Man page - dh_sysuser(1)

Packages contains this manual

Package: dh-sysuser
apt-get install dh-sysuser

Manuals in package:

dh_sysuser(1)

Documentations in package:

dh-sysuser

Manual

DH_SYSUSER

NAME
SYNOPSIS
DESCRIPTION
CRUFT OF SYSTEM USERS
EXAMPLES
SEE ALSO

NAME

dh_sysuser - manage system users required for package operation

SYNOPSIS

dh_sysuser [ debhelper options ] [ username options ] ...

DESCRIPTION

dh_sysuser is an alternative to the more popular dh_installsysusers addon; dh_sysuser is a debhelper addon providing a simple way to create system users required for package operation (for example, to run a service with dropped privileges).

Compared to dh_installsysusers, dh_sysuser injects a different dependency that plays nice with alternative init systems, non-linux ports or initless systems. Packages builded with dh_sysuser will still work fine under systemd at the cost of an additional dependency (sysuser-helper).

dh_sysuser should not be used when the upstream source provides a sysusers.d conf file already installed in /usr/lib/sysusers.d/; for such cases please use dh_installsysusers.

The user creation itself is delegated to a systemd-sysusers provider, with a fallback to the minsysusers (8) utility for systems where a systemd-sysuser provider is not available.

	•		The primary group of the new user is created with the same name as the user. The new users will not be a member of any other group except the primary one.
	•		New users have the /etc/shadow password field set to ’!’, making it impossible to log in.
	•		By default new users have the shell set to /usr/sbin/nologin . It is still possible to get a new user’s shell with su -s .
	•		The default home directory is set to /; if a different home is chosen, the home directory is created (see below), its permissions are adjusted according to the SYS_DIR_MODE variable in /etc/adduser.conf . By default, this results in the mode 0755 for the home directory.Files from /etc/skel are NOT copied.

WARNING: The data stored in new user’s home directory are world-readable. If you (as package maintainer) need full control over home directory permissions, please file a bug.

•

It’s possible to override the default setting for user’s home and shell, add a GECOS comment and set the user’s UID. Please see sysusers.d (5) format.

dh_sysuser looks for a debian/package.minsysusers file, if one exists, and installs it as /usr/lib/sysusers.d/package.conf ; then it adds a postinstall snippet code to make sure that the user is created at package postinstall. The debian/package.minsysusers file is expected to follow the sysusers.d (5) conf file specification.

CRUFT OF SYSTEM USERS

Creating a system user (or a user in general) is easy, but safely removing one is hard. Former version of this package used to remove users on purge when home was set to /nonexistent or was empty; however a user may be allowed to write files outside his home, and since UIDs are reusable, this may represent a security risk. With the current version of this package users are never removed automatically.

EXAMPLES

With the following debian/package.minsysusers control file, you get respectively:

u foo - "foo user" /nonexistent -
g bar -
m baz gname

a system user foo with a gecos comment "foo user" and home set to /nonexistent: the foo group will be also created; a system group bar ; add gname group as supplementary group of baz user.