(In reply to Bernhard Wiedemann from comment #4) I'm aware, nevertheless: what is *wrong* with this? From systemd-224/README USERS AND GROUPS: Default udev rules use the following standard system group names, which need to be resolvable by getgrnam() at any time, even in the very early boot stages, where no other databases and network are available: audio, cdrom, dialout, disk, input, kmem, lp, tape, tty, video During runtime, the journal daemon requires the "systemd-journal" system group to exist. New journal files will be readable by this group (but not writable), which may be used to grant specific users read access. In addition, system groups "wheel" and "adm" will be given read-only access to journal files using systemd-tmpfiles.service. The journal gateway daemon requires the "systemd-journal-gateway" system user and group to exist. During execution this network facing service will drop privileges and assume this uid/gid for security reasons. Similarly, the NTP daemon requires the "systemd-timesync" system user and group to exist. Similarly, the network management daemon requires the "systemd-network" system user and group to exist. Similarly, the name resolution daemon requires the "systemd-resolve" system user and group to exist. Similarly, the kdbus dbus1 proxy daemon requires the "systemd-bus-proxy" system user and group to exist.