Scroll to navigation

minsysusers(8) GNU/Linux System Adminstrator's manual minsysusers(8)

NAME

minsysusers - minimalistic sysusers.d conf files parser

SYNOPSIS

/usr/sbin/minsysusers [--root=/path] file.conf [ file2.conf ... ]

DESCRIPTION

minsysusers takes declaratives conf files as input and creates system users and group according to sysusers.d(5) specifications. To create users and groups useradd, groupadd and usermod are used under the hood.
Conf files are searched in /etc/sysusers.d/ and /usr/lib/sysusers.d/; files in /etc overrides files with the same name in /usr.
At least one conf file must be given on the command line and the file must exists in at least one searched path.

OPTIONS

takes a path to a root as argument; root must exists. Users and groups will be created inside of the given root; config files given on the command line will be searched inside root. This option can be specified only once for each minsysusers invocation.

DIFFERENCES WITH SYSTEMD-SYSUSERS

conf files in /run/sysusers.d/ and /usr/local/lib/sysusers.d/ are ignored, only /etc/sysusers.d/ and /usr/lib/sysusers.d/ are valid path for conf files.

It's not possible to have minsysusers parse all available conf files at once; even if more than one file is given on the command line, it processes each file and calls useradd, groupadd and usermod before processing the next one.


Minsysusers supports a very small subset of command line options compared to systemd-sysusers; --root
can be given only once, all other options such as --image --replace --dry-run --inline --cat-config --tldr --no-pager --help --version are not supported.

SYSUSERS.D: IMPLEMENTATION DETAILS

Specifiers as described in sysusers.d(5) are not supported.

Types u, g, m, r are supported; conffile's lines are grouped by type and processed in the following order: r, g, u and m. As a consequence, the order or lines in a conffile does not matter, except for r type (see below).

Ranges in r lines are passed to useradd, usermod using -K thus overriding SYS_UID_ and SYS_GID_ key values in /etc/login.defs. When multiple r lines are given, the range from the first one is used, ranges from remaining r lines are discarded. When a UID is specified in ID field, and the UID is free, it takes precedence over the range given with r line.

For u lines the default home is / and the default shell is /sbin/nologin . Both home and shell field must start with / , be empty or set to - .
Gecos field value, if given, must be within double quotes; empty or - gecos is valid.
When u! is used, the account is locked with usermod -L .

For ID field, special values 65535 and 4294967295 are reserved and thus not valid. The ID field can be specified in various form:

for u lines, the following entries are considered valid

500

500:600

500:groupname

-:groupname

-:600

/path/to/file

/path/to/dir

When a path is given if a system group for path's GID is not found, the system group is automatically created. For all other ID entries where a groupname or a GID is specified, the corresponding system group must already exists (it's ok to create it explicitly with a g line in the same conf file).

for g lines, the following entries are considered valid

500

/path/to/file

/path/to/dir

when a path is given, the path's GID is used to create the system group; the UID of the path is irrelevant.

for m lines it must be a groupname;

for r lines it must be either a single number or a min-max numeric range.

FILES

/etc/sysusers.d/
/usr/lib/sysusers.d/
/etc/login.defs

SEE ALSO

sysusers.d(5)

AUTHOR

Lorenzo Puliti <plorenzo@disroot.org>

January 20, 2025