You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see <http://www.gnu.org/licenses/>.
-->
-<refentry id="sysusers.d">
+<refentry id="sysusers.d"
+ xmlns:xi="http://www.w3.org/2001/XInclude">
<refentryinfo>
<title>sysusers.d</title>
configuration.</para>
<para>The file format is one line per user or group
- containing name, ID and GECOS field description:</para>
+ containing name, ID, GECOS field description and home directory:</para>
<programlisting># Type Name ID GECOS
u httpd 440 "HTTP User"
u authd /usr/bin/authd "Authorization user"
g input - -
-m authd input</programlisting>
+m authd input
+u root 0 "Superuser" /root</programlisting>
<refsect2>
<title>Type</title>
group will be set to the group
bearing the same name. The
user's shell will be set to
- <filename>/sbin/login</filename>,
- the home directory to
- <filename>/</filename>. The
- account will be created
- disabled, so that logins are
- not allowed.</para></listitem>
+ <filename>/sbin/nologin</filename>,
+ the home directory to the
+ specified home directory, or
+ <filename>/</filename> if none
+ is given. The account will be
+ created disabled, so that
+ logins are not
+ allowed.</para></listitem>
</varlistentry>
<varlistentry>
will be implicitly
created.</para></listitem>
</varlistentry>
+
+ <varlistentry>
+ <term><varname>r</varname></term>
+ <listitem><para>Add a range of
+ numeric UIDs/GIDs to the pool
+ to allocate new UIDs and GIDs
+ from. If no line of this type
+ is specified the range of
+ UIDs/GIDs is set to some
+ compiled-in default. Note that
+ both UIDs and GIDs are
+ allocated from the same pool,
+ in order to ensure that users
+ and groups of the same name
+ are likely to carry the same
+ numeric UID and
+ GID.</para></listitem>
+ </varlistentry>
+
</variablelist>
</refsect2>
<title>Name</title>
<para>The name field specifies the user or
- group name. It should be be shorter than 31
+ group name. It should be shorter than 31
characters and avoid any non-ASCII characters,
and not begin with a numeric character. It is
strongly recommended to pick user and group
<para>For <varname>m</varname> lines this
field should contain the user name to add to a
group.</para>
+
+ <para>For lines of type <varname>r</varname>
+ this field should be set to
+ <literal>-</literal>.</para>
</refsect2>
<refsect2>
<varname>g</varname> the numeric 32bit UID or
GID of the user/group. Do not use IDs 65535 or
4294967295, as they have special placeholder
- meanings. Specify "-" for automatic UID/GID
- allocation for the user or
+ meanings. Specify <literal>-</literal> for
+ automatic UID/GID allocation for the user or
group. Alternatively, specify an absolute path
in the file system. In this case the UID/GID
is read from the path's owner/group. This is
<para>For <varname>m</varname> lines this
field should contain the group name to add to
a user to.</para>
+
+ <para>For lines of type <varname>r</varname>
+ this field should be set to a UID/GID range in
+ the format <literal>FROM-TO</literal> where
+ both values are formatted as decimal ASCII
+ numbers. Alternatively, a single UID/GID may
+ be specified formatted as decimal ASCII
+ numbers.</para>
</refsect2>
<refsect2>
<para>Only applies to lines of type
<varname>u</varname> and should otherwise be
- left unset.</para>
+ left unset, or be set to
+ <literal>-</literal>.</para>
+ </refsect2>
+
+ <refsect2>
+ <title>Home Directory</title>
+
+ <para>The home directory for a new system
+ user. If omitted defaults to the root
+ directory. It is recommended to not
+ unnecessarily specify home directories for
+ system users, unless software strictly
+ requires one to be set.</para>
+
+ <para>Only applies to lines of type
+ <varname>u</varname> and should otherwise be
+ left unset, or be set to
+ <literal>-</literal>.</para>
</refsect2>
</refsect1>
+ <xi:include href="standard-conf.xml" xpointer="confd" />
+
<refsect1>
- <title>Overriding vendor configuration</title>
+ <title>Idempotence</title>
<para>Note that <command>systemd-sysusers</command>
will do nothing if the specified users or groups
<filename>sysusers.d</filename> vendor configuration,
except to block certain users or groups from being
created.</para>
-
- <para>Files in <filename>/etc/sysusers.d</filename>
- override files with the same name in
- <filename>/usr/lib/sysusers.d</filename> and
- <filename>/run/sysusers.d</filename>. Files in
- <filename>/run/sysusers.d</filename> override files
- with the same name in
- <filename>/usr/lib/sysusers.d</filename>. The scheme is the same as for
- <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
- except for the directory name.</para>
-
- <para>If the administrator wants to disable a
- configuration file supplied by the vendor, the
- recommended way is to place a symlink to
- <filename>/dev/null</filename> in
- <filename>/etc/sysusers.d/</filename> bearing the
- same filename.</para>
</refsect1>
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>systemd-sysusers</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ <citerefentry><refentrytitle>systemd-sysusers</refentrytitle><manvolnum>8</manvolnum></citerefentry>
</para>
</refsect1>