table of contents
DH_SYSUSER(1) | User Contributed Perl Documentation | DH_SYSUSER(1) |
NAME¶
dh_sysuser - manage system users required for package operation
SYNOPSIS¶
dh_sysuser [debhelper options] [username options] ...
DESCRIPTION¶
dh_sysuser is a debhelper addon providing a simple and uniform way to create and remove system users required for package operation (for example, to run a service with dropped privileges).
The user creation itself is delegated to adduser(8) utility, the behavior of which is controlled by /etc/adduser.conf configuration file. In the default installation:
- The primary group of the new user is created with the same name as the user. The new users will not be a member of any other group except the primary one.
- New users have the /etc/shadow password field set to '!', making it impossible to log in.
- New users have the shell set to /usr/sbin/nologin. It is still possible to get a new user's shell with su -s.
- If the home directory is created (see below), its permissions are adjusted
according to the SYS_DIR_MODE variable in /etc/adduser.conf.
By default, this results in the mode 0755 for the home directory. Files
from /etc/skel are NOT copied.
WARNING: The data stored in new user's home directory are world-readable. If you (as package maintainer) need full control over home directory permissions, please file a bug.
dh_sysuser reads its arguments from command line and the debian/package.sysuser file, if one exists, in pairs, the first argument being a username and the second one is options. The configuration file or command-line arguments must be used to create users: just calling dh_sysuser without any arguments does not have any effect.
Here are the options that can be specified after the username:
- home
- This option requests the creation of a home directory in /var/lib/username. You should use this form over the explicit one described below for uniformity.
- home=/path/to/home/directory
- This option requests the creation of a home directory at the specified path.
- defaults
- If you do not need any other options, specify this one.
CRUFT OF SYSTEM USERS¶
Creating a system user (or a user in general) is easy, but safely removing one is hard. Former version of this package used to remove users on purge when home was set to /nonexistent or was empty; however a user may be allowed to write files outside his home, and since UIDs are reusable, this may represent a security risk. With the current version of this package users are never removed automatically.
EXAMPLES¶
In debian/package.sysuser, this creates a user foo with defaults settings, with a home directory at the default location for bar, and a home directory at a custom location for baz:
foo defaults bar home baz home=/opt/baz
SEE ALSO¶
2024-06-27 | perl v5.38.2 |