├── .gitignore
├── LICENSE
├── Makefile
├── README.md
├── basic.conf
├── man
├── Makefile
├── custom-html.xsl
├── custom-man.xsl
├── standard-options.xml
├── systemd-sysusers.xml
└── sysusers.d.xml
├── openrc
└── opensysusers.initd.in
├── sysusers
└── test
├── amavisd.conf
├── amule.conf
├── backuppc.conf
├── boinc.conf
├── ceph.conf
├── couchdb.conf
├── dbus.conf
├── deepin-daemon.conf
├── dkimproxy.conf
├── dnscrypt-wrapper.conf
├── dnsmasq.conf
├── docker.conf
├── fetchmail.conf
├── filebeat.conf
├── gitlab-runner.conf
├── grafana.conf
├── hefur.conf
├── jenkins.conf
├── lldpd.conf
├── locate.conf
├── mailman.conf
├── mariadb.conf
├── minidlna.conf
├── mldonkey.conf
├── mosquitto.conf
├── nbd.conf
├── openldap.conf
├── pesign.conf
├── privoxy.conf
├── qemu.conf
├── quagga.conf
├── rethinkdb.conf
├── rkt.conf
├── squid.conf
├── sslh.conf
├── synapse.conf
├── syncthing-relaysrv.conf
├── tomcat7.conf
├── tomcat8.conf
├── transmission-cli.conf
├── unifi.conf
├── util-linux.conf
├── varnish.conf
├── virtualbox-guest-utils.conf
├── virtualbox.conf
├── zabbix-agent.conf
├── zabbix-proxy.conf
├── zabbix-server.conf
└── znc.conf
/.gitignore:
--------------------------------------------------------------------------------
1 | man/*.5
2 | man/*.8
3 | man/*.html
4 | bin/sysusers
5 | bin/opensysusers
6 | openrc/opensysusers.initd
7 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Copyright (c) 2017 - 2018, Chris Cromer
2 | Copyright (c) 2012, Gentoo Foundation
3 | All rights reserved.
4 |
5 | Redistribution and use in source and binary forms, with or without
6 | modification, are permitted provided that the following conditions are met:
7 |
8 | 1. Redistributions of source code must retain the above copyright notice,
9 | this list of conditions and the following disclaimer.
10 | 2. Redistributions in binary form must reproduce the above copyright
11 | notice, this list of conditions and the following disclaimer in the
12 | documentation and/or other materials provided with the distribution.
13 |
14 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
15 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 | ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
18 | LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
19 | CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
20 | SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
21 | INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
22 | CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
23 | ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
24 | POSSIBILITY OF SUCH DAMAGE.
25 |
--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
1 | SYSCONFDIR = /etc
2 | PREFIX ?= /usr/local
3 | BINDIR = $(PREFIX)/bin
4 | LIBDIR = $(PREFIX)/lib
5 | MANDIR = $(PREFIX)/share/man
6 | DOCDIR = $(PREFIX)/share/doc/opensysusers
7 | TESTDIR = /run/sysusers.d
8 | BINMODE = 0755
9 | MODE = 0644
10 | INSTALL = install
11 | MAKE = make
12 |
13 | HAVESYSTEMD = yes
14 | HAVEOPENRC = no
15 | HAVEMAN = yes
16 |
17 | INITD = opensysusers.initd
18 |
19 | BASIC = basic.conf
20 |
21 | ifeq ($(HAVESYSTEMD),yes)
22 | BINNAME = sysusers
23 | else
24 | BINNAME = opensysusers
25 | endif
26 |
27 | TESTFILES = $(wildcard test/*.conf)
28 |
29 | all: sysusers
30 | ifeq ($(HAVEOPENRC),yes)
31 | all: $(INITD)
32 | endif
33 | ifeq ($(HAVEMAN),yes)
34 | all:
35 | +$(MAKE) INSTALL=$(INSTALL) DOCMODE=$(MODE) MANDIR=$(MANDIR) DOCDIR=$(DOCDIR) DESTDIR=$(DESTDIR) -C man
36 | endif
37 |
38 | EDIT = sed "s|@BINNAME[@]|$(BINNAME)|"
39 |
40 | RM = rm -f
41 | CHMOD = chmod $(BINMODE)
42 |
43 | opensysusers: sysusers
44 | $(INSTALL) $< $@
45 |
46 | $(INITD): $(INITD).in
47 | @echo "GEN $@"
48 | @$(RM) "$@"
49 | @$(EDIT) $< >"$@"
50 | @$(CHMOD) "$@"
51 |
52 | clean-openrc:
53 | $(RM) $(INITD)
54 |
55 | clean-man:
56 | +$(MAKE) INSTALL=$(INSTALL) DOCMODE=$(MODE) MANDIR=$(MANDIR) DOCDIR=$(DOCDIR) DESTDIR=$(DESTDIR) -C man clean
57 |
58 | clean: clean-bin
59 | ifeq ($(HAVEOPENRC),yes)
60 | clean: clean-openrc
61 | endif
62 | ifeq ($(HAVEMAN),yes)
63 | clean: clean-man
64 | endif
65 |
66 | install-shared:
67 | $(INSTALL) -Dm $(MODE) $(BASIC) $(DESTDIR)$(LIBDIR)/sysusers.d/$(BASIC)
68 |
69 | install-default-bin: sysusers
70 | $(INSTALL) -Dm $(BINMODE) sysusers $(DESTDIR)$(BINDIR)/$(BINNAME)
71 |
72 | install-custom-bin: sysusers
73 | $(INSTALL) -Dm $(BINMODE) sysusers $(DESTDIR)$(BINDIR)/$(BINNAME)
74 |
75 | install-openrc: $(INITD)
76 | $(INSTALL) -Dm $(BINMODE) $(INITD) $(DESTDIR)$(SYSCONFDIR)/init.d/opensysusers
77 |
78 | install-man:
79 | +$(MAKE) INSTALL=$(INSTALL) DOCMODE=$(MODE) MANDIR=$(MANDIR) DOCDIR=$(DOCDIR) DESTDIR=$(DESTDIR) -C man install
80 |
81 | install-tests:
82 | $(INSTALL) -Dm $(MODE) $(TESTFILES) $(DESTDIR)$(TESTDIR)/
83 |
84 | uninstall-shared:
85 | $(RM) $(DESTDIR)$(LIBDIR)/sysusers.d/$(BASIC)
86 |
87 | uninstall-default-bin:
88 | $(RM) $(DESTDIR)$(BINDIR)/$(BINNAME)
89 |
90 | uninstall-custom-bin:
91 | $(RM) $(DESTDIR)$(BINDIR)/$(BINNAME)
92 |
93 | uninstall-openrc:
94 | $(RM) $(DESTDIR)$(SYSCONFDIR)/init.d/opensysusers
95 |
96 | uninstall-man:
97 | +$(MAKE) INSTALL=$(INSTALL) DOCMODE=$(MODE) MANDIR=$(MANDIR) DOCDIR=$(DOCDIR) DESTDIR=$(DESTDIR) -C man uninstall
98 |
99 | ifeq ($(HAVESYSTEMD),yes)
100 | install: install-shared
101 | uninstall: uninstall-shared
102 | ifeq ($(HAVEMAN),yes)
103 | install: install-man
104 | uninstall: uninstall-man
105 | endif
106 | ifeq ($(BINNAME),sysusers)
107 | install: install-default-bin
108 | uninstall: uninstall-default-bin
109 | else
110 | install: install-custom-bin
111 | uninstall: uninstall-custom-bin
112 | endif
113 |
114 | ifeq ($(HAVEOPENRC),yes)
115 | install: install-openrc
116 | uninstall: uninstall-openrc
117 | endif
118 |
119 | else
120 | install: install-shared install-default-bin
121 | uninstall: uninstall-shared uninstall-default-bin
122 | ifeq ($(HAVEMAN),yes)
123 | install: install-man
124 | uninstall: uninstall-man
125 | endif
126 | ifeq ($(HAVEOPENRC),yes)
127 | install: install-openrc
128 | uninstall: uninstall-openrc
129 | endif
130 |
131 | endif
132 |
133 | .PHONY: all install install-custom-bin install-default-bin install-man install-openrc install-shared install-tests uninstall uninstall-custom-bin uninstall-default-bin uninstall-man uninstall-openrc uninstall-shared clean clean-bin clean-man clean-openrc
134 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | This is a utility written to process sysusers.d files so that they can be handled on systems with or without systemd installed.
2 |
3 | For more information on the files this utility can process, see the
4 | sysusers.d man page [1].
5 |
6 | For more information on the systemd-sysuser command, see the
7 | systemd-sysuers man page [2].
8 |
9 | If built with the make flag SYSTEMDCOMPAT=FALSE, it will only install the basic script to process sysusers.d conf files. Otherwise it installs a script that imitates systemd-sysusers command.
10 |
11 | [1] https://www.freedesktop.org/software/systemd/man/sysusers.d.html
12 |
13 | [2] https://www.freedesktop.org/software/systemd/man/systemd-sysusers.html
--------------------------------------------------------------------------------
/basic.conf:
--------------------------------------------------------------------------------
1 | # This file is part of systemd.
2 | #
3 | # systemd is free software; you can redistribute it and/or modify it
4 | # under the terms of the GNU Lesser General Public License as published by
5 | # the Free Software Foundation; either version 2.1 of the License, or
6 | # (at your option) any later version.
7 |
8 | # The superuser
9 | u root 0 "Super User" /root
10 |
11 | # The nobody user for NFS file systems
12 | u nobody 65534 "Nobody" -
13 |
14 | # Administrator group: can *see* more than normal users
15 | g adm - - -
16 |
17 | # Administrator group: can *do* more than normal users
18 | g wheel - - -
19 |
20 | # Access to certain kernel and userspace facilities
21 | g kmem - - -
22 | g tty 5 - -
23 | g utmp - - -
24 |
25 | # Hardware access groups
26 | g audio - - -
27 | g disk - - -
28 | g input - - -
29 | g kvm - - -
30 | g lp - - -
31 | g optical - - -
32 | g render - - -
33 | g storage - - -
34 | g uucp - - -
35 | g video - - -
36 |
37 | # Default group for normal users
38 | g users - - -
39 |
--------------------------------------------------------------------------------
/man/Makefile:
--------------------------------------------------------------------------------
1 | manfiles5 = sysusers.d.5
2 | manfiles8 = systemd-sysusers.8 systemd-sysusers.service.8
3 | docfiles = sysusers.d.html systemd-sysusers.html
4 |
5 | xsltargs = --nonet \
6 | --xinclude \
7 | --maxdepth 9000 \
8 | --stringparam man.output.quietly 1 \
9 | --stringparam funcsysnopsis.style ansi \
10 | --stringparam man.authors.section.enabled 0 \
11 | --stringparam man.copyright.section.enabled 0 \
12 | --stringparam systemd.version 238.51
13 |
14 | all:
15 | xsltproc $(xsltargs) custom-man.xsl systemd-sysusers.xml
16 | xsltproc $(xsltargs) custom-html.xsl systemd-sysusers.xml > systemd-sysusers.html
17 | xsltproc $(xsltargs) custom-man.xsl sysusers.d.xml
18 | xsltproc $(xsltargs) custom-html.xsl sysusers.d.xml > sysusers.d.html
19 |
20 | clean:
21 | rm $(manfiles5)
22 | rm $(manfiles8)
23 | rm $(docfiles)
24 |
25 | install:
26 | $(INSTALL) -d $(DESTDIR)$(MANDIR)/man5 $(DESTDIR)$(MANDIR)/man8
27 | $(INSTALL) -m $(DOCMODE) $(manfiles5) $(DESTDIR)$(MANDIR)/man5
28 | $(INSTALL) -m $(DOCMODE) $(manfiles8) $(DESTDIR)$(MANDIR)/man8
29 | $(INSTALL) -d $(DESTDIR)$(DOCDIR)
30 | $(INSTALL) -m $(DOCMODE) $(docfiles) $(DESTDIR)$(DOCDIR)
31 |
32 | uninstall:
33 | for man in ${manfiles5}; do rm -f $(DESTDIR)$(MANDIR)/man5/$$man; done
34 | for man in ${manfiles8}; do rm -f $(DESTDIR)$(MANDIR)/man8/$$man; done
35 | for doc in ${docfiles}; do rm -f $(DESTDIR)$(DOCDIR)/$$doc; done
36 | rm -rf --one-file-system $(DESTDIR)$(DOCDIR)
37 |
38 | .PHONY: all install clean
39 |
--------------------------------------------------------------------------------
/man/custom-html.xsl:
--------------------------------------------------------------------------------
1 |
2 |
3 |
23 |
24 |
25 |
26 |
27 |
36 |
37 |
38 |
39 |
40 |
41 |
42 | .html#
43 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 | http://man7.org/linux/man-pages/man
53 |
54 | /
55 |
56 | .
57 |
58 | .html
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 | http://linux.die.net/man/
68 |
69 | /
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 | https://git.zx2c4.com/WireGuard/about/src/tools/
80 |
81 | .
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 | https://www.mankier.com/
92 |
93 | /
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 | https://www.archlinux.org/
104 |
105 | /
106 |
107 | .
108 |
109 | .html
110 |
111 |
112 |
113 |
114 |
115 |
116 |
117 |
118 | https://www.freebsd.org/cgi/man.cgi?
119 |
120 | (
121 |
122 | )
123 |
124 |
125 |
126 |
127 |
128 |
129 |
130 |
131 | http://dbus.freedesktop.org/doc/
132 |
133 | .
134 |
135 | .html
136 |
137 |
138 |
139 |
140 |
141 |
153 |
154 |
155 |
156 |
157 |
158 |
161 |
162 |
163 |
164 |
165 |
166 |
167 |
168 |
169 |
170 |
171 |
172 |
173 |
177 |
178 |
179 |
180 |
181 |
182 |
183 |
184 |
185 |
186 |
192 |
193 |
194 |
195 |
196 |
197 |
198 |
199 |
200 |
201 |
202 |
203 |
204 | ¶
205 |
206 |
207 |
208 |
209 |
210 |
211 |
212 |
213 |
214 |
215 |
216 |
221 |
222 |
223 |
224 |
225 |
226 |
227 |
228 |
229 |
230 |
231 |
232 |
233 |
234 |
235 |
236 |
237 |
238 |
239 |
240 |
241 |
242 |
243 |
244 |
245 |
246 |
251 |
252 |
253 |
254 |
255 |
256 |
257 |
258 |
259 |
260 |
261 |
262 |
263 |
264 |
265 |
283 |
284 |
285 |
286 | index.html
287 |
288 | Index
289 | ·
290 |
291 |
292 | systemd.directives.html
293 |
294 | Directives
295 |
296 |
297 |
298 | systemd
299 |
300 |
301 |
302 |
303 |
304 |
305 | "
306 |
307 | "
308 |
309 |
310 |
311 |
312 |
313 |
314 |
--------------------------------------------------------------------------------
/man/custom-man.xsl:
--------------------------------------------------------------------------------
1 |
2 |
3 |
23 |
24 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 | .TH "
42 |
43 |
44 |
45 |
46 |
47 | " "
48 |
49 | " "" "systemd
50 |
51 | " "
52 |
53 | "
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 | "
62 |
63 | "
64 |
65 |
66 |
67 |
--------------------------------------------------------------------------------
/man/standard-options.xml:
--------------------------------------------------------------------------------
1 |
2 |
4 |
5 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 | Print a short help text and exit.
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 | Print a short version string and exit.
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 | Do not pipe output into a pager.
49 |
50 |
51 |
52 |
53 |
54 |
55 | Do not query the user for authentication for privileged operations.
56 |
57 |
58 |
59 |
60 |
61 |
62 | Do not print the legend, i.e. column headers and the
63 | footer with hints.
64 |
65 |
66 |
67 |
--------------------------------------------------------------------------------
/man/systemd-sysusers.xml:
--------------------------------------------------------------------------------
1 |
2 |
4 |
5 |
25 |
26 |
28 |
29 |
30 | systemd-sysusers
31 | systemd
32 |
33 |
34 |
35 | Developer
36 | Lennart
37 | Poettering
38 | lennart@poettering.net
39 |
40 |
41 |
42 |
43 |
44 | systemd-sysusers
45 | 8
46 |
47 |
48 |
49 | systemd-sysusers
50 | systemd-sysusers.service
51 | Allocate system users and groups
52 |
53 |
54 |
55 |
56 | systemd-sysusers
57 | OPTIONS
58 | CONFIGFILE
59 |
60 |
61 | systemd-sysusers.service
62 |
63 |
64 |
65 | Description
66 |
67 | systemd-sysusers creates system users and
68 | groups, based on the file format and location specified in
69 | sysusers.d5.
70 |
71 |
72 | If invoked with no arguments, it applies all directives from all files
73 | found in the directories specified by
74 | sysusers.d5.
75 | When invoked with positional arguments, if option
76 | is specified, arguments
77 | specified on the command line are used instead of the configuration file
78 | PATH. Otherwise, just the configuration specified by
79 | the command line arguments is executed. The string - may be
80 | specified instead of a filename to instruct systemd-sysusers
81 | to read the configuration from standard input. If only the basename of a file is
82 | specified, all configuration directories are searched for a matching file and
83 | the file found that has the highest priority is executed.
84 |
85 |
86 |
87 | Options
88 |
89 | The following options are understood:
90 |
91 |
92 |
93 |
94 | Takes a directory path as an argument. All
95 | paths will be prefixed with the given alternate
96 | root path, including config search
97 | paths.
98 |
99 |
100 |
101 |
102 | When this option is given, one ore more positional arguments
103 | must be specified. All configuration files found in the directories listed in
104 | sysusers.d5
105 | will be read, and the configuration given on the command line will be
106 | handled instead of and with the same priority as the configuration file
107 | PATH.
108 |
109 | This option is intended to be used when package installation scripts
110 | are running and files belonging to that package are not yet available on
111 | disk, so their contents must be given on the command line, but the admin
112 | configuration might already exist and should be given higher priority.
113 |
114 |
115 |
116 | RPM installation script for radvd
117 |
118 | echo 'u radvd - "radvd daemon"' | \
119 | systemd-sysusers --replace=/usr/lib/sysusers.d/radvd.conf -
120 |
121 | This will create the radvd user as if
122 | /usr/lib/sysusers.d/radvd.conf was already on disk.
123 | An admin might override the configuration specified on the command line by
124 | placing /etc/sysusers.d/radvd.conf or even
125 | /etc/sysusers.d/00-overrides.conf.
126 |
127 | Note that this is the expanded from, and when used in a package, this
128 | would be written using a macro with "radvd" and a file containing the
129 | configuration line as arguments.
130 |
131 |
132 |
133 |
134 |
135 |
136 | Treat each positional argument as a separate configuration
137 | line instead of a file name.
138 |
139 |
140 |
141 |
142 |
143 |
144 |
145 |
146 |
147 | Exit status
148 |
149 | On success, 0 is returned, a non-zero failure code
150 | otherwise.
151 |
152 |
153 |
154 | See Also
155 |
156 | systemd1,
157 | sysusers.d5
158 |
159 |
160 |
161 |
162 |
--------------------------------------------------------------------------------
/man/sysusers.d.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
24 |
26 |
27 |
28 | sysusers.d
29 | systemd
30 |
31 |
32 |
33 | Developer
34 | Lennart
35 | Poettering
36 | lennart@poettering.net
37 |
38 |
39 |
40 |
41 |
42 | sysusers.d
43 | 5
44 |
45 |
46 |
47 | sysusers.d
48 | Declarative allocation of system users and groups
49 |
50 |
51 |
52 | /etc/sysusers.d/*.conf
53 | /run/sysusers.d/*.conf
54 | /usr/lib/sysusers.d/*.conf
55 |
56 |
57 |
58 | Description
59 |
60 | systemd-sysusers uses the files from
61 | sysusers.d directory to create system users and groups and
62 | to add users to groups, at package installation or boot time. This tool may be
63 | used to allocate system users and groups only, it is not useful for creating
64 | non-system (i.e. regular, "human") users and groups, as it accesses
65 | /etc/passwd and /etc/group directly,
66 | bypassing any more complex user databases, for example any database involving NIS
67 | or LDAP.
68 |
69 |
70 |
71 | Configuration Directories and Precedence
72 |
73 | Each configuration file shall be named in the style of
74 | package.conf or
75 | package-part.conf.
76 | The second variant should be used when it is desirable to make it
77 | easy to override just this part of configuration.
78 |
79 | Files in /etc/sysusers.d override files
80 | with the same name in /usr/lib/sysusers.d and
81 | /run/sysusers.d. Files in
82 | /run/sysusers.d override files with the same
83 | name in /usr/lib/sysusers.d. Packages should
84 | install their configuration files in
85 | /usr/lib/sysusers.d. Files in
86 | /etc/sysusers.d are reserved for the local
87 | administrator, who may use this logic to override the
88 | configuration files installed by vendor packages. All
89 | configuration files are sorted by their filename in lexicographic
90 | order, regardless of which of the directories they reside in. If
91 | multiple files specify the same path, the entry in the file with
92 | the lexicographically earliest name will be applied. All later
93 | entries for the same user and group names will be logged as warnings.
94 |
95 |
96 | If the administrator wants to disable a configuration file
97 | supplied by the vendor, the recommended way is to place a symlink
98 | to /dev/null in
99 | /etc/sysusers.d/ bearing the same filename.
100 |
101 |
102 |
103 |
104 | Configuration File Format
105 |
106 | The file format is one line per user or group containing name, ID, GECOS
107 | field description, home directory, and login shell:
108 |
109 | #Type Name ID GECOS Home directory Shell
110 | u httpd 404 "HTTP User"
111 | u authd /usr/bin/authd "Authorization user"
112 | u postgres - "Postgresql Database" /var/lib/pgsql /usr/libexec/postgresdb
113 | g input - -
114 | m authd input
115 | u root 0 "Superuser" /root /bin/zsh
116 |
117 | Empty lines and lines beginning with the # character are ignored, and may be used for
118 | commenting.
119 |
120 |
121 | Type
122 |
123 | The type consists of a single letter. The following line
124 | types are understood:
125 |
126 |
127 |
128 | u
129 | Create a system user and group of the specified name should
130 | they not exist yet. The user's primary group will be set to the group
131 | bearing the same name. The account will be created disabled, so that logins
132 | are not allowed.
133 |
134 |
135 |
136 | g
137 | Create a system group of the specified name
138 | should it not exist yet. Note that u
139 | implicitly create a matching group. The group will be
140 | created with no password set.
141 |
142 |
143 |
144 | m
145 | Add a user to a group. If the user or group
146 | do not exist yet, they will be implicitly
147 | created.
148 |
149 |
150 |
151 | r
152 | Add a range of numeric UIDs/GIDs to the pool
153 | to allocate new UIDs and GIDs from. If no line of this type
154 | is specified, the range of UIDs/GIDs is set to some
155 | compiled-in default. Note that both UIDs and GIDs are
156 | allocated from the same pool, in order to ensure that users
157 | and groups of the same name are likely to carry the same
158 | numeric UID and GID.
159 |
160 |
161 |
162 |
163 |
164 |
165 | Name
166 |
167 | The name field specifies the user or group name. The specified name must consist only of the characters a-z,
168 | A-Z, 0-9, _ and -, except for the first character which must be one of a-z,
169 | A-Z or _ (i.e. numbers and - are not permitted as first character). The
170 | user/group name must have at least one character, and at most 31.
171 |
172 | It is strongly recommended to pick user and group names that are unlikely to clash with normal users
173 | created by the administrator. A good scheme to guarantee this is by prefixing all system and group names with the
174 | underscore, and avoiding too generic names.
175 |
176 | For m lines, this field should contain
177 | the user name to add to a group.
178 |
179 | For lines of type r, this field should
180 | be set to -.
181 |
182 |
183 |
184 | ID
185 |
186 | For u and g, the
187 | numeric 32-bit UID or GID of the user/group. Do not use IDs 65535
188 | or 4294967295, as they have special placeholder meanings.
189 | Specify - for automatic UID/GID allocation
190 | for the user or group (this is strongly recommended unless it is strictly
191 | necessary to use a specific UID or GID). Alternatively, specify an absolute path
192 | in the file system. In this case, the UID/GID is read from the
193 | path's owner/group. This is useful to create users whose UID/GID
194 | match the owners of pre-existing files (such as SUID or SGID
195 | binaries).
196 | The syntax uid:gid is also supported to
197 | allow creating user and group pairs with different numeric UID and GID values. The group with the indicated GID must get created explicitly before or it must already exist. Specifying - for the UID in this syntax
198 | is also supported.
199 |
200 |
201 | For m lines, this field should contain
202 | the group name to add to a user to.
203 |
204 | For lines of type r, this field should
205 | be set to a UID/GID range in the format
206 | FROM-TO, where both values are formatted as
207 | decimal ASCII numbers. Alternatively, a single UID/GID may be
208 | specified formatted as decimal ASCII numbers.
209 |
210 |
211 |
212 | GECOS
213 |
214 | A short, descriptive string for users to be created, enclosed in
215 | quotation marks. Note that this field may not contain colons.
216 |
217 | Only applies to lines of type u and should otherwise
218 | be left unset (or -).
219 |
220 |
221 |
222 | Home Directory
223 |
224 | The home directory for a new system user. If omitted, defaults to the
225 | root directory.
226 |
227 | Only applies to lines of type u and should otherwise
228 | be left unset (or -). It is recommended to omit this, unless
229 | software strictly requires a home directory to be set.
230 |
231 |
232 |
233 | Shell
234 |
235 | The login shell of the user. If not specified, this will be set to
236 | /sbin/nologin, except if the UID of the user is 0, in
237 | which case /bin/sh will be used.
238 |
239 | Only applies to lines of type u and should otherwise
240 | be left unset (or -). It is recommended to omit this, unless
241 | a shell different /sbin/nologin must be used.
242 |
243 |
244 |
245 |
246 | Idempotence
247 |
248 | Note that systemd-sysusers will do nothing if the
249 | specified users or groups already exist or the users are members of specified
250 | groups, so normally there is no reason to override
251 | sysusers.d vendor configuration, except to block certain
252 | users or groups from being created.
253 |
254 |
255 |
256 | See Also
257 |
258 | systemd1,
259 | systemd-sysusers8
260 |
261 |
262 |
263 |
264 |
--------------------------------------------------------------------------------
/openrc/opensysusers.initd.in:
--------------------------------------------------------------------------------
1 | #!/sbin/openrc-run
2 | # Copyright (c) 2017 - 2018 Chris Cromer
3 | # Released under the 2-clause BSD license.
4 |
5 | description="Set up sysusers.d entries"
6 |
7 | depend()
8 | {
9 | need localmount
10 | }
11 |
12 | start()
13 | {
14 | ebegin "Setting up sysusers.d entries"
15 | @BINNAME@
16 | eend $?
17 | }
18 |
--------------------------------------------------------------------------------
/sysusers:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # Copyright (c) 2018 Chris Cromer
3 | # Released under the 2-clause BSD license.
4 | #
5 | # This is an implementation of the systemd-sysusers command
6 |
7 | sysusersver=0.6
8 |
9 | warninvalid() {
10 | printf "sysusers: %s on line %d of '%s'\n" "${1:-ignoring invalid entry}" \
11 | "${lineno}" "${file}"
12 | : "$((error += 1))"
13 | } >&2
14 |
15 | add_group() {
16 | # add_group
17 | if [ "$2" = '-' ]; then
18 | grep -q "^$1:" /etc/group || groupadd -r "$1"
19 | elif ! grep -q "^$1:\|^[^:]*:[^:]*:$2:[^:]*$" /etc/group; then
20 | groupadd -g "$2" "$1"
21 | fi
22 | }
23 |
24 | add_user() {
25 | # add_user
26 | if ! id "$1" >/dev/null 2>&1; then
27 | if [ "$2" = '-' ]; then
28 | useradd -rc "$3" -g "$1" -d "$4" -s '/sbin/nologin' "$1"
29 | else
30 | useradd -rc "$3" -u "$2" -g "$1" -d "$4" -s '/sbin/nologin' "$1"
31 | fi
32 | passwd -l "$1" >/dev/null 2>&1
33 | fi
34 | }
35 |
36 | update_login_defs() {
37 | # update_login_defs
38 | [ "$1" != '-' ] && warninvalid && return
39 | min="${2%%-*}" max="${2#*-}"
40 | [ "${max}" != "${max#*-}" ] && warninvalid && return
41 | [ "${min}" -ge "${max}" ] && warninvalid "invalid range" && return
42 |
43 | while read -r key val; do
44 | case "${key}" in
45 | SYS_UID_MAX) suid_max="${val}" ;;
46 | SYS_GID_MAX) sgid_max="${val}" ;;
47 | esac
48 | done < "${root}/etc/login.defs"
49 | [ "${min}" -lt "${suid_max}" ] && warninvalid "invalid range" && return
50 | [ "${min}" -lt "${sgid_max}" ] && warninvalid "invalid range" && return
51 |
52 | sed -e "/[GU]ID_MIN[[:space:]]\+/s/[^[:space:]]*$/${min}/" \
53 | -e "/[GU]ID_MAX[[:space:]]\+/s/[^[:space:]]*$/${max}/" \
54 | -i "${root}/etc/login.defs"
55 | }
56 |
57 | parse_file() {
58 | while read -r conf; do
59 | lineno=0
60 | while read -r line; do
61 | parse_string "${line}" "$((lineno += 1))"
62 | done < "${conf}"
63 | [ -n "${line}" ] && parse_string "${line}"
64 | done
65 | }
66 |
67 | parse_string() {
68 | [ -n "${1%%#*}" ] || return
69 |
70 | eval "set -- $1"
71 | type="$1" name="$2" id="$3" gecos="$4" home="$5"
72 |
73 | case "${type}" in
74 | [gu])
75 | case "${id}" in 65535|4294967295) warninvalid; return; esac
76 | [ "${home:--}" = '-' ] && home='/'
77 | add_group "${name}" "${id}"
78 | if [ "${type}" = u ]; then
79 | add_user "${name}" "${id}" "${gecos}" "${home}"
80 | fi
81 | ;;
82 | m)
83 | add_group "${name}" '-'
84 | if id "${name}" >/dev/null 2>&1; then
85 | usermod -a -G "${id}" "${name}"
86 | else
87 | useradd -r -g "${id}" -s '/sbin/nologin' "${name}"
88 | passwd -l "${name}" >/dev/null 2>&1
89 | fi
90 | ;;
91 | r)
92 | update_login_defs "${name}" "${id}"
93 | ;;
94 | *) warninvalid; return ;;
95 | esac
96 | }
97 |
98 | usage() {
99 | printf '%s\n' \
100 | "${0##*/}" '' \
101 | "${0##*/} creates system users and groups, based on the file" \
102 | 'format and location specified in sysusers.d(5).' '' \
103 | "Usage: ${0##*/} [OPTIONS...] [CONFIGFILE...]" '' \
104 | 'Options:' \
105 | ' --root=root All paths will be prefixed with the' \
106 | ' given alternate root path, including' \
107 | ' config search paths.' \
108 | " --replace=PATH Don't run check in the package" \
109 | ' --inline Treat each positional argument as a' \
110 | ' separate configuration line instead of a' \
111 | ' file name.' \
112 | ' -h, --help Print a short help text and exit.' \
113 | ' --version Print a short version string and exit.'
114 | exit "$1"
115 | }
116 |
117 | error=0 inline=0 replace='' root='' seen=''
118 |
119 | # opensysusers is an implementation of sysusers.d spec without
120 | # systemd command, it doesn't accept options or arguments
121 | [ "${0##*/}" = opensysusers ] && set --
122 | while [ "$#" -ne 0 ]; do
123 | case "$1" in
124 | --root=*) root="${1#--root=}" ;;
125 | --root) root="$2"; shift ;;
126 | --replace=*) replace="${1#--replace=}" ;;
127 | --replace) replace="$2"; shift ;;
128 | --inline) inline=1 ;;
129 | --version) printf '%s\n' "${sysusersver}"; exit 0 ;;
130 | -h|--help) usage 0 ;;
131 | -[!-]|--?*) usage 1 ;;
132 | --) shift; break ;;
133 | *) break ;;
134 | esac
135 | shift
136 | done
137 |
138 | if [ "${inline}" -eq 0 ]; then
139 | for file do
140 | [ "${file}" = '--' ] && continue
141 | for dir in etc run usr/lib; do
142 | if [ -f "${root}/${dir}/sysusers.d/${file}" ]; then
143 | sed -i -e '$a\' "${root}/${dir}/sysusers.d/${file}"
144 | printf '%s/%s/sysusers.d/%s\n' "${root}" "${dir}" "${file}" |
145 | parse_file
146 | break
147 | fi
148 | done
149 | done
150 | else
151 | for string in "$@"; do
152 | parse_string "${string}"
153 | done
154 | fi
155 |
156 | if [ "$#" -eq 0 ] || [ -n "${replace}" ]; then
157 | set -- "${root}/etc/sysusers.d/"*.conf "${root}/run/sysusers.d/"*.conf \
158 | "${root}/usr/lib/sysusers.d/"*.conf
159 | for f do printf '%s %s\n' "${f##*/}" "${f%/*}"; done | sort -k1,1 |
160 | while read -r b d; do
161 | [ "${seen}" = "${seen#* ${b} }" ] && [ -f "${d}/${b}" ] &&
162 | { seen="${seen:- }${b} "; printf '%s/%s\n' "${d}" "${b}"; }
163 | done | parse_file
164 | fi
165 |
166 | exit "${error}"
167 |
--------------------------------------------------------------------------------
/test/amavisd.conf:
--------------------------------------------------------------------------------
1 | u amavis 333 - /var/spool/amavis
2 |
--------------------------------------------------------------------------------
/test/amule.conf:
--------------------------------------------------------------------------------
1 | u amule - "aMule Client" /var/lib/amule
2 | g amule -
3 |
--------------------------------------------------------------------------------
/test/backuppc.conf:
--------------------------------------------------------------------------------
1 | u backuppc 126 - /var/lib/backuppc
2 |
--------------------------------------------------------------------------------
/test/boinc.conf:
--------------------------------------------------------------------------------
1 | u boinc - "BOINC Daemon" /var/lib/boinc
2 | g boinc -
--------------------------------------------------------------------------------
/test/ceph.conf:
--------------------------------------------------------------------------------
1 | u ceph - - /run/ceph
2 |
--------------------------------------------------------------------------------
/test/couchdb.conf:
--------------------------------------------------------------------------------
1 | u couchdb - "CouchDB daemon" /var/lib/couchdb
2 |
--------------------------------------------------------------------------------
/test/dbus.conf:
--------------------------------------------------------------------------------
1 | u dbus 81
2 |
--------------------------------------------------------------------------------
/test/deepin-daemon.conf:
--------------------------------------------------------------------------------
1 | u deepin-daemon - "Deepin Daemon"
2 | g deepin-daemon -
3 |
--------------------------------------------------------------------------------
/test/dkimproxy.conf:
--------------------------------------------------------------------------------
1 | u dkimproxy - "DKIM Proxy"
2 |
--------------------------------------------------------------------------------
/test/dnscrypt-wrapper.conf:
--------------------------------------------------------------------------------
1 | u dnscrypt-wrapper - "DnsCrypt Wrapper" /etc/dnscrypt-wrapper
2 | g dnscrypt-wrapper -
3 |
--------------------------------------------------------------------------------
/test/dnsmasq.conf:
--------------------------------------------------------------------------------
1 | u dnsmasq - "dnsmasq daemon" /
2 |
--------------------------------------------------------------------------------
/test/docker.conf:
--------------------------------------------------------------------------------
1 | # create docker group (FS#38029)
2 | g docker - -
3 |
--------------------------------------------------------------------------------
/test/fetchmail.conf:
--------------------------------------------------------------------------------
1 | u fetchmail 90 "Fetchmail daemon" /var/lib/fetchmail
2 | m fetchmail nobody
3 |
--------------------------------------------------------------------------------
/test/filebeat.conf:
--------------------------------------------------------------------------------
1 | u filebeat - "Lightweight Shipper for Log Data" /var/lib/filebeat
2 |
--------------------------------------------------------------------------------
/test/gitlab-runner.conf:
--------------------------------------------------------------------------------
1 | u gitlab-runner 107 "GitLab Runner" /var/lib/gitlab-runner
2 |
--------------------------------------------------------------------------------
/test/grafana.conf:
--------------------------------------------------------------------------------
1 | u grafana - - /var/lib/grafana
2 |
--------------------------------------------------------------------------------
/test/hefur.conf:
--------------------------------------------------------------------------------
1 | u hefur - - /var/lib/hefurd
2 |
--------------------------------------------------------------------------------
/test/jenkins.conf:
--------------------------------------------------------------------------------
1 | u jenkins - "Jenkins CI" /var/lib/jenkins
2 | g jenkins -
3 |
--------------------------------------------------------------------------------
/test/lldpd.conf:
--------------------------------------------------------------------------------
1 | # https://wiki.archlinux.org/index.php/DeveloperWiki:UID_/_GID_Database
2 | u lldpd 127 - -
3 | m lldpd lldpd
4 |
--------------------------------------------------------------------------------
/test/locate.conf:
--------------------------------------------------------------------------------
1 | g locate 21 - -
2 |
--------------------------------------------------------------------------------
/test/mailman.conf:
--------------------------------------------------------------------------------
1 | u mailman 80 "GNU Mailing List Manager" /usr/lib/mailman
2 |
--------------------------------------------------------------------------------
/test/mariadb.conf:
--------------------------------------------------------------------------------
1 | u mysql 89 "MariaDB" /var/lib/mysql
2 |
--------------------------------------------------------------------------------
/test/minidlna.conf:
--------------------------------------------------------------------------------
1 | u minidlna - "minidlna server" /var/cache/minidlna
2 |
--------------------------------------------------------------------------------
/test/mldonkey.conf:
--------------------------------------------------------------------------------
1 | u mldonkey - "Mldonkey daemon user" /var/lib/mldonkey
2 |
--------------------------------------------------------------------------------
/test/mosquitto.conf:
--------------------------------------------------------------------------------
1 | u mosquitto - "Mosquitto MQTT Broker" /var/empty
2 |
--------------------------------------------------------------------------------
/test/nbd.conf:
--------------------------------------------------------------------------------
1 | u nbd 44 "Network Block Device" /var/empty
2 |
--------------------------------------------------------------------------------
/test/openldap.conf:
--------------------------------------------------------------------------------
1 | u ldap 439 "LDAP Server" /var/lib/openldap
2 |
--------------------------------------------------------------------------------
/test/pesign.conf:
--------------------------------------------------------------------------------
1 | u pesign 312 "pesign signing daemon"
2 |
--------------------------------------------------------------------------------
/test/privoxy.conf:
--------------------------------------------------------------------------------
1 | u privoxy 42 "Privoxy"
2 |
--------------------------------------------------------------------------------
/test/qemu.conf:
--------------------------------------------------------------------------------
1 | g kvm 78 -
2 |
--------------------------------------------------------------------------------
/test/quagga.conf:
--------------------------------------------------------------------------------
1 | u quagga - - /run/quagga
2 |
--------------------------------------------------------------------------------
/test/rethinkdb.conf:
--------------------------------------------------------------------------------
1 | u rethinkdb - "Rethinkdb daemon user" /var/lib/rethinkdb
2 |
--------------------------------------------------------------------------------
/test/rkt.conf:
--------------------------------------------------------------------------------
1 | g rkt - -
2 | g rkt-admin - -
3 |
--------------------------------------------------------------------------------
/test/squid.conf:
--------------------------------------------------------------------------------
1 | u proxy 15 - /var/empty
2 |
--------------------------------------------------------------------------------
/test/sslh.conf:
--------------------------------------------------------------------------------
1 | u sslh - - -
2 |
--------------------------------------------------------------------------------
/test/synapse.conf:
--------------------------------------------------------------------------------
1 | u synapse 198 "Matrix Synapse user" /var/lib/synapse
2 |
--------------------------------------------------------------------------------
/test/syncthing-relaysrv.conf:
--------------------------------------------------------------------------------
1 | u syncthing-relaysrv - "Syncthing relay server"
2 | g syncthing-relaysrv -
3 |
--------------------------------------------------------------------------------
/test/tomcat7.conf:
--------------------------------------------------------------------------------
1 | u tomcat7 71 "Tomcat 7 user" /usr/share/tomcat7
2 |
--------------------------------------------------------------------------------
/test/tomcat8.conf:
--------------------------------------------------------------------------------
1 | u tomcat8 57 "Tomcat 8 user" /usr/share/tomcat8
2 |
--------------------------------------------------------------------------------
/test/transmission-cli.conf:
--------------------------------------------------------------------------------
1 | u transmission 169 "Transmission BitTorrent Daemon" /var/lib/transmission
2 |
--------------------------------------------------------------------------------
/test/unifi.conf:
--------------------------------------------------------------------------------
1 | u unifi 113 - -
2 |
--------------------------------------------------------------------------------
/test/util-linux.conf:
--------------------------------------------------------------------------------
1 | u uuidd 68
2 |
--------------------------------------------------------------------------------
/test/varnish.conf:
--------------------------------------------------------------------------------
1 | u varnish - "Varnish Cache Proxy"
2 | g varnish -
3 |
--------------------------------------------------------------------------------
/test/virtualbox-guest-utils.conf:
--------------------------------------------------------------------------------
1 | g vboxsf 109 -
2 |
--------------------------------------------------------------------------------
/test/virtualbox.conf:
--------------------------------------------------------------------------------
1 | g vboxusers 108 -
2 |
--------------------------------------------------------------------------------
/test/zabbix-agent.conf:
--------------------------------------------------------------------------------
1 | u zabbix-agent 172 - /var/lib/zabbix-agent
2 |
--------------------------------------------------------------------------------
/test/zabbix-proxy.conf:
--------------------------------------------------------------------------------
1 | u zabbix-proxy 171 - /var/lib/zabbix-proxy
2 |
--------------------------------------------------------------------------------
/test/zabbix-server.conf:
--------------------------------------------------------------------------------
1 | u zabbix-server 170 - /var/lib/zabbix-server
2 |
--------------------------------------------------------------------------------
/test/znc.conf:
--------------------------------------------------------------------------------
1 | u znc - - /var/lib/znc
2 |
--------------------------------------------------------------------------------