.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .if !\nF .nr F 0 .if \nF>0 \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} .\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "DH_SYSUSER 1" .TH DH_SYSUSER 1 "2018-06-25" "perl v5.26.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" dh_sysuser \- manage system users, required for package operation .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\fBdh_sysuser\fR [\fIdebhelper\ options\fR] [\fIusername\fR \fIoptions\fR] ... .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBdh_sysuser\fR is debhelper addon, that provide simple and uniform way of creating and removing system users, required for package operation (for example, to run with dropped privileges). .PP Process of user creation is delegated to \fIuseradd\fR\|(8) utility, whose behavior is controlled by \fI/etc/login.defs\fR configuration file. In default installation, .IP "\-" 4 New user have primary group of same name. It is not be member of any other groups. .IP "\-" 4 New user have '!' in \fI/etc/shadow\fR password field, making it impossible to login. .IP "\-" 4 New user have \fI/usr/sbin/nologin\fR as its shell. You still can get new user's shell with \fIsu \-s\fR. .IP "\-" 4 If home directory is created (see below), its permissions are affected by \fB\s-1UMASK\s0\fR variable in \fI/etc/login.defs\fR. By default, it results 0755. Files from \fI/etc/skel\fR are \fI\s-1NOT\s0\fR copied. .Sp \&\fB\s-1WARNING:\s0\fR Paragraph above means that data, stored in new user's home directory is world-readable. If you, as package maintainer, need full control over home directory permissions, you are welcome to file a bug. .PP \&\fBdh_sysuser\fR read its arguments from command line and file \&\fIdebian/\fIpackage\fI.\fIsysuser\fI\fR in pairs, first one being an username and second one is options. The configuration file or commandline arguments must be used to create users: just calling `dh_sysuser` without arguments does nothing. Here are the options that can be specified after the username: .IP "\fIhome\fR" 4 .IX Item "home" This option request creation of home directory in \&\fI/var/lib/\f(BIusername\fI\fR. Probably, you should use this form over explicit one, described below, for uniformity. .IP "\fIhome\fR=\fI/path/to/home/directory\fR" 4 .IX Item "home=/path/to/home/directory" This option requests creation of home directory at specified path .IP "\fIdefaults\fR" 4 .IX Item "defaults" If you do not need any other options, put this one. .SS "\s-1CRUFT OF SYSTEM USERS\s0" .IX Subsection "CRUFT OF SYSTEM USERS" While it is easy to create system user (and user in general), it is hard to say, when it is safe to remove it. What should happen to its home directory? What about files outside of home directory? There was some of discussion (#848239, #848240), and no simple and definitive solution arised. So far, dh-sysuser do the following on package removal: .IP "\-" 4 If user have been created without home directory, it is considered safe to remove it. .IP "\-" 4 If user have been created with home directory, but at time of package removal it is still empty, it is considered safe to remove both user and his empty home directory. .IP "\-" 4 If user have been created with home directory, but at time of package removal it is \fBnot\fR empty, both user and its home directory are left alone. .Sp \&\fB\s-1NOTE:\s0\fR As package maintainer, you are encouraged to delete from home directory files, known to be of little value. It increases chances that home directory will become empty, and user will be removed. .SH "EXAMPLES" .IX Header "EXAMPLES" In \fIdebian/\fIpackage\fI.\fIsysuser\fI\fR, this will create a \fBfoo\fR user with defaults settings, will create a home in the default location for \fBbar\fR, and a custom location for \fBbaz\fR: .PP .Vb 3 \& foo defaults \& bar home \& baz home=/opt/baz .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIuseradd\fR\|(8)