systemd-sysusers, systemd-sysusers.service - Allocate system users and groups
systemd-sysusers [OPTIONS...] [CONFIGFILE...]
systemd-sysusers creates system users and groups, based on the file format and location specified in sysusers.d(5).
If invoked with no arguments, it applies all directives from all files found in the directories specified by sysusers.d(5). When invoked with positional arguments, if option --replace=PATH is specified, arguments specified on the command line are used instead of the configuration file PATH. Otherwise, just the configuration specified by the command line arguments is executed. The string "-" may be specified instead of a filename to instruct systemd-sysusers to read the configuration from standard input. If only the basename of a file is specified, all configuration directories are searched for a matching file and the file found that has the highest priority is executed.
The following options are understood:
This option is intended to be used when package installation scripts are running and files belonging to that package are not yet available on disk, so their contents must be given on the command line, but the admin configuration might already exist and should be given higher priority.
Example 1. RPM installation script for radvd
echo 'u radvd - "radvd daemon"' | \
systemd-sysusers --replace=/usr/lib/sysusers.d/radvd.conf -
This will create the radvd user as if /usr/lib/sysusers.d/radvd.conf was already on disk. An admin might override the configuration specified on the command line by placing /etc/sysusers.d/radvd.conf or even /etc/sysusers.d/00-overrides.conf.
Note that this is the expanded form, and when used in a package, this would be written using a macro with "radvd" and a file containing the configuration line as arguments.
systemd-sysusers supports the service credentials logic as implemented by LoadCredential=/SetCredential= (see systemd.exec(1) for details). The following credentials are used when passed in:
Note that by default the systemd-sysusers.service unit file is set up to inherit the "passwd.hashed-password.root", "passwd.plaintext-password.root" and "passwd.shell.root" credentials from the service manager. Thus, when invoking a container with an unpopulated /etc/ for the first time it is possible to configure the root user's password to be "systemd" like this:
# systemd-nspawn --image=... --set-credential=passwd.hashed-password.root:'$y$j9T$yAuRJu1o5HioZAGDYPU5d.$F64ni6J2y2nNQve90M/p0ZP0ECP/qqzipNyaY9fjGpC' ...
Note again that the data specified in these credentials is consulted only when creating an account for the first time, it may not be used for changing the password or shell of an account that already exists.
Use mkpasswd(1) for generating UNIX password hashes from the command line.
On success, 0 is returned, a non-zero failure code otherwise.
systemd(1), sysusers.d(5), Users, Groups, UIDs and GIDs on systemd systems, systemd.exec(1), mkpasswd(1)
- Discoverable Partitions Specification
- Users, Groups, UIDs and GIDs on systemd systems