2
.\" A man page for libuser.conf -*- nroff -*-
3
.\" Copyright (C) 2005 Red Hat, Inc.
5
.\" This is free software; you can redistribute it and/or modify it under
6
.\" the terms of the GNU Library General Public License as published by
7
.\" the Free Software Foundation; either version 2 of the License, or
8
.\" (at your option) any later version.
10
.\" This program is distributed in the hope that it will be useful, but
11
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
12
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13
.\" General Public License for more details.
15
.\" You should have received a copy of the GNU Library General Public
16
.\" License along with this program; if not, write to the Free Software
17
.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19
.\" Author: Miloslav Trmac <mitr@redhat.com>
20
.TH libuser.conf 5 "Oct 8 2005" libuser
23
libuser.conf \- configuration for libuser and libuser utilities
28
Leading and trailing white space on each line is ignored.
33
The file defines variables grouped into sections. Each section starts with
36
\fB[\fIsection name\fB]\fR
38
A single section header can appear more than once in the file.
40
The lines following a section header define variables from that section:
52
can have more than one value, specified by using more than one line
53
defining that \fIvariable\fR.
54
All currently defined variables accept only the first value and ignore
60
A list of module names to use when creating user or group entries,
61
unless the application specifies a different list.
62
The module names in the list can be separated using space, tab or comma.
63
Default value is \fBfiles shadow\fR.
67
The algorithm to use for password encryption when creating new passwords.
68
The current algorithm may be retained
69
when changing a password of an existing user, depending on the application.
71
Possible values are \fBdes\fR, \fBmd5\fR or \fBblowfish\fR, all
73
Unrecognized values are treated as \fBdes\fR.
74
Default value is \fBdes\fR.
78
The directory containing user's mail spool files.
79
Default value is \fB/var/mail\fR.
83
The directory containing
86
Default value uses the modules installed with \fBlibuser\fR,
87
corresponding to the architecture of the
90
e.g. \fB/usr/lib/libuser\fR or \fB/usr/lib64/libuser\fR
93
was configured with \fB--prefix=/usr\fR).
97
A list of module names to use when not creating user or group entries,
98
unless the application specifies a different list.
99
The module names in the list can be separated using space, tab or comma.
100
Default value is \fBfiles shadow\fR.
104
The directory containing files to copy to newly created home directories.
105
Default value is \fB/etc/skel\fR.
112
file from \fBshadow\fR.
113
If this variable is defined,
114
the variables from the named file are used in place of some
117
Variables explicitly defined in
119
are not affected by contents of \fIlogin.defs\fR.
121
The following variables are imported:
128
GID_MIN,groupdefaults/LU_GIDNUMBER
129
MAIL_DIR,defaults/mailspooldir
130
MD5_CRYPT_ENAB,defaults/crypt_style
131
PASS_MAX_DAYS,userdefaults/LU_SHADOWMAX
132
PASS_MIN_DAYS,userdefaults/LU_SHADOWMIN
133
PASS_WARN_AGE,userdefaults/LU_SHADOWWARNING
134
UID_MIN,userdefaults/LU_UIDNUMBER
137
The following variables are
140
\fBCREATE_HOME\fR, \fBGID_MAX\fR, \fBMAIL_FILE\fR, \fBSYSLOG_SG_ENAB\fR,
141
\fBUID_MAX\fR, \fBUMASK\fR, \fBUSERDEL_CMD\fR, \fBUSERGROUPS_ENAB\fR
150
If this variable is defined,
151
the variables from the named file are used in place of some
154
Variables explicitly defined in
156
are not affected by contents of \fIdefault/useradd\fR.
158
The following variables are imported:
165
EXPIRE,userdefaults/LU_SHADOWEXPIRE
166
GROUP,userdefaults/LU_GIDNUMBER
167
INACTIVE,userdefaults/LU_SHADOWINACTIVE
168
SHELL,userdefaults/LU_LOGINSHELL
169
SKEL,defaults/skeleton
178
.SH \fB[userdefaults]\fR
179
This section defines attribute values of newly created user entities.
180
There is one special variable:
184
A decimal number, the first allowed UID value for regular users (not system
186
Default value is \fB500\fR.
189
All other variables have the same names as the attribute names from
190
\fB<libuser/entity.h>\fR and define attribute values.
191
Either the macro name (e.g. \fBLU_GECOS\fR)
192
or the macro content (e.g. \fBpw_gecos\fR)
194
if both are used, the one appearing later in the configuration file
199
character in the value of the variable introduces an escape sequence:
201
is replaced by the user name,
203
is replaced by current date in days since the epoch,
205
is replaced by the user's UID.
206
There is no way to escape the
208
character and avoid this substitution.
212
section is processed, modules may define additional attributes
213
or even override the attributes defined in this section.
215
.SH \fB[groupdefaults]\fR
218
section is similar to \fBuserdefaults\fR.
219
There is one special variable:
223
A decimal number, the first allowed GID value for regular groups (not system
225
Default value is \fB500\fR.
228
The other variables follow the same rules as in the
235
are replaced by the group name and group's GID, respectively.
239
section is processed, modules may define additional attributes
240
or even override the attributes defined in this section.
245
module, which manages
247
and \fI/etc/passwd\fR.
248
The configuration variables are probably useful only for
254
The directory containing the
259
Default value is \fB/etc\fR.
263
Allow module initialization when not invoked as the
265
user if the value is \fByes\fR.
270
module, which manages
272
and \fI/etc/shadow\fR.
273
The configuration variables are probably useful only for
279
The directory containing the
284
Default value is \fB/etc\fR.
288
Allow module initialization when not invoked as the
290
user if the value is \fByes\fR.
295
module, which manages an user database accessible using LDAP.
299
The LDAP suffix for user entities.
300
Default value is \fBou=People\fR.
304
The LDAP suffix for group entities.
305
Default value is \fBou=Group\fR.
309
A domain name or an URI of the LDAP server.
315
When a simple domain name is used,
316
the connection fails if TLS can not be used;
319
protocol allows connection without TLS.
320
Default value is \fBldap\fR.
324
The base DN of the server.
325
Default value is \fBdc=example,dc=com\fR.
329
A DN for binding to the server.
330
If the value is empty or binding using this DN fails,
331
a DN of \fBuid=\fIuser\fR,\fIuserBranch\fR,\fIbasedn\fR is used, where
335
are variables from this section
338
is the user name of the invoking user, unless overridden by the
340
variable from this section.
341
Default value is \fBcn=manager,dc=example,dc=com\fR.
345
The SASLv2 identity for authenticating to the LDAP server,
346
also overrides the user name for generating a bind DN.
347
Default value is the name of the invoking user.
351
The SASLv2 authorization user, if non-empty.
352
Default value is empty.
356
The list of bind types to use, separated by commas.
357
Allowed bind types are
361
(both case-insensitive).
362
If more than one bind type is specified, their relative order is ignored.
363
Default value is \fBsimple,sasl\fR.
365
.\" [krb5] is not currently implemented
366
.\" realm: default is krb5's default realm
367
.\" principal: default is $user/admin@$default_realm
372
module, which manages a SASLv2 user database.
376
Name of the SASLv2 application.
377
Default value is empty.
381
Domain used by libuser for the SASLv2 authentication object.
382
Default value is empty.
385
Invalid lines in the configuration file (or the imported
387
configuration files) are silently ignored.
391
.I @sysconfdir@/libuser.conf
392
The default location of the configuration file. Can be overridden
395
environment variable, except in set-uid or set-gid programs.