users —
standard user account names
A standard NetBSD installation has the following user
  account names:
  - root
- The super-user, uid 0, with the highest administrative privileges.
      Normally not used for login directly, only via
      su(1) or equivalent by users in
      the wheel group; see
      groups(7).
    Secondary groups: guest,
        kmem, nvmm,
        operator, staff,
        sys, tty. 
- toor
- Like root, this is the super-user with uid 0, but with
      no secondary group memberships.
    Historically, root had a login shell of
        /bin/csh while toor had a
        login shell of /bin/sh. However, today both
        default to /bin/sh. This user account name is
        not used for anything in NetBSD; it is purely a
        convenience for actual users. 
- daemon
- Historic user for general daemonic activity.
    Owner of /var/msgs; see
        msgs(1). Used only by
        rpcbind(8), with the
        -sflag.
 
- operator
- Historic user. Unused in modern NetBSD.
- bin
- Historic user. Unused in modern NetBSD.
- games
- Owner of high-score files and other shared files for games.
- postfix
- Pseudo-user for use by the
      postfix(1) mail transfer
      agent.
- named
- Pseudo-user for use by the
      named(8) DNS nameserver
      daemon.
- ntpd
- Pseudo-user for use by the
      ntpd(8) network time protocol
      daemon.
- sshd
- Pseudo-user for use by the
      sshd(8) secure shell
    daemon.
- _pflogd
- Pseudo-user for use by the
      pflogd(8) log daemon with
      the pf(4) packet filter.
- _rwhod
- Pseudo-user for use by the
      rwhod(8) system status
      daemon.
- _proxy
- Pseudo-user for use by the
      ftp-proxy(8) and
      tftp-proxy(8) proxy
      daemons with packet filters such as
      pf(4) or
      ipnat(4).
- _timedc
- Pseudo-user for use by the
      timedc(8) tool to
      communicate with the timed(8)
      time server daemon.
- _sdpd
- Pseudo-user for use by the
      sdpd(8) Bluetooth service
      discovery protocol daemon.
- _httpd
- Pseudo-user for use by the
      httpd(8) (bozohttpd) web
      server.
- _mdnsd
- Pseudo-user for use by the
      mdnsd(8) multicast DNS and
      DNS service discovery daemon.
- _tests
- Pseudo-user for use by atf(7)
      automatic tests that request to run unprivileged. Default value for the
      ‘unprivileged-user’ configuration variable; see
      tests(7).
- _tcpdump
- Pseudo-user for use by the
      tcpdump(8) network traffic
      dumper and analyzer.
- _tss
- Pseudo-user for use by the
      tcsd(8) ‘Trusted
      Computing’ daemon TPM to manage a TPM.
- _dhcpcd
- Pseudo-user for use by the
      dhcpcd(8) DHCP Client
      Daemon.
- _rtadvd
- Pseudo-user for use by the
      rtadvd(8) IPv6 network
      router advertisement daemon.
- _unbound
- Pseudo-user for the
      unbound(8) recursive DNS
      resolver.
- _nsd
- Pseudo-user for the nsd(8)
      authoritative DNS nameserver.
- uucp
- Pseudo-user for use by historic UUCP software, available now in
      pkgsrc(7).
- nobody
- Traditional pseudo-user used for dropping privileges. Modern practice is
      to assign to each different daemon its own separate pseudo-user account
      and group so that if one daemon is compromised it does not compromise all
      the other daemons.
All new standard NetBSD pseudo-user
    account names should begin with an underscore ‘_’ to
    distinguish them from accounts that real users might add, and should have a
    primary group of the same name; real users should accordingly avoid such
    account names.