3 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
5 This file is part of systemd.
7 Copyright 2014 Lennart Poettering
9 systemd is free software; you can redistribute it and/or modify it
10 under the terms of the GNU Lesser General Public License as published by
11 the Free Software Foundation; either version 2.1 of the License, or
12 (at your option) any later version.
14 systemd is distributed in the hope that it will be useful, but
15 WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 Lesser General Public License for more details.
19 You should have received a copy of the GNU Lesser General Public License
20 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22 <refentry id="sysusers.d"
23 xmlns:xi="http://www.w3.org/2001/XInclude">
26 <title>sysusers.d</title>
27 <productname>systemd</productname>
31 <contrib>Developer</contrib>
32 <firstname>Lennart</firstname>
33 <surname>Poettering</surname>
34 <email>lennart@poettering.net</email>
40 <refentrytitle>sysusers.d</refentrytitle>
41 <manvolnum>5</manvolnum>
45 <refname>sysusers.d</refname>
46 <refpurpose>Declarative allocation of system users and groups</refpurpose>
50 <para><filename>/usr/lib/sysusers.d/*.conf</filename></para>
54 <title>Description</title>
56 <para><command>systemd-sysusers</command> uses the
57 files from <filename>sysusers.d</filename> directory
58 to create system users and groups at package
59 installation or boot time. This tool may be used to
60 allocate system users and groups only, it is not
61 useful for creating non-system users and groups, as it
62 accesses <filename>/etc/passwd</filename> and
63 <filename>/etc/group</filename> directly, bypassing
64 any more complex user databases, for example any
65 database involving NIS or LDAP.</para>
69 <title>Configuration Format</title>
71 <para>Each configuration file shall be named in the
73 <filename><replaceable>package</replaceable>.conf</filename>
75 <filename><replaceable>package</replaceable>-<replaceable>part</replaceable>.conf</filename>.
76 The second variant should be used when it is desirable
77 to make it easy to override just this part of
80 <para>The file format is one line per user or group
81 containing name, ID, GECOS field description and home directory:</para>
83 <programlisting># Type Name ID GECOS
84 u httpd 440 "HTTP User"
85 u authd /usr/bin/authd "Authorization user"
88 u root 0 "Superuser" /root</programlisting>
93 <para>The type consists of a single
94 letter. The following line types are
99 <term><varname>u</varname></term>
100 <listitem><para>Create a
101 system user and group of the
102 specified name should they not
103 exist yet. The user's primary
104 group will be set to the group
105 bearing the same name. The
106 user's shell will be set to
107 <filename>/sbin/nologin</filename>,
108 the home directory to the
109 specified home directory, or
110 <filename>/</filename> if none
111 is given. The account will be
112 created disabled, so that
114 allowed.</para></listitem>
118 <term><varname>g</varname></term>
119 <listitem><para>Create a
120 system group of the specified
121 name should it not exist
124 implicitly create a matching
125 group. The group will be
126 created with no password
127 set.</para></listitem>
131 <term><varname>m</varname></term>
132 <listitem><para>Add a user to
133 a group. If the user or group
134 are not existing yet, they
136 created.</para></listitem>
140 <term><varname>r</varname></term>
141 <listitem><para>Add a range of
142 numeric UIDs/GIDs to the pool
143 to allocate new UIDs and GIDs
144 from. If no line of this type
145 is specified the range of
146 UIDs/GIDs is set to some
147 compiled-in default. Note that
148 both UIDs and GIDs are
149 allocated from the same pool,
150 in order to ensure that users
151 and groups of the same name
152 are likely to carry the same
154 GID.</para></listitem>
163 <para>The name field specifies the user or
164 group name. It should be shorter than 31
165 characters and avoid any non-ASCII characters,
166 and not begin with a numeric character. It is
167 strongly recommended to pick user and group
168 names that are unlikely to clash with normal
169 users created by the administrator. A good
170 scheme to guarantee this is by prefixing all
171 system and group names with the underscore,
172 and avoiding too generic names.</para>
174 <para>For <varname>m</varname> lines this
175 field should contain the user name to add to a
178 <para>For lines of type <varname>r</varname>
179 this field should be set to
180 <literal>-</literal>.</para>
186 <para>For <varname>u</varname> and
187 <varname>g</varname> the numeric 32bit UID or
188 GID of the user/group. Do not use IDs 65535 or
189 4294967295, as they have special placeholder
190 meanings. Specify <literal>-</literal> for
191 automatic UID/GID allocation for the user or
192 group. Alternatively, specify an absolute path
193 in the file system. In this case the UID/GID
194 is read from the path's owner/group. This is
195 useful to create users whose UID/GID match the
196 owners of pre-existing files (such as SUID or
197 SGID binaries).</para>
199 <para>For <varname>m</varname> lines this
200 field should contain the group name to add to
203 <para>For lines of type <varname>r</varname>
204 this field should be set to a UID/GID range in
205 the format <literal>FROM-TO</literal> where
206 both values are formatted as decimal ASCII
207 numbers. Alternatively, a single UID/GID may
208 be specified formatted as decimal ASCII
215 <para>A short, descriptive string for users to
216 be created, enclosed in quotation marks. Note
217 that this field may not contain colons.</para>
219 <para>Only applies to lines of type
220 <varname>u</varname> and should otherwise be
221 left unset, or be set to
222 <literal>-</literal>.</para>
226 <title>Home Directory</title>
228 <para>The home directory for a new system
229 user. If omitted defaults to the root
230 directory. It is recommended to not
231 unnecessarily specify home directories for
232 system users, unless software strictly
233 requires one to be set.</para>
235 <para>Only applies to lines of type
236 <varname>u</varname> and should otherwise be
237 left unset, or be set to
238 <literal>-</literal>.</para>
243 <xi:include href="standard-conf.xml" xpointer="confd" />
246 <title>Idempotence</title>
248 <para>Note that <command>systemd-sysusers</command>
249 will do nothing if the specified users or groups
250 already exist, so normally there no reason to override
251 <filename>sysusers.d</filename> vendor configuration,
252 except to block certain users or groups from being
257 <title>See Also</title>
259 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
260 <citerefentry><refentrytitle>systemd-sysusers</refentrytitle><manvolnum>8</manvolnum></citerefentry>
~ianmdlvl / elogind.git / blob