3 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
5 This file is part of systemd.
7 Copyright 2014 Lennart Poettering
9 systemd is free software; you can redistribute it and/or modify it
10 under the terms of the GNU Lesser General Public License as published by
11 the Free Software Foundation; either version 2.1 of the License, or
12 (at your option) any later version.
14 systemd is distributed in the hope that it will be useful, but
15 WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 Lesser General Public License for more details.
19 You should have received a copy of the GNU Lesser General Public License
20 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22 <refentry id="sysusers.d">
25 <title>sysusers.d</title>
26 <productname>systemd</productname>
30 <contrib>Developer</contrib>
31 <firstname>Lennart</firstname>
32 <surname>Poettering</surname>
33 <email>lennart@poettering.net</email>
39 <refentrytitle>sysusers.d</refentrytitle>
40 <manvolnum>5</manvolnum>
44 <refname>sysusers.d</refname>
45 <refpurpose>Declarative allocation of system users and groups</refpurpose>
49 <para><filename>/usr/lib/sysusers.d/*.conf</filename></para>
53 <title>Description</title>
55 <para><command>systemd-sysusers</command> uses the
56 files from <filename>sysusers.d</filename> directory
57 to create system users and groups at package
58 installation or boot time. This tool may be used to
59 allocate system users and groups only, it is not
60 useful for creating non-system users and groups, as it
61 accesses <filename>/etc/passwd</filename> and
62 <filename>/etc/group</filename> directly, bypassing
63 any more complex user databases, for example any
64 database involving NIS or LDAP.</para>
68 <title>Configuration Format</title>
70 <para>Each configuration file shall be named in the
72 <filename><replaceable>package</replaceable>.conf</filename>
74 <filename><replaceable>package</replaceable>-<replaceable>part</replaceable>.conf</filename>.
75 The second variant should be used when it is desirable
76 to make it easy to override just this part of
79 <para>The file format is one line per user or group
80 containing name, ID and GECOS field description:</para>
82 <programlisting># Type Name ID GECOS
83 u httpd 440 "HTTP User"
84 u authd /usr/bin/authd "Authorization user"
86 m authd input</programlisting>
91 <para>The type consists of a single
92 letter. The following line types are
97 <term><varname>u</varname></term>
98 <listitem><para>Create a
99 system user and group of the
100 specified name should they not
101 exist yet. The user's primary
102 group will be set to the group
103 bearing the same name. The
104 user's shell will be set to
105 <filename>/sbin/nologin</filename>,
106 the home directory to
107 <filename>/</filename>. The
108 account will be created
109 disabled, so that logins are
110 not allowed.</para></listitem>
114 <term><varname>g</varname></term>
115 <listitem><para>Create a
116 system group of the specified
117 name should it not exist
120 implicitly create a matching
121 group. The group will be
122 created with no password
123 set.</para></listitem>
127 <term><varname>m</varname></term>
128 <listitem><para>Add a user to
129 a group. If the user or group
130 are not existing yet, they
132 created.</para></listitem>
140 <para>The name field specifies the user or
141 group name. It should be shorter than 31
142 characters and avoid any non-ASCII characters,
143 and not begin with a numeric character. It is
144 strongly recommended to pick user and group
145 names that are unlikely to clash with normal
146 users created by the administrator. A good
147 scheme to guarantee this is by prefixing all
148 system and group names with the underscore,
149 and avoiding too generic names.</para>
151 <para>For <varname>m</varname> lines this
152 field should contain the user name to add to a
159 <para>For <varname>u</varname> and
160 <varname>g</varname> the numeric 32bit UID or
161 GID of the user/group. Do not use IDs 65535 or
162 4294967295, as they have special placeholder
163 meanings. Specify "-" for automatic UID/GID
164 allocation for the user or
165 group. Alternatively, specify an absolute path
166 in the file system. In this case the UID/GID
167 is read from the path's owner/group. This is
168 useful to create users whose UID/GID match the
169 owners of pre-existing files (such as SUID or
170 SGID binaries).</para>
172 <para>For <varname>m</varname> lines this
173 field should contain the group name to add to
180 <para>A short, descriptive string for users to
181 be created, enclosed in quotation marks. Note
182 that this field may not contain colons.</para>
184 <para>Only applies to lines of type
185 <varname>u</varname> and should otherwise be
192 <title>Overriding vendor configuration</title>
194 <para>Note that <command>systemd-sysusers</command>
195 will do nothing if the specified users or groups
196 already exist, so normally there no reason to override
197 <filename>sysusers.d</filename> vendor configuration,
198 except to block certain users or groups from being
201 <para>Files in <filename>/etc/sysusers.d</filename>
202 override files with the same name in
203 <filename>/usr/lib/sysusers.d</filename> and
204 <filename>/run/sysusers.d</filename>. Files in
205 <filename>/run/sysusers.d</filename> override files
206 with the same name in
207 <filename>/usr/lib/sysusers.d</filename>. The scheme is the same as for
208 <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
209 except for the directory name.</para>
211 <para>If the administrator wants to disable a
212 configuration file supplied by the vendor, the
213 recommended way is to place a symlink to
214 <filename>/dev/null</filename> in
215 <filename>/etc/sysusers.d/</filename> bearing the
216 same filename.</para>
220 <title>See Also</title>
222 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
223 <citerefentry><refentrytitle>systemd-sysusers</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
224 <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>