############################################################################ # /etc/adduser.local.conf: Configuration for /usr/local/sbin/adduser.local # ############################################################################ # [JNZ] Modified 21-Jun-2013 # This file configures the local system additions to adduser(8) and should # be modified to suit local conditions. # # adduser.local is a script that configures a user's account for various # "services". These services are simply convenient names for directories # that must be created, Unix groups to which the user must be added, files # that need to be copied and so on. # # Note that adduser(8) can now perform SOME of the tasks that adduser.local # does, particularly by using the EXTRA_GROUPS and ADD_EXTRA_GROUPS # variables in /etc/adduser.conf. However, adduser.local is far more # flexible than doing just that... # # Please see the end of this file for an explanation of its syntax. ###################### # Global Options # ###################### # The skelother variable points to the "other" (secondary) skeletal # directory. This directory is similar to /etc/skel (see the SKEL variable # in /etc/adduser.conf), except that files are not necessarily copied to the # home directory. skelother = /etc/skel.other # The dirmode variable specifies the octal mode used by chmod(1) for any # directories created by adduser.local. Note, however, that such created # directories automatically inherit the SGID (set group ID) bit from their # parent directory. dirmode = 0755 # The filemode variable specifies the octal mode used by chmod(1) for any # files created by adduser.local. filemode = 0644 ##################### # USERS service # ##################### # Add the user to the Unix group "users". Every user on this machine # should be a member of this group. This is already done if the file # /etc/adduser.conf includes the setting "USERGROUPS=no". If USERGROUPS # is set to "yes", you should uncomment the following three lines. service = users group[users] = users addtogroup[users] = true ################### # WWW service # ################### # Configure the WWW service for the user, a service that has a real UID # associated with it. Assuming the user "www" has a GID of "www" and a # home directory of "/home/www" (in actual fact, the values are taken from # the password database), the following actions are performed: # # - the user is added to the "www" group # - the directory "/home/www/doc/users/$USER" is created, owned by # the user, with group owner "www" # - the link "public_html" is created to point to this directory # - the file "/etc/skel.other/index.html" is copied to this directory # # This assumes that the system user "www" and group "www" are NOT the same # as the UID and GID of the web server ("www-data" on my system). The "www" # account is for the web administrator. service = www user[www] = www addtogroup[www] = true homedir[www] = "" subdir[www] = "doc/users" althome[www] = false mkdir[www] = true chgrpdir[www] = true mklink[www] = true linkname[www] = "public_html" skelfile[www] = "index.html" chgrpskel[www] = true # If your web server's configuration follows the "other" (more common!) # standard for personal web pages (wherein the "public_html" directory is a # real directory in the user's home directory), you might want to use # something like the following: #service = www #homedir[www] = "" #subdir[www] = "public_html" #althome[www] = true #mkdir[www] = true #skelfile[www] = "index.html" ################### # FTP service # ################### # Configure the FTP service for the user in a similar way to the WWW # service above. The only difference is that no skeleton file is copied. service = ftp user[ftp] = ftp addtogroup[ftp] = true homedir[ftp] = "" subdir[ftp] = "doc/users" althome[ftp] = false mkdir[ftp] = true chgrpdir[ftp] = true mklink[ftp] = true linkname[ftp] = "public_ftp" ############################## # Restricted FTP service # ############################## # Create the directory ~ftp/doc-restricted/users/$USER, owned by the user, # for the Restricted FTP service on the ZAP Group server. service = ftp_r user[ftp_r] = ftp homedir[ftp_r] = "" subdir[ftp_r] = "doc-restricted/users" althome[ftp_r] = false mkdir[ftp_r] = true chgrpdir[ftp_r] = true #################### # DATA service # #################### # Create the directory /data/$USER, owned by the user. This is only done # if /data exists (it is an ordinary directory, not a mount point). #service = data #homedir[data] = "/data" #subdir[data] = "" #mounted[data] = false #mkdir[data] = true ##################### # CDROM service # ##################### # Add the user to the Unix group "cdrom" (if it exists). This allows the # user to access the CD-ROM hardware on the machine. service = cdrom group[cdrom] = cdrom addtogroup[cdrom] = true ###################### # FLOPPY service # ###################### # Add the user to the Unix group "floppy" (if it exists). This allows the # user to access the floppy drive on the machine. service = floppy group[floppy] = floppy addtogroup[floppy] = true ##################### # AUDIO service # ##################### # Add the user to the Unix group "audio" (if it exists). This allows the # user to access the audio hardware on the machine. service = audio group[audio] = audio addtogroup[audio] = true ################### # DIP service # ################### # Add the user to the Unix group "dip" (if it exists). This allows the # user to dial out using the local modem. service = dip group[dip] = dip addtogroup[dip] = true ##################### # VIDEO service # ##################### # Add the user to the Unix group "video" (if it exists). This allows the # user to use video devices plugged into the computer. service = video group[video] = video addtogroup[video] = true ####################### # PLUGDEV service # ####################### # Add the user to the Unix group "plugdev" (if it exists). This allows # the user to use the pmount daemon with pluggable devices. service = plugdev group[plugdev] = plugdev addtogroup[plugdev] = true ####################### # SCANNER service # ####################### # Add the user to the Unix group "scanner" (if it exists). This allows # the user to use any attached scanners. service = scanner group[scanner] = scanner addtogroup[scanner] = true ########################### # Syntax of this file # ########################### # The syntax of this file will be familiar to anyone who has used a # scripting language before. This file is processed line by line, with each # line either being blank (and hence ignored), a comment or a configuration # variable. # # Comment lines (such as this one) begin with a hash character ("#") and # continue to the end of the line. The hash character may be preceded by # white space. Comment lines, like blank lines, are ignored. # # All lines that are not blank or are comment lines contain configuration # variables (one per line, with no comments allowed). A configuration # variable has one of two forms: # # VARIABLE = VALUE # VARIABLE[SERVICE] = VALUE # # The first form is for global variables, while the second form is for # variables associated with a particular service. Both the variable name # and the service name are alphanumeric strings and are case sensitive (ie, # the names "SKELOTHER", "skelother" and "SkelOther" refer to three # different variables). # # The value is typically a string which may or may not be case sensitive. # It may be (but usually does not need to be) surrounded by single or double # quotes, in which case everything within the quotes is part of the value. # Note that white space may surround the variable, service and value # components; such white space is discarded, unless it appears in quotes. # You may NOT use backslash to quote quote characters! # # If a value required is a boolean, "0", "false", "f", "no" and "n" are # treated as the false value, while "1", "true", "t", "yes" and "y" are # treated as the true value. In both cases, the value is case-insensitive. # # # GLOBAL VARIABLES: # ================= # # The following global variables are available: # # skelother # dirmode # filemode # # These are described in the section "Global Options" above. # # # SERVICE VARIABLES: # ================== # # The main role of adduser.local is to configure a user's account for # various "services". These services are simply convenient names for # directories that must be created, Unix groups to which the user must be # added, files that need to be copied and so on. # # adduser.local is informed of the existence of a service by the "service" # global variable: # # service = SERVICENAME # # The service name SERVICENAME may be any case-sensitive alphanumeric # string. Examples used within this file are "www" and "data". Service # names need not correspond to any real service --- they are completely # internal to adduser.local, and are only used as a key for service # variables. The "service" global variable may appear multiple times, each # time with a different service name. # # The order of the "service" global variables IS important, as that is the # order in which those services are created. This is important if one # service depends on a prior one having been set up. # # The "service" global variable must appear before any of the services # variables for that service are defined. # # The following service variables are available, and may be specified in any # order: # # user # group # addtogroup # homedir # subdir # althome # mounted # mkdir # chgrpdir # mklink # linkname # skelfile # chgrpskel # # Remember that each service variable is followed by a service name in # square brackets. In the following explanations, "SVC" is used as a # sample service name. # # # user[SVC] = USER # # Specifies that the service belongs to a real user, and that that # service user name is USER. This user name must appear in the password # database file either in the first field (ie, a user name) or in the # third (ie, a numeric UID). # # Specifying a user name or UID also sets default values for the # "group" and "homedir" service variables. These default values are # taken from the password database (the "homedir" variable is only set # if the "althome" variable is set to false). # # # group[SVC] = GROUP # # Specifies that the service's group name is GROUP. This group name # must appear in the group database file either in the first field (ie, # a group name) or in the third (ie, a numeric GID). # # If this variable is not specified, or is specified with GROUP as an # empty string "", and the user variable is specified (and points to a # valid user), the group name is taken to be the service user's default # group. For example, if "user[svc] = mail" were to be specified, and # group[svc] were not, the group used would be default group for the # user "mail" (which happens to be GID 8, ie, "mail"). # # This group is also used for the group owner of directories, links # and copied files, depending on the settings of the "chgrpdir" and # "chgrpskel" variables. # # # addtogroup[SVC] = BOOLEAN # # Instructs whether to add the user to the group specified by the # "group" variable or implied by the "user" variable. If true, # adduser.local adds the user to the group, assuming that the group, # in fact, exists. # # If this variable is not specified, false is assumed. # # # homedir[SVC] = PATH # # Specifies the service's home directory as an absolute path name (ie, # starting from "/"). The service's home directory is used to check if # it is a mount point, as well as a base directory for the "mkdir" and # "skelfile" variables. If the directory does not exist, those # variables take no effect. # # If this variable is not specified, or is specified with PATH as an # empty string "", the value used for the service's home directory is # calculated in one of two ways. The first method is to use the home # directory of the service user; the second is to use the home directory # of the user for whom adduser.local was called. # # The first method is used when the "althome" variable is set to false # and the "user" variable is specified (and points to a valid user). # For example, if "user[svc] = www" and "althome[svc] = false" were to # be specified, the default value of the "homedir" variable would be # taken from www's home directory, typically "/var/www". # # The second method is used when the "althome" variable is true. For # example, if adduser.local were to be called for the user "anna", and # "althome" were set to true, the "homedir" variable would be set to the # home directory of anna, typically "/home/anna". # # Note that neither of these methods is used if the "homedir" variable # is set to anything other than an empty string; in such a case, the # specified value for the variable is always used. # # # subdir[SVC] = PATH # # Specifies a subdirectory off the home directory. This subdirectory is # used for creating the new directory, copying the skeleton file and for # the destination of the link. # # If the "althome" variable is set to false, the subdirectory must # already exist and is used in conjunction with the home directory and # the user's name (for whom adduser.local was called). For example, if # the following were to be specified: # # homedir[svc] = /media/zip # subdir[svc] = home # althome[svc] = false # mkdir[svc] = true # # and the user's name (for whom adduser.local was called) was "james", # the directory "/media/zip/home/james" would be created. # # If, on the other hand, the "althome" variable was set to true, the # subdirectory is used only in conjunction with the home directory; it # is THAT directory that is created. For example, if the following were # to be specified: # # althome[svc] = true # subdir[svc] = "public_html" # mkdir[svc] = true # # and adduser.local were called for the user "kathy" (who had the home # directory "/home/kathy"), the directory "/home/kathy/public_html" # would be created. # # If this variable is not specified, blank is assumed. # # # althome[SVC] = BOOLEAN # # Specifies whether the default value for the "homedir" variable is to # be taken from the service's home directory or from the user's home # directory (for whom adduser.local was called). If false, the # service's home directory (implied by the "user" setting) is used. If # true, the actual user's home directory is used. # # This variable also controls whether or not the user's login name is # used as part of the directory created by the "mkdir" variable and used # by the "mklink" and "skelfile" variables. See "homedir" and "mklink" # for more details. # # If this variable is not specified, false is assumed. # # # mounted[SVC] = BOOLEAN # # Specifies whether to check if the directory specified by the # "homedir" variable (or implied by other variables) is mounted or # not. A directory is mounted if it, or any parent directory, is # mounted (excluding the root directory, which is always mounted). # For example, if the following were to be specified (and the user's # name were "alice"): # # homedir[svc] = /home/external/server/ftp # subdir[svc] = doc/users # mounted[svc] = true # mkdir[svc] = true # # then the directory "/home/external/server/ftp/doc/users/alice" would # be created only if either "/home/external/server/ftp", # "/home/external/server", "/home/external" or "/home" were mounted. # # If this variable is not specified, false is assumed (ie, the mount # check is NOT performed). # # Note that "checking for mounting" is defined as examining the contents # of /proc/mounts. It does NOT actually attempt to mount the # directories. # # # mkdir[SVC] = BOOLEAN # # Directs adduser.local whether or not to create the directory specified # by the "homedir" and "subdir" variables. If the "althome" variable is # false, the directory that is created has the user's login name at the # end. In all cases, the newly created directory belongs to that user. # For example, if adduser.local was called for the user "david", and the # following lines were to be specified: # # homedir[data1] = "/data/1" # subdir[data1] = "users" # althome[data1] = false # mkdir[data1] = true # # then the directory "/data/1/users/david" would be created, owned by # the user "david". If, on the other hand, the following were to be # specified (for the same user "david"): # # subdir[www] = "public_html" # althome[www] = true # mkdir[www] = true # # then the directory "/home/david/public_html" would be created # (assuming "/home/david" was david's home directory), owned by the # user "david". # # The mode of the directory is taken from the "dirmode" global variable # in this configuration file. See also the comment on that global # variable. # # The group owner of the directory is either the same as the user's (in # this case, if the user "david" was in the group "users" by default, # then the group owner would be "users"), or the same as the service # user's group (see the "group" variable for more information). The # "chgrpdir" variable specifies which of these two options is used. # # If this variable is not specified, false is assumed. # # # chgrpdir[SVC] = BOOLEAN # # Specifies the group owner of any directory and link created by the # "mkdir" and "mklink" variables respectively. If true is specified, # the group owner is the same as specified by the "group" variable (or # implied by the "user" variable). If false is specified, the group # owner is the same as the actual user's default group. # # If this variable is not specified, false is assumed. # # # mklink[SVC] = BOOLEAN # # Specifies whether or not to create a symbolic link to the created # directory (see "mkdir" above) in the actual user's home directory. # The name of the link is taken from the "linkname" variable below. For # example, if the following were to be specified, and adduser.local were # called for the user "mark": # # homedir[data1] = "/data/1" # subdir[data1] = "users" # althome[data1] = false # mkdir[data1] = true # mklink[data1] = true # linkname[data1] = "data1" # # then, not only would the directory "/data/1/users/mark" be created, # but the symbolic link "data1" would be created in his home directory # as well, pointing to that directory (that is, "/home/mark/data1" -> # "/data/1/users/mark"). # # If this variable is not specified, false is assumed. # # # linkname[SVC] = PATH # # Specifies the name of the symbolic link created in the user's home # directory, as demonstrated in the example above. If PATH includes # subdirectories, these subdirectories must already exist before the # symbolic link is created; these can be created by other services prior # to this one. # # If the "mklink" variable is true, and the "linkname" variable is not # specified, or is an empty string "", the name of the service is used # (as specified by the "service" global variable). # # # skelfile[SVC] = PATH # # Instructs adduser.local to copy the file PATH from the "skelother" # skeleton directory (see the global variable of that name) into the # newly-created directory specified by the "mkdir" variable. For # example, if adduser.local was called for the user "nina", and the # following lines were to be specified: # # homedir[www] = "/home/www" # subdir[www] = "doc/users" # althome[www] = false # mkdir[www] = true # skelfile[www] = "index.html" # # then the directory "/home/www/doc/users/nina" would be created and the # file "index.html" would be copied from /etc/skel.other (assuming this # is the directory specified by the "skelother" global variable) into # that newly-created directory. # # The newly-copied file will have a mode as specified by the "filemode" # global variable, and its group owner will either be the default group # of the user, or the group as specified by the "group" variable or # implied by the "user" variable. See the "chgrpskel" variable below. # # If this variable is not specified, or PATH is an empty string "", no # file is copied. If a file of that name already exists, it is NOT # overwritten. Only one file may be specified in any given service; if # more are needed, simply create additional services with matching # "homedir", "subdir", "althome" and "mkdir" variables. # # # chgrpskel[SVC] = BOOLEAN # # Determines whether or not adduser.local changes the group owner of the # copied skeleton file (specified by the "skelfile" variable above) to # the group specified by the "group" variable or implied by the "user" # variable. If this variable is false, the default group of the user # remains the group owner. # # If this variable is not specified, false is assumed. # # # End of /etc/adduser.local.conf.