sysusers.d.xml revision 7629889c86005017eb1a7f1f803c0d8e7a5bef08
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki<!--*-nxml-*-->
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
acc36ab93565d2880447d535da6ca6e5feac7a70nd This file is part of systemd.
031b91a62d25106ae69d4693475c79618dd5e884fielding Copyright 2014 Lennart Poettering
031b91a62d25106ae69d4693475c79618dd5e884fielding systemd is free software; you can redistribute it and/or modify it
031b91a62d25106ae69d4693475c79618dd5e884fielding under the terms of the GNU Lesser General Public License as published by
031b91a62d25106ae69d4693475c79618dd5e884fielding the Free Software Foundation; either version 2.1 of the License, or
031b91a62d25106ae69d4693475c79618dd5e884fielding (at your option) any later version.
acc36ab93565d2880447d535da6ca6e5feac7a70nd systemd is distributed in the hope that it will be useful, but
acc36ab93565d2880447d535da6ca6e5feac7a70nd WITHOUT ANY WARRANTY; without even the implied warranty of
acc36ab93565d2880447d535da6ca6e5feac7a70nd MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
acc36ab93565d2880447d535da6ca6e5feac7a70nd Lesser General Public License for more details.
acc36ab93565d2880447d535da6ca6e5feac7a70nd You should have received a copy of the GNU Lesser General Public License
acc36ab93565d2880447d535da6ca6e5feac7a70nd along with systemd; If not, see <http://www.gnu.org/licenses/>.
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki <refentryinfo>
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki <authorgroup>
498e8a909bc308283d3713bb348246fe51de059cyoshiki </authorgroup>
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki </refentryinfo>
498e8a909bc308283d3713bb348246fe51de059cyoshiki <refnamediv>
498e8a909bc308283d3713bb348246fe51de059cyoshiki <refpurpose>Declarative allocation of system users and groups</refpurpose>
498e8a909bc308283d3713bb348246fe51de059cyoshiki </refnamediv>
d0e461f79912b6ba125ba7d7b0a8ed2966f0a44dyoshiki <refsynopsisdiv>
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki <para><filename>/usr/lib/sysusers.d/*.conf</filename></para>
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki </refsynopsisdiv>
59d52c5719a3320d5775ab821b810f294e168f65yoshiki files from <filename>sysusers.d</filename> directory
59d52c5719a3320d5775ab821b810f294e168f65yoshiki to create system users and groups at package
59d52c5719a3320d5775ab821b810f294e168f65yoshiki installation or boot time. This tool may be used to
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki allocate system users and groups only, it is not
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki useful for creating non-system users and groups, as it
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki any more complex user databases, for example any
498e8a909bc308283d3713bb348246fe51de059cyoshiki database involving NIS or LDAP.</para>
498e8a909bc308283d3713bb348246fe51de059cyoshiki </refsect1>
d0e461f79912b6ba125ba7d7b0a8ed2966f0a44dyoshiki <para>Each configuration file shall be named in the
d0e461f79912b6ba125ba7d7b0a8ed2966f0a44dyoshiki <filename><replaceable>package</replaceable>.conf</filename>
d0e461f79912b6ba125ba7d7b0a8ed2966f0a44dyoshiki <filename><replaceable>package</replaceable>-<replaceable>part</replaceable>.conf</filename>.
498e8a909bc308283d3713bb348246fe51de059cyoshiki The second variant should be used when it is desirable
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki to make it easy to override just this part of
498e8a909bc308283d3713bb348246fe51de059cyoshiki configuration.</para>
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki <para>The file format is one line per user or group
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki containing name, ID, GECOS field description and home directory:</para>
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki <programlisting># Type Name ID GECOS
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshikiu httpd 440 "HTTP User"
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshikim authd input
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshikiu root 0 "Superuser" /root</programlisting>
498e8a909bc308283d3713bb348246fe51de059cyoshiki <para>The type consists of a single
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki letter. The following line types are
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki understood:</para>
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki <variablelist>
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki <varlistentry>
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki system user and group of the
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki specified name should they not
498e8a909bc308283d3713bb348246fe51de059cyoshiki exist yet. The user's primary
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki group will be set to the group
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki bearing the same name. The
498e8a909bc308283d3713bb348246fe51de059cyoshiki user's shell will be set to
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki the home directory to the
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki specified home directory, or
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki is given. The account will be
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki created disabled, so that
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki logins are not
498e8a909bc308283d3713bb348246fe51de059cyoshiki </varlistentry>
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki <varlistentry>
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki system group of the specified
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki name should it not exist
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki yet. Note that
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki implicitly create a matching
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki group. The group will be
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki created with no password
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki </varlistentry>
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki <varlistentry>
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki a group. If the user or group
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki are not existing yet, they
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki will be implicitly
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki </varlistentry>
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki </variablelist>
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki </refsect2>
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki <para>The name field specifies the user or
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki group name. It should be shorter than 31
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki characters and avoid any non-ASCII characters,
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki and not begin with a numeric character. It is
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki strongly recommended to pick user and group
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki names that are unlikely to clash with normal
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki users created by the administrator. A good
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki scheme to guarantee this is by prefixing all
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki system and group names with the underscore,
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki and avoiding too generic names.</para>
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki field should contain the user name to add to a
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki group.</para>
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki </refsect2>
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki 4294967295, as they have special placeholder
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki group. Alternatively, specify an absolute path
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki owners of pre-existing files (such as SUID or
d0e461f79912b6ba125ba7d7b0a8ed2966f0a44dyoshiki SGID binaries).</para>
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki field should contain the group name to add to
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki a user to.</para>
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki </refsect2>
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki <para>A short, descriptive string for users to
498e8a909bc308283d3713bb348246fe51de059cyoshiki be created, enclosed in quotation marks. Note
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki that this field may not contain colons.</para>
498e8a909bc308283d3713bb348246fe51de059cyoshiki <para>Only applies to lines of type
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki left unset, or be set to
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki </refsect2>
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki <para>The home directory for a new system
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki user. If omitted defaults to the root
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki directory. It is recommended to not
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki unnecessarily specify home directories for
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki system users, unless software strictly
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki requires one to be set.</para>
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki <para>Only applies to lines of type
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki left unset, or be set to
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki </refsect2>
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki </refsect1>
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki will do nothing if the specified users or groups
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki already exist, so normally there no reason to override
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki <filename>sysusers.d</filename> vendor configuration,
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki except to block certain users or groups from being
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki created.</para>
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki override files with the same name in
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki with the same name in
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki <filename>/usr/lib/sysusers.d</filename>. The scheme is the same as for
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki except for the directory name.</para>
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki <para>If the administrator wants to disable a
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki configuration file supplied by the vendor, the
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki recommended way is to place a symlink to
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki same filename.</para>
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki </refsect1>
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki <citerefentry><refentrytitle>systemd-sysusers</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
0d419faf71b4d392a596273bd6cc6db401bf6ab7yoshiki </refsect1>