]>
Commit | Line | Data |
---|---|---|
21236ab5 LP |
1 | <?xml version="1.0"?> |
2 | <!--*-nxml-*--> | |
3 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> | |
4 | <!-- | |
5 | This file is part of systemd. | |
6 | ||
7 | Copyright 2014 Lennart Poettering | |
8 | ||
9 | systemd is free software; you can redistribute it and/or modify it | |
10 | under the terms of the GNU Lesser General Public License as published by | |
11 | the Free Software Foundation; either version 2.1 of the License, or | |
12 | (at your option) any later version. | |
13 | ||
14 | systemd is distributed in the hope that it will be useful, but | |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
17 | Lesser General Public License for more details. | |
18 | ||
19 | You should have received a copy of the GNU Lesser General Public License | |
20 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
21 | --> | |
22 | <refentry id="sysusers.d"> | |
23 | ||
24 | <refentryinfo> | |
25 | <title>sysusers.d</title> | |
26 | <productname>systemd</productname> | |
27 | ||
28 | <authorgroup> | |
29 | <author> | |
30 | <contrib>Developer</contrib> | |
31 | <firstname>Lennart</firstname> | |
32 | <surname>Poettering</surname> | |
33 | <email>lennart@poettering.net</email> | |
34 | </author> | |
35 | </authorgroup> | |
36 | </refentryinfo> | |
37 | ||
38 | <refmeta> | |
39 | <refentrytitle>sysusers.d</refentrytitle> | |
40 | <manvolnum>5</manvolnum> | |
41 | </refmeta> | |
42 | ||
43 | <refnamediv> | |
44 | <refname>sysusers.d</refname> | |
45 | <refpurpose>Declarative allocation of system users and groups</refpurpose> | |
46 | </refnamediv> | |
47 | ||
48 | <refsynopsisdiv> | |
49 | <para><filename>/usr/lib/sysusers.d/*.conf</filename></para> | |
50 | </refsynopsisdiv> | |
51 | ||
52 | <refsect1> | |
53 | <title>Description</title> | |
54 | ||
55 | <para><command>systemd-sysusers</command> uses the | |
56 | files from <filename>/usr/lib/sysusers.d/</filename> | |
57 | to create system users and groups at package | |
58 | installation or boot time. This tool may be used for | |
59 | allocating system users and groups only, it is not | |
60 | useful for creating non-system users and groups, as it | |
61 | accessed <filename>/etc/passwd</filename> and | |
62 | <filename>/etc/group</filename> directly, bypassing | |
63 | any more complex user database, for example any | |
64 | database involving NIS or LDAP.</para> | |
65 | ||
66 | </refsect1> | |
67 | ||
68 | <refsect1> | |
69 | <title>File Format</title> | |
70 | ||
71 | <para>Each file shall be named in the style of | |
72 | <filename><replaceable>package</replaceable>.conf</filename>.</para> | |
73 | ||
74 | <para>All files are sorted by their filename in | |
75 | lexicographic order, regardless of which of the | |
76 | directories they reside in. If multiple files specify | |
77 | the same user or group, the entry in the file with the | |
78 | lexicographically earliest name will be applied, all | |
79 | all other conflicting entries will be logged as | |
80 | errors. Users and groups are | |
81 | processed in the order they are listed.</para> | |
82 | ||
83 | <para>The file format is one line per user or group | |
84 | containing name, ID and GECOS field description:</para> | |
85 | ||
86 | <programlisting># Type Name ID GECOS | |
87 | u httpd 440 "HTTP User" | |
88 | u authd /usr/bin/authd "Authorization user" | |
a12b0cc3 LP |
89 | g input - - |
90 | m authd input</programlisting> | |
21236ab5 LP |
91 | |
92 | <refsect2> | |
93 | <title>Type</title> | |
94 | ||
95 | <para>The type consists of a single | |
96 | letter. The following line types are | |
97 | understood:</para> | |
98 | ||
99 | <variablelist> | |
100 | <varlistentry> | |
101 | <term><varname>u</varname></term> | |
102 | <listitem><para>Create a | |
103 | system user and group of the | |
104 | specified name should they not | |
105 | exist yet. The user's primary | |
106 | group will be set to the group | |
107 | bearing the same name. The | |
108 | user's shell will be set to | |
109 | <filename>/sbin/login</filename>, | |
110 | the home directory to | |
111 | <filename>/</filename>. The | |
112 | account will be created | |
113 | disabled, so that logins are | |
114 | not allowed.</para></listitem> | |
115 | </varlistentry> | |
116 | ||
117 | <varlistentry> | |
118 | <term><varname>g</varname></term> | |
119 | <listitem><para>Create a | |
120 | system group of the specified | |
121 | name should it not exist | |
122 | yet. Note that | |
123 | <varname>u</varname> | |
124 | implicitly create a matching | |
125 | group. The group will be | |
126 | created with no password | |
127 | set.</para></listitem> | |
128 | </varlistentry> | |
a12b0cc3 LP |
129 | |
130 | <varlistentry> | |
131 | <term><varname>m</varname></term> | |
132 | <listitem><para>Add a user to | |
133 | a group. If the user or group | |
134 | are not existing yet, they | |
135 | will be implicitly | |
136 | created.</para></listitem> | |
137 | </varlistentry> | |
21236ab5 LP |
138 | </variablelist> |
139 | </refsect2> | |
140 | ||
141 | <refsect2> | |
142 | <title>Name</title> | |
143 | ||
144 | <para>The name field specifies the user or | |
932ad62b | 145 | group name. It should be be shorter than 31 |
21236ab5 LP |
146 | characters and avoid any non-ASCII characters, |
147 | and not begin with a numeric character. It is | |
148 | strongly recommended to pick user and group | |
149 | names that are unlikely to clash with normal | |
150 | users created by the administrator. A good | |
151 | scheme to guarantee this is by prefixing all | |
152 | system and group names with the underscore, | |
153 | and avoiding too generic names.</para> | |
a12b0cc3 LP |
154 | |
155 | <para>For <varname>m</varname> lines this | |
156 | field should contain the user name to add to a | |
157 | group.</para> | |
21236ab5 LP |
158 | </refsect2> |
159 | ||
160 | <refsect2> | |
161 | <title>ID</title> | |
162 | ||
a12b0cc3 LP |
163 | <para>For <varname>u</varname> and |
164 | <varname>g</varname> the numeric 32bit UID or | |
165 | GID of the user/group. Do not use IDs 65535 or | |
21236ab5 LP |
166 | 4294967295, as they have special placeholder |
167 | meanings. Specify "-" for automatic UID/GID | |
168 | allocation for the user or | |
169 | group. Alternatively, specify an absolute path | |
170 | in the file system. In this case the UID/GID | |
171 | is read from the path's owner/group. This is | |
172 | useful to create users whose UID/GID match the | |
173 | owners of pre-existing files (such as SUID or | |
174 | SGID binaries).</para> | |
a12b0cc3 LP |
175 | |
176 | <para>For <varname>m</varname> lines this | |
177 | field should contain the group name to add to | |
178 | a user to.</para> | |
21236ab5 LP |
179 | </refsect2> |
180 | ||
181 | <refsect2> | |
182 | <title>GECOS</title> | |
183 | ||
184 | <para>A short, descriptive string for users to | |
185 | be created, enclosed in quotation marks. Note | |
186 | that this field may not contain colons.</para> | |
a12b0cc3 LP |
187 | |
188 | <para>Only applies to lines of type | |
189 | <varname>u</varname> and should otherwise be | |
190 | left unset.</para> | |
21236ab5 LP |
191 | </refsect2> |
192 | ||
193 | </refsect1> | |
194 | ||
195 | <refsect1> | |
196 | <title>See Also</title> | |
197 | <para> | |
198 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
199 | <citerefentry><refentrytitle>systemd-sysusers</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
200 | </para> | |
201 | </refsect1> | |
202 | ||
203 | </refentry> |