My knowledge comes from my early days at Sun in 84-85 as a rock-n-roll roadie turned into a UNIX sysadmin. It was passed to me as I was learning how to take care of trade show Sun Workstations. So take it with a grain of salt. daemon was for daemon processes that ran in the background but did not want to run as root. I believe it was used by inetd when it spawned a process but an not sure. It was also used by sendmail when it gave up its SUID root privileges. operator was a normal user that had privilege to read the raw file systems through group membership. Sysadmins who did backups would also be a member of this group. The group I recall in the early days was "kmem" although now there is a separate group "disk". A user to go with group bin. Typically would be the "proper" owner of all the binaries and libraries on a system. It has lingered on for far to long because, IMHO, the vendors had no clue as to why everything was owned by bin and just kept it that way since "thats the way it's always been". I was told that group bin came from UCB to allow semi-trusted staff to replace binaries in the file system without giving them the root password. My recollection is that staff was for group read/write permissions for home directories, separate from group wheel which granted extra privileges The nobody group was a group to go with the nobody user introduced with NFS. nogroup may have been someone's attempt to make the name more obvious, or it may have been for non-privileged account. But the second case weakens the protection of a non-privileged account