Scroll to navigation

DH_SYSUSER(1) User Contributed Perl Documentation DH_SYSUSER(1)

NAME

dh_sysuser - manage system users required for package operation

SYNOPSIS

dh_sysuser [debhelper options] [username options] ...

DESCRIPTION

dh_sysuser is a debhelper addon providing a simple and uniform way to create and remove system users required for package operation (for example, to run a service with dropped privileges).

The user creation itself is delegated to adduser(8) utility, the behavior of which is controlled by /etc/adduser.conf configuration file. In the default installation:

  • The primary group of the new user is created with the same name as the user. The new users will not be a member of any other group except the primary one.
  • New users have the /etc/shadow password field set to '!', making it impossible to log in.
  • New users have the shell set to /usr/sbin/nologin. It is still possible to get a new user's shell with su -s.
  • If the home directory is created (see below), its permissions are adjusted according to the SYS_DIR_MODE variable in /etc/adduser.conf. By default, this results in the mode 0755 for the home directory. Files from /etc/skel are NOT copied.

    WARNING: The data stored in new user's home directory are world-readable. If you (as package maintainer) need full control over home directory permissions, please file a bug.

dh_sysuser reads its arguments from command line and the debian/package.sysuser file, if one exists, in pairs, the first argument being a username and the second one is options. The configuration file or command-line arguments must be used to create users: just calling dh_sysuser without any arguments does not have any effect.

Here are the options that can be specified after the username:

This option requests the creation of a home directory in /var/lib/username. You should use this form over the explicit one described below for uniformity.
This option requests the creation of a home directory at the specified path.
If you do not need any other options, specify this one.

CRUFT OF SYSTEM USERS

Creating a system user (or a user in general) is easy, but safely removing one is hard. Former version of this package used to remove users on purge when home was set to /nonexistent or was empty; however a user may be allowed to write files outside his home, and since UIDs are reusable, this may represent a security risk. With the current version of this package users are never removed automatically.

EXAMPLES

In debian/package.sysuser, this creates a user foo with defaults settings, with a home directory at the default location for bar, and a home directory at a custom location for baz:

    foo defaults
    bar home
    baz home=/opt/baz

SEE ALSO

adduser(8)

2024-06-27 perl v5.38.2