proxmox-mirrors/systemd
1
0
Fork 0
mirror of https://git.proxmox.com/git/systemd synced 2026-01-10 11:13:51 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
5eef597e93
systemd/man/sysusers.d.html
Martin Pitt 5eef597e93 Imported Upstream version 217
2014-11-20 15:28:12 +01:00

153 lines
13 KiB
HTML
Raw Blame History

<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>sysusers.d</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><style>
a.headerlink {
color: #c60f0f;
font-size: 0.8em;
padding: 0 4px 0 4px;
text-decoration: none;
visibility: hidden;
}
a.headerlink:hover {
background-color: #c60f0f;
color: white;
}
h1:hover > a.headerlink, h2:hover > a.headerlink, h3:hover > a.headerlink, dt:hover > a.headerlink {
visibility: visible;
}
</style><a href="index.html">Index </a>·
<a href="systemd.directives.html">Directives </a>·
<a href="../python-systemd/index.html">Python </a>·
<a href="../libudev/index.html">libudev </a>·
<a href="../libudev/index.html">gudev </a><span style="float:right">systemd 217</span><hr><div class="refentry"><a name="sysusers.d"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>sysusers.d — Declarative allocation of system users and groups</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><p><code class="filename">/usr/lib/sysusers.d/*.conf</code></p></div><div class="refsect1"><a name="idm214169941664"></a><h2 id="Description">Description<a class="headerlink" title="Permalink to this headline" href="#Description"></a></h2><p><span class="command"><strong>systemd-sysusers</strong></span> uses the
files from <code class="filename">sysusers.d</code> directory
to create system users and groups at package
installation or boot time. This tool may be used to
allocate system users and groups only, it is not
useful for creating non-system users and groups, as it
accesses <code class="filename">/etc/passwd</code> and
<code class="filename">/etc/group</code> directly, bypassing
any more complex user databases, for example any
database involving NIS or LDAP.</p></div><div class="refsect1"><a name="idm214169937424"></a><h2 id="Configuration Format">Configuration Format<a class="headerlink" title="Permalink to this headline" href="#Configuration%20Format"></a></h2><p>Each configuration file shall be named in the
style of
<code class="filename"><em class="replaceable"><code>package</code></em>.conf</code>
or
<code class="filename"><em class="replaceable"><code>package</code></em>-<em class="replaceable"><code>part</code></em>.conf</code>.
The second variant should be used when it is desirable
to make it easy to override just this part of
configuration.</p><p>The file format is one line per user or group
containing name, ID, GECOS field description and home directory:</p><pre class="programlisting"># Type Name ID GECOS
u httpd 440 "HTTP User"
u authd /usr/bin/authd "Authorization user"
g input - -
m authd input
u root 0 "Superuser" /root</pre><div class="refsect2"><a name="idm214169932432"></a><h3 id="Type">Type<a class="headerlink" title="Permalink to this headline" href="#Type"></a></h3><p>The type consists of a single
letter. The following line types are
understood:</p><div class="variablelist"><dl class="variablelist"><dt id="u"><span class="term"><code class="varname">u</code></span><a class="headerlink" title="Permalink to this term" href="#u"></a></dt><dd><p>Create a
system user and group of the
specified name should they not
exist yet. The user's primary
group will be set to the group
bearing the same name. The
user's shell will be set to
<code class="filename">/sbin/nologin</code>,
the home directory to the
specified home directory, or
<code class="filename">/</code> if none
is given. The account will be
created disabled, so that
logins are not
allowed.</p></dd><dt id="g"><span class="term"><code class="varname">g</code></span><a class="headerlink" title="Permalink to this term" href="#g"></a></dt><dd><p>Create a
system group of the specified
name should it not exist
yet. Note that
<code class="varname">u</code>
implicitly create a matching
group. The group will be
created with no password
set.</p></dd><dt id="m"><span class="term"><code class="varname">m</code></span><a class="headerlink" title="Permalink to this term" href="#m"></a></dt><dd><p>Add a user to
a group. If the user or group
are not existing yet, they
will be implicitly
created.</p></dd><dt id="r"><span class="term"><code class="varname">r</code></span><a class="headerlink" title="Permalink to this term" href="#r"></a></dt><dd><p>Add a range of
numeric UIDs/GIDs to the pool
to allocate new UIDs and GIDs
from. If no line of this type
is specified the range of
UIDs/GIDs is set to some
compiled-in default. Note that
both UIDs and GIDs are
allocated from the same pool,
in order to ensure that users
and groups of the same name
are likely to carry the same
numeric UID and
GID.</p></dd></dl></div></div><div class="refsect2"><a name="idm214173873440"></a><h3 id="Name">Name<a class="headerlink" title="Permalink to this headline" href="#Name"></a></h3><p>The name field specifies the user or
group name. It should be shorter than 31
characters and avoid any non-ASCII characters,
and not begin with a numeric character. It is
strongly recommended to pick user and group
names that are unlikely to clash with normal
users created by the administrator. A good
scheme to guarantee this is by prefixing all
system and group names with the underscore,
and avoiding too generic names.</p><p>For <code class="varname">m</code> lines this
field should contain the user name to add to a
group.</p><p>For lines of type <code class="varname">r</code>
this field should be set to
"<code class="literal">-</code>".</p></div><div class="refsect2"><a name="idm214173868576"></a><h3 id="ID">ID<a class="headerlink" title="Permalink to this headline" href="#ID"></a></h3><p>For <code class="varname">u</code> and
<code class="varname">g</code> the numeric 32bit UID or
GID of the user/group. Do not use IDs 65535 or
4294967295, as they have special placeholder
meanings. Specify "<code class="literal">-</code>" for
automatic UID/GID allocation for the user or
group. Alternatively, specify an absolute path
in the file system. In this case the UID/GID
is read from the path's owner/group. This is
useful to create users whose UID/GID match the
owners of pre-existing files (such as SUID or
SGID binaries).</p><p>For <code class="varname">m</code> lines this
field should contain the group name to add to
a user to.</p><p>For lines of type <code class="varname">r</code>
this field should be set to a UID/GID range in
the format "<code class="literal">FROM-TO</code>" where
both values are formatted as decimal ASCII
numbers. Alternatively, a single UID/GID may
be specified formatted as decimal ASCII
numbers.</p></div><div class="refsect2"><a name="idm214173855200"></a><h3 id="GECOS">GECOS<a class="headerlink" title="Permalink to this headline" href="#GECOS"></a></h3><p>A short, descriptive string for users to
be created, enclosed in quotation marks. Note
that this field may not contain colons.</p><p>Only applies to lines of type
<code class="varname">u</code> and should otherwise be
left unset, or be set to
"<code class="literal">-</code>".</p></div><div class="refsect2"><a name="idm214173852288"></a><h3 id="Home Directory">Home Directory<a class="headerlink" title="Permalink to this headline" href="#Home%20Directory"></a></h3><p>The home directory for a new system
user. If omitted defaults to the root
directory. It is recommended to not
unnecessarily specify home directories for
system users, unless software strictly
requires one to be set.</p><p>Only applies to lines of type
<code class="varname">u</code> and should otherwise be
left unset, or be set to
"<code class="literal">-</code>".</p></div></div><div class="refsect1"><a name="idm214173849088"></a><h2 id="Overriding vendor configuration">Overriding vendor configuration<a class="headerlink" title="Permalink to this headline" href="#Overriding%20vendor%20configuration"></a></h2><p>Note that <span class="command"><strong>systemd-sysusers</strong></span>
will do nothing if the specified users or groups
already exist, so normally there no reason to override
<code class="filename">sysusers.d</code> vendor configuration,
except to block certain users or groups from being
created.</p><p>Files in <code class="filename">/etc/sysusers.d</code>
override files with the same name in
<code class="filename">/usr/lib/sysusers.d</code> and
<code class="filename">/run/sysusers.d</code>. Files in
<code class="filename">/run/sysusers.d</code> override files
with the same name in
<code class="filename">/usr/lib/sysusers.d</code>. The scheme is the same as for
<a href="tmpfiles.d.html"><span class="citerefentry"><span class="refentrytitle">tmpfiles.d</span>(5)</span></a>,
except for the directory name.</p><p>If the administrator wants to disable a
configuration file supplied by the vendor, the
recommended way is to place a symlink to
<code class="filename">/dev/null</code> in
<code class="filename">/etc/sysusers.d/</code> bearing the
same filename.</p></div><div class="refsect1"><a name="idm214173839456"></a><h2 id="See Also">See Also<a class="headerlink" title="Permalink to this headline" href="#See%20Also"></a></h2><p>
<a href="systemd.html"><span class="citerefentry"><span class="refentrytitle">systemd</span>(1)</span></a>,
<a href="systemd-sysusers.html"><span class="citerefentry"><span class="refentrytitle">systemd-sysusers</span>(8)</span></a>,
<a href="tmpfiles.d.html"><span class="citerefentry"><span class="refentrytitle">tmpfiles.d</span>(5)</span></a>
</p></div></div></body></html>
Reference in New Issue View Git Blame Copy Permalink