3 <!DOCTYPE refentry PUBLIC
"-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
5 This file is part of systemd.
7 Copyright 2014 Lennart Poettering
9 systemd is free software; you can redistribute it and/or modify it
10 under the terms of the GNU Lesser General Public License as published by
11 the Free Software Foundation; either version 2.1 of the License, or
12 (at your option) any later version.
14 systemd is distributed in the hope that it will be useful, but
15 WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 Lesser General Public License for more details.
19 You should have received a copy of the GNU Lesser General Public License
20 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22 <refentry id=
"sysusers.d">
25 <title>sysusers.d
</title>
26 <productname>systemd
</productname>
30 <contrib>Developer
</contrib>
31 <firstname>Lennart
</firstname>
32 <surname>Poettering
</surname>
33 <email>lennart@poettering.net
</email>
39 <refentrytitle>sysusers.d
</refentrytitle>
40 <manvolnum>5</manvolnum>
44 <refname>sysusers.d
</refname>
45 <refpurpose>Declarative allocation of system users and groups
</refpurpose>
49 <para><filename>/usr/lib/sysusers.d/*.conf
</filename></para>
53 <title>Description
</title>
55 <para><command>systemd-sysusers
</command> uses the
56 files from
<filename>/usr/lib/sysusers.d/
</filename>
57 to create system users and groups at package
58 installation or boot time. This tool may be used for
59 allocating system users and groups only, it is not
60 useful for creating non-system users and groups, as it
61 accessed
<filename>/etc/passwd
</filename> and
62 <filename>/etc/group
</filename> directly, bypassing
63 any more complex user database, for example any
64 database involving NIS or LDAP.
</para>
69 <title>File Format
</title>
71 <para>Each file shall be named in the style of
72 <filename><replaceable>package
</replaceable>.conf
</filename>.
</para>
74 <para>All files are sorted by their filename in
75 lexicographic order, regardless of which of the
76 directories they reside in. If multiple files specify
77 the same user or group, the entry in the file with the
78 lexicographically earliest name will be applied, all
79 all other conflicting entries will be logged as
80 errors. Users and groups are
81 processed in the order they are listed.
</para>
83 <para>The file format is one line per user or group
84 containing name, ID and GECOS field description:
</para>
86 <programlisting># Type Name ID GECOS
87 u httpd
440 "HTTP User"
88 u authd /usr/bin/authd
"Authorization user"
90 m authd input
</programlisting>
95 <para>The type consists of a single
96 letter. The following line types are
101 <term><varname>u
</varname></term>
102 <listitem><para>Create a
103 system user and group of the
104 specified name should they not
105 exist yet. The user's primary
106 group will be set to the group
107 bearing the same name. The
108 user's shell will be set to
109 <filename>/sbin/login
</filename>,
110 the home directory to
111 <filename>/
</filename>. The
112 account will be created
113 disabled, so that logins are
114 not allowed.
</para></listitem>
118 <term><varname>g
</varname></term>
119 <listitem><para>Create a
120 system group of the specified
121 name should it not exist
124 implicitly create a matching
125 group. The group will be
126 created with no password
127 set.
</para></listitem>
131 <term><varname>m
</varname></term>
132 <listitem><para>Add a user to
133 a group. If the user or group
134 are not existing yet, they
136 created.
</para></listitem>
144 <para>The name field specifies the user or
145 group name. It should be be shorter than
31
146 characters and avoid any non-ASCII characters,
147 and not begin with a numeric character. It is
148 strongly recommended to pick user and group
149 names that are unlikely to clash with normal
150 users created by the administrator. A good
151 scheme to guarantee this is by prefixing all
152 system and group names with the underscore,
153 and avoiding too generic names.
</para>
155 <para>For
<varname>m
</varname> lines this
156 field should contain the user name to add to a
163 <para>For
<varname>u
</varname> and
164 <varname>g
</varname> the numeric
32bit UID or
165 GID of the user/group. Do not use IDs
65535 or
166 4294967295, as they have special placeholder
167 meanings. Specify
"-" for automatic UID/GID
168 allocation for the user or
169 group. Alternatively, specify an absolute path
170 in the file system. In this case the UID/GID
171 is read from the path's owner/group. This is
172 useful to create users whose UID/GID match the
173 owners of pre-existing files (such as SUID or
174 SGID binaries).
</para>
176 <para>For
<varname>m
</varname> lines this
177 field should contain the group name to add to
184 <para>A short, descriptive string for users to
185 be created, enclosed in quotation marks. Note
186 that this field may not contain colons.
</para>
188 <para>Only applies to lines of type
189 <varname>u
</varname> and should otherwise be
196 <title>See Also
</title>
198 <citerefentry><refentrytitle>systemd
</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
199 <citerefentry><refentrytitle>systemd-sysusers
</refentrytitle><manvolnum>8</manvolnum></citerefentry>
projects / thirdparty / systemd.git / blob