chiark / gitweb /
sd-network: /_get_link_/_link_get_/
[elogind.git] / man / sysusers.d.xml
1 <?xml version="1.0"?>
2 <!--*-nxml-*-->
3 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
4 <!--
5   This file is part of systemd.
6
7   Copyright 2014 Lennart Poettering
8
9   systemd is free software; you can redistribute it and/or modify it
10   under the terms of the GNU Lesser General Public License as published by
11   the Free Software Foundation; either version 2.1 of the License, or
12   (at your option) any later version.
13
14   systemd is distributed in the hope that it will be useful, but
15   WITHOUT ANY WARRANTY; without even the implied warranty of
16   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17   Lesser General Public License for more details.
18
19   You should have received a copy of the GNU Lesser General Public License
20   along with systemd; If not, see <http://www.gnu.org/licenses/>.
21 -->
22 <refentry id="sysusers.d">
23
24         <refentryinfo>
25                 <title>sysusers.d</title>
26                 <productname>systemd</productname>
27
28                 <authorgroup>
29                         <author>
30                                 <contrib>Developer</contrib>
31                                 <firstname>Lennart</firstname>
32                                 <surname>Poettering</surname>
33                                 <email>lennart@poettering.net</email>
34                         </author>
35                 </authorgroup>
36         </refentryinfo>
37
38         <refmeta>
39                 <refentrytitle>sysusers.d</refentrytitle>
40                 <manvolnum>5</manvolnum>
41         </refmeta>
42
43         <refnamediv>
44                 <refname>sysusers.d</refname>
45                 <refpurpose>Declarative allocation of system users and groups</refpurpose>
46         </refnamediv>
47
48         <refsynopsisdiv>
49                 <para><filename>/usr/lib/sysusers.d/*.conf</filename></para>
50         </refsynopsisdiv>
51
52         <refsect1>
53                 <title>Description</title>
54
55                 <para><command>systemd-sysusers</command> uses the
56                 files from <filename>sysusers.d</filename> directory
57                 to create system users and groups at package
58                 installation or boot time. This tool may be used to
59                 allocate system users and groups only, it is not
60                 useful for creating non-system users and groups, as it
61                 accesses <filename>/etc/passwd</filename> and
62                 <filename>/etc/group</filename> directly, bypassing
63                 any more complex user databases, for example any
64                 database involving NIS or LDAP.</para>
65         </refsect1>
66
67         <refsect1>
68                 <title>Configuration Format</title>
69
70                 <para>Each configuration file shall be named in the
71                 style of
72                 <filename><replaceable>package</replaceable>.conf</filename>
73                 or
74                 <filename><replaceable>package</replaceable>-<replaceable>part</replaceable>.conf</filename>.
75                 The second variant should be used when it is desirable
76                 to make it easy to override just this part of
77                 configuration.</para>
78
79                 <para>The file format is one line per user or group
80                 containing name, ID and GECOS field description:</para>
81
82                 <programlisting># Type Name ID GECOS
83 u httpd 440 "HTTP User"
84 u authd /usr/bin/authd "Authorization user"
85 g input - -
86 m authd input</programlisting>
87
88                 <refsect2>
89                         <title>Type</title>
90
91                         <para>The type consists of a single
92                         letter. The following line types are
93                         understood:</para>
94
95                         <variablelist>
96                                 <varlistentry>
97                                         <term><varname>u</varname></term>
98                                         <listitem><para>Create a
99                                         system user and group of the
100                                         specified name should they not
101                                         exist yet. The user's primary
102                                         group will be set to the group
103                                         bearing the same name. The
104                                         user's shell will be set to
105                                         <filename>/sbin/nologin</filename>,
106                                         the home directory to
107                                         <filename>/</filename>. The
108                                         account will be created
109                                         disabled, so that logins are
110                                         not allowed.</para></listitem>
111                                 </varlistentry>
112
113                                 <varlistentry>
114                                         <term><varname>g</varname></term>
115                                         <listitem><para>Create a
116                                         system group of the specified
117                                         name should it not exist
118                                         yet. Note that
119                                         <varname>u</varname>
120                                         implicitly create a matching
121                                         group. The group will be
122                                         created with no password
123                                         set.</para></listitem>
124                                 </varlistentry>
125
126                                 <varlistentry>
127                                         <term><varname>m</varname></term>
128                                         <listitem><para>Add a user to
129                                         a group. If the user or group
130                                         are not existing yet, they
131                                         will be implicitly
132                                         created.</para></listitem>
133                                 </varlistentry>
134                         </variablelist>
135                 </refsect2>
136
137                 <refsect2>
138                         <title>Name</title>
139
140                         <para>The name field specifies the user or
141                         group name. It should be shorter than 31
142                         characters and avoid any non-ASCII characters,
143                         and not begin with a numeric character. It is
144                         strongly recommended to pick user and group
145                         names that are unlikely to clash with normal
146                         users created by the administrator. A good
147                         scheme to guarantee this is by prefixing all
148                         system and group names with the underscore,
149                         and avoiding too generic names.</para>
150
151                         <para>For <varname>m</varname> lines this
152                         field should contain the user name to add to a
153                         group.</para>
154                 </refsect2>
155
156                 <refsect2>
157                         <title>ID</title>
158
159                         <para>For <varname>u</varname> and
160                         <varname>g</varname> the numeric 32bit UID or
161                         GID of the user/group. Do not use IDs 65535 or
162                         4294967295, as they have special placeholder
163                         meanings. Specify "-" for automatic UID/GID
164                         allocation for the user or
165                         group. Alternatively, specify an absolute path
166                         in the file system. In this case the UID/GID
167                         is read from the path's owner/group. This is
168                         useful to create users whose UID/GID match the
169                         owners of pre-existing files (such as SUID or
170                         SGID binaries).</para>
171
172                         <para>For <varname>m</varname> lines this
173                         field should contain the group name to add to
174                         a user to.</para>
175                 </refsect2>
176
177                 <refsect2>
178                         <title>GECOS</title>
179
180                         <para>A short, descriptive string for users to
181                         be created, enclosed in quotation marks. Note
182                         that this field may not contain colons.</para>
183
184                         <para>Only applies to lines of type
185                         <varname>u</varname> and should otherwise be
186                         left unset.</para>
187                 </refsect2>
188
189         </refsect1>
190
191         <refsect1>
192                 <title>Overriding vendor configuration</title>
193
194                 <para>Note that <command>systemd-sysusers</command>
195                 will do nothing if the specified users or groups
196                 already exist, so normally there no reason to override
197                 <filename>sysusers.d</filename> vendor configuration,
198                 except to block certain users or groups from being
199                 created.</para>
200
201                 <para>Files in <filename>/etc/sysusers.d</filename>
202                 override files with the same name in
203                 <filename>/usr/lib/sysusers.d</filename> and
204                 <filename>/run/sysusers.d</filename>. Files in
205                 <filename>/run/sysusers.d</filename> override files
206                 with the same name in
207                 <filename>/usr/lib/sysusers.d</filename>. The scheme is the same as for
208                 <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
209                 except for the directory name.</para>
210
211                 <para>If the administrator wants to disable a
212                 configuration file supplied by the vendor, the
213                 recommended way is to place a symlink to
214                 <filename>/dev/null</filename> in
215                 <filename>/etc/sysusers.d/</filename> bearing the
216                 same filename.</para>
217         </refsect1>
218
219         <refsect1>
220                 <title>See Also</title>
221                 <para>
222                         <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
223                         <citerefentry><refentrytitle>systemd-sysusers</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
224                         <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
225                 </para>
226         </refsect1>
227
228 </refentry>