libuser.conf - configuration for libuser and libuser utilities
FILE FORMAT
libuser.conf
is a text file.
Leading and trailing white space on each line is ignored.
Lines starting with
#
are ignored.
The file defines variables grouped into sections. Each section starts with
a section header:
[section name]
A single section header can appear more than once in the file.
The lines following a section header define variables from that section:
variable=value
The
value
can be empty.
A
variable
can have more than one value, specified by using more than one line
defining that variable.
All currently defined variables accept only the first value and ignore
the others, if any.
[defaults]
create_modules
A list of module names to use when creating user or group entries,
unless the application specifies a different list.
The module names in the list can be separated using space, tab or comma.
Default value is files shadow.
crypt_style
The algorithm to use for password encryption when creating new passwords.
The current algorithm may be retained
when changing a password of an existing user, depending on the application.
Possible values are des, md5 or blowfish, all
case-insensitive.
Unrecognized values are treated as des.
Default value is des.
mailspooldir
The directory containing user's mail spool files.
Default value is /var/mail.
moduledir
The directory containing
libuser
modules.
Default value uses the modules installed with libuser,
corresponding to the architecture of the
libuser
library,
e.g. /usr/lib/libuser or /usr/lib64/libuser
(assuming
libuser
was configured with --prefix=/usr).
modules
A list of module names to use when not creating user or group entries,
unless the application specifies a different list.
The module names in the list can be separated using space, tab or comma.
Default value is files shadow.
skeleton
The directory containing files to copy to newly created home directories.
Default value is /etc/skel.
[import]
login_defs
A path to the
login.defs
file from shadow.
If this variable is defined,
the variables from the named file are used in place of some
libuser
variables.
Variables explicitly defined in
libuser.conf
are not affected by contents of login.defs.
The following variables are imported:
Variable
Imported as
GID_MIN
MAIL_DIR
defaults/mailspooldir
MD5_CRYPT_ENAB
defaults/crypt_style
PASS_MAX_DAYS
userdefaults/LU_SHADOWMAX
PASS_MIN_DAYS
userdefaults/LU_SHADOWMIN
PASS_WARN_AGE
userdefaults/LU_SHADOWWARNING
UID_MIN
userdefaults/LU_UIDNUMBER
The following variables are
not
imported:
CREATE_HOME, GID_MAX, MAIL_FILE, SYSLOG_SG_ENAB,
UID_MAX, UMASK, USERDEL_CMD, USERGROUPS_ENAB
default_useradd
A path to the
default/useradd
file from
useradd
in shadow.
If this variable is defined,
the variables from the named file are used in place of some
libuser
variables.
Variables explicitly defined in
libuser.conf
are not affected by contents of default/useradd.
The following variables are imported:
Variable
Imported as
EXPIRE
GROUP
userdefaults/LU_GIDNUMBER
INACTIVE
userdefaults/LU_SHADOWINACTIVE
SHELL
userdefaults/LU_LOGINSHELL
SKEL
defaults/skeleton
The
HOME
variable is
not
imported.
[userdefaults]
This section defines attribute values of newly created user entities.
There is one special variable:
LU_UIDNUMBER
A decimal number, the first allowed UID value for regular users (not system
users).
Default value is 500.
All other variables have the same names as the attribute names from
<libuser/entity.h> and define attribute values.
Either the macro name (e.g. LU_GECOS)
or the macro content (e.g. pw_gecos)
can be used;
if both are used, the one appearing later in the configuration file
is used.
The
%
character in the value of the variable introduces an escape sequence:
%n
is replaced by the user name,
%d
is replaced by current date in days since the epoch,
%u
is replaced by the user's UID.
There is no way to escape the
%
character and avoid this substitution.
After the
userdefaults
section is processed, modules may define additional attributes
or even override the attributes defined in this section.
[groupdefaults]
The
groupdefaults
section is similar to userdefaults.
There is one special variable:
LU_GIDNUMBER
A decimal number, the first allowed GID value for regular groups (not system
groups).
Default value is 500.
The other variables follow the same rules as in the
userdefaults
section,
except that
%n
and
%u
are replaced by the group name and group's GID, respectively.
After the
groupdefaults
section is processed, modules may define additional attributes
or even override the attributes defined in this section.
[files]
Configures the
files
module, which manages
/etc/group
and /etc/passwd.
The configuration variables are probably useful only for
libuser
development.
directory
The directory containing the
group
and
passwd
files.
Default value is /etc.
nonroot
Allow module initialization when not invoked as the
root
user if the value is yes.
[shadow]
Configures the
files
module, which manages
/etc/gshadow
and /etc/shadow.
The configuration variables are probably useful only for
libuser
development.
directory
The directory containing the
gshadow
and
shadow
files.
Default value is /etc.
nonroot
Allow module initialization when not invoked as the
root
user if the value is yes.
[ldap]
Configures the
ldap
module, which manages an user database accessible using LDAP.
userBranch
The LDAP suffix for user entities.
Default value is ou=People.
groupBranch
The LDAP suffix for group entities.
Default value is ou=Group.
server
A domain name or an URI of the LDAP server.
The URI can use the
ldap
or the
ldaps
protocol.
When a simple domain name is used,
the connection fails if TLS can not be used;
an URI using the
ldap
protocol allows connection without TLS.
Default value is ldap.
basedn
The base DN of the server.
Default value is dc=example,dc=com.
binddn
A DN for binding to the server.
If the value is empty or binding using this DN fails,
a DN of uid=user,userBranch,basedn is used, where
userBranch
and
basedn
are variables from this section
and
user
is the user name of the invoking user, unless overridden by the
user
variable from this section.
Default value is cn=manager,dc=example,dc=com.
user
The SASLv2 identity for authenticating to the LDAP server,
also overrides the user name for generating a bind DN.
Default value is the name of the invoking user.
authuser
The SASLv2 authorization user, if non-empty.
Default value is empty.
bindtype
The list of bind types to use, separated by commas.
Allowed bind types are simple, sasl, and sasl/mechanism,
where
mechanism
is a SASL mechanism.
The bind types (but not necessarily mechanism) are case-insensitive.
If more than one bind type is specified, their relative order is ignored.
Default value is simple,sasl.
[sasl]
Configures the
sasl
module, which manages a SASLv2 user database.
appname
Name of the SASLv2 application.
Default value is empty.
domain
Domain used by libuser for the SASLv2 authentication object.
Default value is empty.
BUGS
Invalid lines in the configuration file (or the imported
shadow
configuration files) are silently ignored.
FILES
/etc/libuser.conf
The default location of the configuration file. Can be overridden
by the
LIBUSER_CONF
environment variable, except in set-uid or set-gid programs.
