A Debian GNU/Linux system creates some standard groups and users. The
system administrator can also create new users and may also create new
groups. Groups can be managed using the Gnome users-admin
tool, accessed from Applications->System Tools->Users and Groups. By
default this shows only users, but you can access groups by selecting
the More Options button. This allows you to add new groups
and to add and remove users from groups.
Listed below are some standard groups and users. Refer to
/usr/share/doc/base-passwd/users-and-groups.html on your
local system for further details.
| Group |
gid |
Description |
| root |
0 |
The root (admin) user's primary group. |
| daemon |
1 |
Non-root daemons. |
| bin |
2 |
Historical but required by some programs. |
| sys |
3 |
Historical but required by some programs. |
| adm |
4 |
Access /var/log to monitor system. Private data (passwords) may exist. |
| tty |
5 |
Access /dev/tty terminal devices by e.g., write and wall. |
| disk |
6 |
The disk device nodes are group accessible to disk so
that programs that need access to them will set their group ID to be
disk. This group has write access to all the raw disk
devices (/dev/hd* and /dev/sd*), so assigning users to group
disk is both dangerous and a security risk. |
| lp |
7 |
Access lp (printer) daemon jobs without being root. |
| mail |
8 |
mailbox spool directories belong to group mail, MUA software runs
setgid mail. This makes dot locking possible. Also, mailboxes must be
writeable by group mail (Policy Manual, 3.1.1.1, 5.6). |
| news |
9 |
standard group for user news. Why does news have its own group, and
many of the other daemon uids don't? |
| uucp |
10 |
Access uucp jobs. |
| proxy |
13 |
web cache files are group accessible to proxy. |
| kmem |
15 |
/proc/kmem is group accessible to kmem. Programs that need access are
sgid kmem. |
| dialout |
20 |
ppp- and isdn device nodes are group accessible to dialout. Include
users allowed to initiate dialout in this group. |
| fax |
21 |
fax jobs are group accessible to fax. |
| voice |
22 |
voice messages are group accessible to voice (vgetty) |
| cdrom |
24 |
The cdrom group is used to control who can access the
CD-ROM. |
| floppy |
25 |
|
| tape |
26 |
for device nodes. Include users allowed to access these in the
appropriate groups. |
| sudo |
27 |
|
| audio |
29 |
for device nodes. Include users allowed to access sound in this group |
| dip |
30 |
For daemons running under their own uid/gid. Why are these static? |
| majordom |
30 |
For daemons running under their own uid/gid. Why are these static? |
| postgres |
32 |
For daemons running under their own uid/gid. Why are these static? |
| www-data |
33 |
This has been discussed in the past, and the discussion is not finally
finished. Today, www data files belong to this group and the web
servers run with that group, thus being able to write the files.
This has been considered a security hole, but was not yet changed. |
| backup |
34 |
|
| msql |
36 |
For daemons running under their own uid/gid. Why are these static? |
| operator |
37 |
|
| list |
38 |
|
| irc |
39 |
For daemons running under their own uid/gid. Why are these
static? |
| src |
40 |
This group is intended for users who need to access source
code, including files in /usr/src. Users in this group can thus manage
system source code. Also, this group is the default group for
access to the CSV repository in /var/lib/csv. |
| gnats |
41 |
For daemons running under their own uid/gid. Why are these static? |
| shadow |
42 |
Programs that should be able to access the shadow passwords are sgid
shadow.
|
| utmp |
43 |
Programs that should be able to access utmp are sgid utmp. |
| video |
44 |
|
| staff |
50 |
This group is used to control access to
/usr/local. Add users to this if they should be
able to write to /usr/local and
/var/local. |
| games |
60 |
games that store user independent high score values in /var/lib/games
are sgid games |
| qmail |
70 |
used for qmail |
| users |
100 |
All users belong to this group. Place files that all users
should have access to in this group. |
