised it does not compromise all the other daemons.

See also group nogroup.

/etc/group
Main group permissions file.
/usr/src/etc/group
Group permissions file for the base system.
/usr/ports/GIDs
A list of GIDs (group IDs) reserved for ports (see ports(7)).

See group(5) for the format of abovementioned files.

chgrp(1), groups(1), id(1), newgrp(1), group(5), pw(8)

The groups manual page appeared in NetBSD 10.0 and FreeBSD 15.1.

April 19, 2026 FreeBSD 15.1-RELEASE
Search for    or go to Top of page |  Section 7 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.