1libuser.conf(5) File Formats Manual libuser.conf(5)
2
6 libuser.conf - configuration for libuser and libuser utilities
7
10 libuser.conf is a text file. Leading and trailing white space on each
11 line is ignored. Lines starting with # are ignored.
12 The file defines variables grouped into sections. Each section starts
14 with a section header:
15 [section name]
16 A single section header can appear more than once in the file.
17 The lines following a section header define variables from that sec‐
19 tion:
20 variable = value
21 The value can be empty.
22 A variable can have more than one value, specified by using more than
24 one line defining that variable. All currently defined variables
25 accept only the first value and ignore the others, if any.
26
29 create_modules
30 A list of module names to use when creating user or group
31 entries, unless the application specifies a different list. The
32 module names in the list can be separated using space, tab or
33 comma. Default value is files shadow.
34 crypt_style
37 The algorithm to use for password encryption when creating new
38 passwords. The current algorithm may be retained when changing
39 a password of an existing user, depending on the application.
40 Possible values are des, md5 or blowfish, all case-insensitive.
42 Unrecognized values are treated as des. Default value is des.
43 mailspooldir
46 The directory containing user's mail spool files. Default value
47 is /var/mail.
48 moduledir
51 The directory containing libuser modules. Default value uses
52 the modules installed with libuser, corresponding to the archi‐
53 tecture of the libuser library, e.g. /usr/lib/libuser or
54 /usr/lib64/libuser (assuming libuser was configured with --pre‐
55 fix=/usr).
56 modules
59 A list of module names to use when not creating user or group
60 entries, unless the application specifies a different list. The
61 module names in the list can be separated using space, tab or
62 comma. Default value is files shadow.
63 skeleton
66 The directory containing files to copy to newly created home
67 directories. Default value is /etc/skel.
68
71 login_defs
72 A path to the login.defs file from shadow. If this variable is
73 defined, the variables from the named file are used in place of
74 some libuser variables. Variables explicitly defined in
75 libuser.conf are not affected by contents of login.defs.
76 The following variables are imported:
78 │
79 Variable │ Imported as
80 ───────────────├───────────────────────────────
81 GID_MIN │ groupdefaults/LU_GIDNUMBER
82 MAIL_DIR │ defaults/mailspooldir
83 MD5_CRYPT_ENAB │ defaults/crypt_style
84 PASS_MAX_DAYS │ userdefaults/LU_SHADOWMAX
85 PASS_MIN_DAYS │ userdefaults/LU_SHADOWMIN
86 PASS_WARN_AGE │ userdefaults/LU_SHADOWWARNING
87 UID_MIN │ userdefaults/LU_UIDNUMBER
88 The following variables are not imported: CREATE_HOME, GID_MAX,
90 MAIL_FILE, SYSLOG_SG_ENAB, UID_MAX, UMASK, USERDEL_CMD, USER‐
91 GROUPS_ENAB
92 default_useradd
95 A path to the default/useradd file from useradd in shadow. If
96 this variable is defined, the variables from the named file are
97 used in place of some libuser variables. Variables explicitly
98 defined in libuser.conf are not affected by contents of
99 default/useradd.
100 The following variables are imported:
102 │
103 Variable │ Imported as
104 ─────────├────────────────────────────────
105 EXPIRE │ userdefaults/LU_SHADOWEXPIRE
106 GROUP │ userdefaults/LU_GIDNUMBER
107 HOME │ userdefaults/LU_HOMEDIRECTORY
108 INACTIVE │ userdefaults/LU_SHADOWINACTIVE
109 SHELL │ userdefaults/LU_LOGINSHELL
110 SKEL │ defaults/skeleton
111 The HOME variable value has /%n appended to it before importing.
113
116 This section defines attribute values of newly created user entities.
117 There is one special variable:
118 LU_UIDNUMBER
121 A decimal number, the first allowed UID value for regular users
122 (not system users). Default value is 500.
123 All other variables have the same names as the attribute names from
126 <libuser/entity.h> and define attribute values. Either the macro name
127 (e.g. LU_GECOS) or the macro content (e.g. pw_gecos) can be used; if
128 both are used, the one appearing later in the configuration file is
129 used.
130 The % character in the value of the variable introduces an escape
132 sequence: %n is replaced by the user name, %d is replaced by current
133 date in days since the epoch, %u is replaced by the user's UID. There
134 is no way to escape the % character and avoid this substitution.
135 After the userdefaults section is processed, modules may define addi‐
137 tional attributes or even override the attributes defined in this sec‐
138 tion.
139
142 The groupdefaults section is similar to userdefaults. There is one
143 special variable:
144 LU_GIDNUMBER
147 A decimal number, the first allowed GID value for regular groups
148 (not system groups). Default value is 500.
149 The other variables follow the same rules as in the userdefaults sec‐
152 tion, except that %n and %u are replaced by the group name and group's
153 GID, respectively.
154 After the groupdefaults section is processed, modules may define addi‐
156 tional attributes or even override the attributes defined in this sec‐
157 tion.
158
161 Configures the files module, which manages /etc/group and /etc/passwd.
162 The configuration variables are probably useful only for libuser devel‐
163 opment.
164 directory
167 The directory containing the group and passwd files. Default
168 value is /etc.
169 nonroot
172 Allow module initialization when not invoked as the root user if
173 the value is yes.
174
177 Configures the files module, which manages /etc/gshadow and
178 /etc/shadow. The configuration variables are probably useful only for
179 libuser development.
180 directory
183 The directory containing the gshadow and shadow files. Default
184 value is /etc.
185 nonroot
188 Allow module initialization when not invoked as the root user if
189 the value is yes.
190
193 Configures the ldap module, which manages an user database accessible
194 using LDAP.
195 userBranch
198 The LDAP suffix for user entities. Default value is ou=People.
199 groupBranch
202 The LDAP suffix for group entities. Default value is ou=Group.
203 server A domain name or an URI of the LDAP server. The URI can use the
206 ldap or the ldaps protocol. When a simple domain name is used,
207 the connection fails if TLS can not be used; an URI using the
208 ldap protocol allows connection without TLS. Default value is
209 ldap.
210 basedn The base DN of the server. Default value is dc=example,dc=com.
213 binddn A DN for binding to the server. If the value is empty or bind‐
216 ing using this DN fails, a DN of uid=user,userBranch,basedn is
217 used, where userBranch and basedn are variables from this sec‐
218 tion and user is the user name of the invoking user, unless
219 overridden by the user variable from this section. Default
220 value is cn=manager,dc=example,dc=com.
221 user The SASLv2 identity for authenticating to the LDAP server, also
224 overrides the user name for generating a bind DN. Default value
225 is the name of the invoking user.
226 authuser
229 The SASLv2 authorization user, if non-empty. Default value is
230 empty.
231 bindtype
234 The list of bind types to use, separated by commas. Allowed
235 bind types are simple and sasl (both case-insensitive). If more
236 than one bind type is specified, their relative order is
237 ignored. Default value is simple,sasl.
238
242 Configures the sasl module, which manages a SASLv2 user database.
243 appname
246 Name of the SASLv2 application. Default value is empty.
247 domain Domain used by libuser for the SASLv2 authentication object.
250 Default value is empty.
251
254 Invalid lines in the configuration file (or the imported shadow config‐
255 uration files) are silently ignored.
256
259 /etc/libuser.conf
260 The default location of the configuration file. Can be overrid‐
261 den by the LIBUSER_CONF environment variable, except in set-uid
262 or set-gid programs.
263libuser Oct 8 2005 libuser.conf(5)