1SYSUSERS.D(5) sysusers.d SYSUSERS.D(5)
2
6 sysusers.d - Declarative allocation of system users and groups
7
9 /usr/lib/sysusers.d/*.conf
10
12 systemd-sysusers uses the files from sysusers.d directory to create
13 system users and groups at package installation or boot time. This tool
14 may be used to allocate system users and groups only, it is not useful
15 for creating non-system users and groups, as it accesses /etc/passwd
16 and /etc/group directly, bypassing any more complex user databases, for
17 example any database involving NIS or LDAP.
18
20 Each configuration file shall be named in the style of package.conf or
21 package-part.conf. The second variant should be used when it is
22 desirable to make it easy to override just this part of configuration.
23 The file format is one line per user or group containing name, ID,
25 GECOS field description and home directory:
26 # Type Name ID GECOS
28 u httpd 440 "HTTP User"
29 u authd /usr/bin/authd "Authorization user"
30 g input - -
31 m authd input
32 u root 0 "Superuser" /root
33 Type
35 The type consists of a single letter. The following line types are
36 understood:
37 u
39 Create a system user and group of the specified name should they
40 not exist yet. The user's primary group will be set to the group
41 bearing the same name. The user's shell will be set to
42 /sbin/nologin, the home directory to the specified home directory,
43 or / if none is given. The account will be created disabled, so
44 that logins are not allowed.
45 g
47 Create a system group of the specified name should it not exist
48 yet. Note that u implicitly create a matching group. The group will
49 be created with no password set.
50 m
52 Add a user to a group. If the user or group are not existing yet,
53 they will be implicitly created.
54 r
56 Add a range of numeric UIDs/GIDs to the pool to allocate new UIDs
57 and GIDs from. If no line of this type is specified the range of
58 UIDs/GIDs is set to some compiled-in default. Note that both UIDs
59 and GIDs are allocated from the same pool, in order to ensure that
60 users and groups of the same name are likely to carry the same
61 numeric UID and GID.
62 Name
64 The name field specifies the user or group name. It should be shorter
65 than 31 characters and avoid any non-ASCII characters, and not begin
66 with a numeric character. It is strongly recommended to pick user and
67 group names that are unlikely to clash with normal users created by the
68 administrator. A good scheme to guarantee this is by prefixing all
69 system and group names with the underscore, and avoiding too generic
70 names.
71 For m lines this field should contain the user name to add to a group.
73 For lines of type r this field should be set to "-".
75 ID
77 For u and g the numeric 32bit UID or GID of the user/group. Do not use
78 IDs 65535 or 4294967295, as they have special placeholder meanings.
79 Specify "-" for automatic UID/GID allocation for the user or group.
80 Alternatively, specify an absolute path in the file system. In this
81 case the UID/GID is read from the path's owner/group. This is useful to
82 create users whose UID/GID match the owners of pre-existing files (such
83 as SUID or SGID binaries).
84 For m lines this field should contain the group name to add to a user
86 to.
87 For lines of type r this field should be set to a UID/GID range in the
89 format "FROM-TO" where both values are formatted as decimal ASCII
90 numbers. Alternatively, a single UID/GID may be specified formatted as
91 decimal ASCII numbers.
92 GECOS
94 A short, descriptive string for users to be created, enclosed in
95 quotation marks. Note that this field may not contain colons.
96 Only applies to lines of type u and should otherwise be left unset, or
98 be set to "-".
99 Home Directory
101 The home directory for a new system user. If omitted defaults to the
102 root directory. It is recommended to not unnecessarily specify home
103 directories for system users, unless software strictly requires one to
104 be set.
105 Only applies to lines of type u and should otherwise be left unset, or
107 be set to "-".
108
110 Configuration files are read from directories in /etc/, /run/, and
111 /usr/lib/, in order of precedence. Each configuration file in these
112 configuration directories shall be named in the style of filename.conf.
113 Files in /etc/ override files with the same name in /run/ and
114 /usr/lib/. Files in /run/ override files with the same name in
115 /usr/lib/.
116 Packages should install their configuration files in /usr/lib/. Files
118 in /etc/ are reserved for the local administrator, who may use this
119 logic to override the configuration files installed by vendor packages.
120 All configuration files are sorted by their filename in lexicographic
121 order, regardless of which of the directories they reside in. If
122 multiple files specify the same option, the entry in the file with the
123 lexicographically latest name will take precedence. It is recommended
124 to prefix all filenames with a two-digit number and a dash, to simplify
125 the ordering of the files.
126 If the administrator wants to disable a configuration file supplied by
128 the vendor, the recommended way is to place a symlink to /dev/null in
129 the configuration directory in /etc/, with the same filename as the
130 vendor configuration file.
131
133 Note that systemd-sysusers will do nothing if the specified users or
134 groups already exist, so normally there no reason to override
135 sysusers.d vendor configuration, except to block certain users or
136 groups from being created.
137
139 systemd(1), systemd-sysusers(8)
140systemd 219 SYSUSERS.D(5)