X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=man%2Fsysusers.d.xml;h=58f24a62f5f80d060713db302ea2f8016a5784d5;hp=af31ec078dd3dbe189280c0dca94b1f4325795b9;hb=4427c3f43a87c2e0c784fda6be1b9715be820733;hpb=21236ab51082668914b933041893a1cf45218a3d

diff --git a/man/sysusers.d.xml b/man/sysusers.d.xml
index af31ec078..58f24a62f 100644
--- a/man/sysusers.d.xml
+++ b/man/sysusers.d.xml
@@ -53,32 +53,28 @@
                 <title>Description</title>
 
                 <para><command>systemd-sysusers</command> uses the
-                files from <filename>/usr/lib/sysusers.d/</filename>
+                files from <filename>sysusers.d</filename> directory
                 to create system users and groups at package
-                installation or boot time. This tool may be used for
-                allocating system users and groups only, it is not
+                installation or boot time. This tool may be used to
+                allocate system users and groups only, it is not
                 useful for creating non-system users and groups, as it
-                accessed <filename>/etc/passwd</filename> and
+                accesses <filename>/etc/passwd</filename> and
                 <filename>/etc/group</filename> directly, bypassing
-                any more complex user database, for example any
+                any more complex user databases, for example any
                 database involving NIS or LDAP.</para>
-
         </refsect1>
 
         <refsect1>
-                <title>File Format</title>
-
-                <para>Each file shall be named in the style of
-                <filename><replaceable>package</replaceable>.conf</filename>.</para>
+                <title>Configuration Format</title>
 
-                <para>All files are sorted by their filename in
-                lexicographic order, regardless of which of the
-                directories they reside in. If multiple files specify
-                the same user or group, the entry in the file with the
-                lexicographically earliest name will be applied, all
-                all other conflicting entries will be logged as
-                errors. Users and groups are
-                processed in the order they are listed.</para>
+                <para>Each configuration file shall be named in the
+                style of
+                <filename><replaceable>package</replaceable>.conf</filename>
+                or
+                <filename><replaceable>package</replaceable>-<replaceable>part</replaceable>.conf</filename>.
+                The second variant should be used when it is desirable
+                to make it easy to override just this part of
+                configuration.</para>
 
                 <para>The file format is one line per user or group
                 containing name, ID and GECOS field description:</para>
@@ -86,7 +82,8 @@
                 <programlisting># Type Name ID GECOS
 u httpd 440 "HTTP User"
 u authd /usr/bin/authd "Authorization user"
-g input - -</programlisting>
+g input - -
+m authd input</programlisting>
 
                 <refsect2>
                         <title>Type</title>
@@ -105,7 +102,7 @@ g input - -</programlisting>
                                         group will be set to the group
                                         bearing the same name. The
                                         user's shell will be set to
-                                        <filename>/sbin/login</filename>,
+                                        <filename>/sbin/nologin</filename>,
                                         the home directory to
                                         <filename>/</filename>. The
                                         account will be created
@@ -125,6 +122,15 @@ g input - -</programlisting>
                                         created with no password
                                         set.</para></listitem>
                                 </varlistentry>
+
+                                <varlistentry>
+                                        <term><varname>m</varname></term>
+                                        <listitem><para>Add a user to
+                                        a group. If the user or group
+                                        are not existing yet, they
+                                        will be implicitly
+                                        created.</para></listitem>
+                                </varlistentry>
                         </variablelist>
                 </refsect2>
 
@@ -132,7 +138,7 @@ g input - -</programlisting>
                         <title>Name</title>
 
                         <para>The name field specifies the user or
-                        group name. It should be be shorter than 256
+                        group name. It should be shorter than 31
                         characters and avoid any non-ASCII characters,
                         and not begin with a numeric character. It is
                         strongly recommended to pick user and group
@@ -141,13 +147,18 @@ g input - -</programlisting>
                         scheme to guarantee this is by prefixing all
                         system and group names with the underscore,
                         and avoiding too generic names.</para>
+
+                        <para>For <varname>m</varname> lines this
+                        field should contain the user name to add to a
+                        group.</para>
                 </refsect2>
 
                 <refsect2>
                         <title>ID</title>
 
-                        <para>The numeric 32bit UID or GID of the
-                        user/group. Do not use IDs 65535 or
+                        <para>For <varname>u</varname> and
+                        <varname>g</varname> the numeric 32bit UID or
+                        GID of the user/group. Do not use IDs 65535 or
                         4294967295, as they have special placeholder
                         meanings. Specify "-" for automatic UID/GID
                         allocation for the user or
@@ -157,6 +168,10 @@ g input - -</programlisting>
                         useful to create users whose UID/GID match the
                         owners of pre-existing files (such as SUID or
                         SGID binaries).</para>
+
+                        <para>For <varname>m</varname> lines this
+                        field should contain the group name to add to
+                        a user to.</para>
                 </refsect2>
 
                 <refsect2>
@@ -165,15 +180,48 @@ g input - -</programlisting>
                         <para>A short, descriptive string for users to
                         be created, enclosed in quotation marks. Note
                         that this field may not contain colons.</para>
+
+                        <para>Only applies to lines of type
+                        <varname>u</varname> and should otherwise be
+                        left unset.</para>
                 </refsect2>
 
         </refsect1>
 
+        <refsect1>
+                <title>Overriding vendor configuration</title>
+
+                <para>Note that <command>systemd-sysusers</command>
+                will do nothing if the specified users or groups
+                already exist, so normally there no reason to override
+                <filename>sysusers.d</filename> vendor configuration,
+                except to block certain users or groups from being
+                created.</para>
+
+                <para>Files in <filename>/etc/sysusers.d</filename>
+                override files with the same name in
+                <filename>/usr/lib/sysusers.d</filename> and
+                <filename>/run/sysusers.d</filename>. Files in
+                <filename>/run/sysusers.d</filename> override files
+                with the same name in
+                <filename>/usr/lib/sysusers.d</filename>. The scheme is the same as for
+                <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+                except for the directory name.</para>
+
+                <para>If the administrator wants to disable a
+                configuration file supplied by the vendor, the
+                recommended way is to place a symlink to
+                <filename>/dev/null</filename> in
+                <filename>/etc/sysusers.d/</filename> bearing the
+                same filename.</para>
+        </refsect1>
+
         <refsect1>
                 <title>See Also</title>
                 <para>
                         <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
-                        <citerefentry><refentrytitle>systemd-sysusers</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+                        <citerefentry><refentrytitle>systemd-sysusers</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+                        <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
                 </para>
         </refsect1>