- <refsect2>
- <title>Type</title>
-
- <para>The type consists of a single
- letter. The following line types are
- understood:</para>
-
- <variablelist>
- <varlistentry>
- <term><varname>u</varname></term>
- <listitem><para>Create a
- system user and group of the
- specified name should they not
- exist yet. The user's primary
- group will be set to the group
- bearing the same name. The
- user's shell will be set to
- <filename>/sbin/nologin</filename>,
- the home directory to the
- specified home directory, or
- <filename>/</filename> if none
- is given. The account will be
- created disabled, so that
- logins are not
- allowed.</para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term><varname>g</varname></term>
- <listitem><para>Create a
- system group of the specified
- name should it not exist
- yet. Note that
- <varname>u</varname>
- implicitly create a matching
- group. The group will be
- created with no password
- set.</para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term><varname>m</varname></term>
- <listitem><para>Add a user to
- a group. If the user or group
- are not existing yet, they
- will be implicitly
- created.</para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term><varname>r</varname></term>
- <listitem><para>Add a range of
- numeric UIDs/GIDs to the pool
- to allocate new UIDs and GIDs
- from. If no line of this type
- is specified the range of
- UIDs/GIDs is set to some
- compiled-in default. Note that
- both UIDs and GIDs are
- allocated from the same pool,
- in order to ensure that users
- and groups of the same name
- are likely to carry the same
- numeric UID and
- GID.</para></listitem>
- </varlistentry>
-
- </variablelist>
- </refsect2>
-
- <refsect2>
- <title>Name</title>
-
- <para>The name field specifies the user or
- group name. It should be shorter than 31
- characters and avoid any non-ASCII characters,
- and not begin with a numeric character. It is
- strongly recommended to pick user and group
- names that are unlikely to clash with normal
- users created by the administrator. A good
- scheme to guarantee this is by prefixing all
- system and group names with the underscore,
- and avoiding too generic names.</para>
-
- <para>For <varname>m</varname> lines this
- field should contain the user name to add to a
- group.</para>
-
- <para>For lines of type <varname>r</varname>
- this field should be set to
- <literal>-</literal>.</para>
- </refsect2>
-
- <refsect2>
- <title>ID</title>
-
- <para>For <varname>u</varname> and
- <varname>g</varname> the numeric 32bit UID or
- GID of the user/group. Do not use IDs 65535 or
- 4294967295, as they have special placeholder
- meanings. Specify <literal>-</literal> for
- automatic UID/GID allocation for the user or
- group. Alternatively, specify an absolute path
- in the file system. In this case the UID/GID
- is read from the path's owner/group. This is
- useful to create users whose UID/GID match the
- owners of pre-existing files (such as SUID or
- SGID binaries).</para>
-
- <para>For <varname>m</varname> lines this
- field should contain the group name to add to
- a user to.</para>
-
- <para>For lines of type <varname>r</varname>
- this field should be set to a UID/GID range in
- the format <literal>FROM-TO</literal> where
- both values are formatted as decimal ASCII
- numbers. Alternatively, a single UID/GID may
- be specified formatted as decimal ASCII
- numbers.</para>
- </refsect2>
-
- <refsect2>
- <title>GECOS</title>
-
- <para>A short, descriptive string for users to
- be created, enclosed in quotation marks. Note
- that this field may not contain colons.</para>
-
- <para>Only applies to lines of type
- <varname>u</varname> and should otherwise be
- left unset, or be set to
- <literal>-</literal>.</para>
- </refsect2>
-
- <refsect2>
- <title>Home Directory</title>
-
- <para>The home directory for a new system
- user. If omitted defaults to the root
- directory. It is recommended to not
- unnecessarily specify home directories for
- system users, unless software strictly
- requires one to be set.</para>
-
- <para>Only applies to lines of type
- <varname>u</varname> and should otherwise be
- left unset, or be set to
- <literal>-</literal>.</para>
- </refsect2>
-
- </refsect1>
-
- <xi:include href="standard-conf.xml" xpointer="confd" />
-
- <refsect1>
- <title>Idempotence</title>
-
- <para>Note that <command>systemd-sysusers</command>
- will do nothing if the specified users or groups
- already exist, so normally there no reason to override
- <filename>sysusers.d</filename> vendor configuration,
- except to block certain users or groups from being
- created.</para>
- </refsect1>
-
- <refsect1>
- <title>See Also</title>
- <para>
- <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>systemd-sysusers</refentrytitle><manvolnum>8</manvolnum></citerefentry>
- </para>
- </refsect1>
+ <refsect2>
+ <title>Type</title>
+
+ <para>The type consists of a single letter. The following line
+ types are understood:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><varname>u</varname></term>
+ <listitem><para>Create a system user and group of the
+ specified name should they not exist yet. The user's primary
+ group will be set to the group bearing the same name. The
+ user's shell will be set to
+ <filename>/sbin/nologin</filename>, the home directory to
+ the specified home directory, or <filename>/</filename> if
+ none is given. The account will be created disabled, so that
+ logins are not allowed.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>g</varname></term>
+ <listitem><para>Create a system group of the specified name
+ should it not exist yet. Note that <varname>u</varname>
+ implicitly create a matching group. The group will be
+ created with no password set.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>m</varname></term>
+ <listitem><para>Add a user to a group. If the user or group
+ are not existing yet, they will be implicitly
+ created.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>r</varname></term>
+ <listitem><para>Add a range of numeric UIDs/GIDs to the pool
+ to allocate new UIDs and GIDs from. If no line of this type
+ is specified the range of UIDs/GIDs is set to some
+ compiled-in default. Note that both UIDs and GIDs are
+ allocated from the same pool, in order to ensure that users
+ and groups of the same name are likely to carry the same
+ numeric UID and GID.</para></listitem>
+ </varlistentry>
+
+ </variablelist>
+ </refsect2>
+
+ <refsect2>
+ <title>Name</title>
+
+ <para>The name field specifies the user or group name. It should
+ be shorter than 31 characters and avoid any non-ASCII
+ characters, and not begin with a numeric character. It is
+ strongly recommended to pick user and group names that are
+ unlikely to clash with normal users created by the
+ administrator. A good scheme to guarantee this is by prefixing
+ all system and group names with the underscore, and avoiding too
+ generic names.</para>
+
+ <para>For <varname>m</varname> lines this field should contain
+ the user name to add to a group.</para>
+
+ <para>For lines of type <varname>r</varname> this field should
+ be set to <literal>-</literal>.</para>
+ </refsect2>
+
+ <refsect2>
+ <title>ID</title>
+
+ <para>For <varname>u</varname> and <varname>g</varname> the
+ numeric 32bit UID or GID of the user/group. Do not use IDs 65535
+ or 4294967295, as they have special placeholder meanings.
+ Specify <literal>-</literal> for automatic UID/GID allocation
+ for the user or group. Alternatively, specify an absolute path
+ in the file system. In this case the UID/GID is read from the
+ path's owner/group. This is useful to create users whose UID/GID
+ match the owners of pre-existing files (such as SUID or SGID
+ binaries).</para>
+
+ <para>For <varname>m</varname> lines this field should contain
+ the group name to add to a user to.</para>
+
+ <para>For lines of type <varname>r</varname> this field should
+ be set to a UID/GID range in the format
+ <literal>FROM-TO</literal> where both values are formatted as
+ decimal ASCII numbers. Alternatively, a single UID/GID may be
+ specified formatted as decimal ASCII numbers.</para>
+ </refsect2>
+
+ <refsect2>
+ <title>GECOS</title>
+
+ <para>A short, descriptive string for users to be created,
+ enclosed in quotation marks. Note that this field may not
+ contain colons.</para>
+
+ <para>Only applies to lines of type <varname>u</varname> and
+ should otherwise be left unset, or be set to
+ <literal>-</literal>.</para>
+ </refsect2>
+
+ <refsect2>
+ <title>Home Directory</title>
+
+ <para>The home directory for a new system user. If omitted
+ defaults to the root directory. It is recommended to not
+ unnecessarily specify home directories for system users, unless
+ software strictly requires one to be set.</para>
+
+ <para>Only applies to lines of type <varname>u</varname> and
+ should otherwise be left unset, or be set to
+ <literal>-</literal>.</para>
+ </refsect2>
+
+ </refsect1>
+
+ <xi:include href="standard-conf.xml" xpointer="confd" />
+
+ <refsect1>
+ <title>Idempotence</title>
+
+ <para>Note that <command>systemd-sysusers</command> will do
+ nothing if the specified users or groups already exist, so
+ normally there no reason to override
+ <filename>sysusers.d</filename> vendor configuration, except to
+ block certain users or groups from being created.</para>
+ </refsect1>
+
+ <refsect1>
+ <title>See Also</title>
+ <para>
+ <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-sysusers</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ </para>
+ </refsect1>