diff options
Diffstat (limited to 'examples/adduser.local.conf')
| -rw-r--r-- | examples/adduser.local.conf | 617 |
1 files changed, 617 insertions, 0 deletions
diff --git a/examples/adduser.local.conf b/examples/adduser.local.conf new file mode 100644 index 0000000..e89e468 --- /dev/null +++ b/examples/adduser.local.conf @@ -0,0 +1,617 @@ +############################################################################ +# /etc/adduser.local.conf: Configuration for /usr/local/sbin/adduser.local # +############################################################################ + +# [JNZ] Modified 21-Jun-2013 + +# This file configures the local system additions to adduser(8) and should +# be modified to suit local conditions. +# +# adduser.local is a script that configures a user's account for various +# "services". These services are simply convenient names for directories +# that must be created, Unix groups to which the user must be added, files +# that need to be copied and so on. +# +# Note that adduser(8) can now perform SOME of the tasks that adduser.local +# does, particularly by using the EXTRA_GROUPS and ADD_EXTRA_GROUPS +# variables in /etc/adduser.conf. However, adduser.local is far more +# flexible than doing just that... +# +# Please see the end of this file for an explanation of its syntax. + + +###################### +# Global Options # +###################### + +# The skelother variable points to the "other" (secondary) skeletal +# directory. This directory is similar to /etc/skel (see the SKEL variable +# in /etc/adduser.conf), except that files are not necessarily copied to the +# home directory. + +skelother = /etc/skel.other + +# The dirmode variable specifies the octal mode used by chmod(1) for any +# directories created by adduser.local. Note, however, that such created +# directories automatically inherit the SGID (set group ID) bit from their +# parent directory. + +dirmode = 0755 + +# The filemode variable specifies the octal mode used by chmod(1) for any +# files created by adduser.local. + +filemode = 0644 + + +##################### +# USERS service # +##################### + +# Add the user to the Unix group "users". Every user on this machine +# should be a member of this group. This is already done if the file +# /etc/adduser.conf includes the setting "USERGROUPS=no". If USERGROUPS +# is set to "yes", you should uncomment the following three lines. + +service = users +group[users] = users +addtogroup[users] = true + + +################### +# WWW service # +################### + +# Configure the WWW service for the user, a service that has a real UID +# associated with it. Assuming the user "www" has a GID of "www" and a +# home directory of "/home/www" (in actual fact, the values are taken from +# the password database), the following actions are performed: +# +# - the user is added to the "www" group +# - the directory "/home/www/doc/users/$USER" is created, owned by +# the user, with group owner "www" +# - the link "public_html" is created to point to this directory +# - the file "/etc/skel.other/index.html" is copied to this directory +# +# This assumes that the system user "www" and group "www" are NOT the same +# as the UID and GID of the web server ("www-data" on my system). The "www" +# account is for the web administrator. + +service = www + +user[www] = www +addtogroup[www] = true +homedir[www] = "" +subdir[www] = "doc/users" +althome[www] = false +mkdir[www] = true +chgrpdir[www] = true +mklink[www] = true +linkname[www] = "public_html" +skelfile[www] = "index.html" +chgrpskel[www] = true + +# If your web server's configuration follows the "other" (more common!) +# standard for personal web pages (wherein the "public_html" directory is a +# real directory in the user's home directory), you might want to use +# something like the following: + +#service = www +#homedir[www] = "" +#subdir[www] = "public_html" +#althome[www] = true +#mkdir[www] = true +#skelfile[www] = "index.html" + + +################### +# FTP service # +################### + +# Configure the FTP service for the user in a similar way to the WWW +# service above. The only difference is that no skeleton file is copied. + +service = ftp + +user[ftp] = ftp +addtogroup[ftp] = true +homedir[ftp] = "" +subdir[ftp] = "doc/users" +althome[ftp] = false +mkdir[ftp] = true +chgrpdir[ftp] = true +mklink[ftp] = true +linkname[ftp] = "public_ftp" + + +############################## +# Restricted FTP service # +############################## + +# Create the directory ~ftp/doc-restricted/users/$USER, owned by the user, +# for the Restricted FTP service on the ZAP Group server. + +service = ftp_r + +user[ftp_r] = ftp +homedir[ftp_r] = "" +subdir[ftp_r] = "doc-restricted/users" +althome[ftp_r] = false +mkdir[ftp_r] = true +chgrpdir[ftp_r] = true + + +#################### +# DATA service # +#################### + +# Create the directory /data/$USER, owned by the user. This is only done +# if /data exists (it is an ordinary directory, not a mount point). + +#service = data +#homedir[data] = "/data" +#subdir[data] = "" +#mounted[data] = false +#mkdir[data] = true + + +##################### +# CDROM service # +##################### + +# Add the user to the Unix group "cdrom" (if it exists). This allows the +# user to access the CD-ROM hardware on the machine. + +service = cdrom +group[cdrom] = cdrom +addtogroup[cdrom] = true + + +###################### +# FLOPPY service # +###################### + +# Add the user to the Unix group "floppy" (if it exists). This allows the +# user to access the floppy drive on the machine. + +service = floppy +group[floppy] = floppy +addtogroup[floppy] = true + + +##################### +# AUDIO service # +##################### + +# Add the user to the Unix group "audio" (if it exists). This allows the +# user to access the audio hardware on the machine. + +service = audio +group[audio] = audio +addtogroup[audio] = true + + +################### +# DIP service # +################### + +# Add the user to the Unix group "dip" (if it exists). This allows the +# user to dial out using the local modem. + +service = dip +group[dip] = dip +addtogroup[dip] = true + + +##################### +# VIDEO service # +##################### + +# Add the user to the Unix group "video" (if it exists). This allows the +# user to use video devices plugged into the computer. + +service = video +group[video] = video +addtogroup[video] = true + + +####################### +# PLUGDEV service # +####################### + +# Add the user to the Unix group "plugdev" (if it exists). This allows +# the user to use the pmount daemon with pluggable devices. + +service = plugdev +group[plugdev] = plugdev +addtogroup[plugdev] = true + + +####################### +# SCANNER service # +####################### + +# Add the user to the Unix group "scanner" (if it exists). This allows +# the user to use any attached scanners. + +service = scanner +group[scanner] = scanner +addtogroup[scanner] = true + + +########################### +# Syntax of this file # +########################### + +# The syntax of this file will be familiar to anyone who has used a +# scripting language before. This file is processed line by line, with each +# line either being blank (and hence ignored), a comment or a configuration +# variable. +# +# Comment lines (such as this one) begin with a hash character ("#") and +# continue to the end of the line. The hash character may be preceded by +# white space. Comment lines, like blank lines, are ignored. +# +# All lines that are not blank or are comment lines contain configuration +# variables (one per line, with no comments allowed). A configuration +# variable has one of two forms: +# +# VARIABLE = VALUE +# VARIABLE[SERVICE] = VALUE +# +# The first form is for global variables, while the second form is for +# variables associated with a particular service. Both the variable name +# and the service name are alphanumeric strings and are case sensitive (ie, +# the names "SKELOTHER", "skelother" and "SkelOther" refer to three +# different variables). +# +# The value is typically a string which may or may not be case sensitive. +# It may be (but usually does not need to be) surrounded by single or double +# quotes, in which case everything within the quotes is part of the value. +# Note that white space may surround the variable, service and value +# components; such white space is discarded, unless it appears in quotes. +# You may NOT use backslash to quote quote characters! +# +# If a value required is a boolean, "0", "false", "f", "no" and "n" are +# treated as the false value, while "1", "true", "t", "yes" and "y" are +# treated as the true value. In both cases, the value is case-insensitive. +# +# +# GLOBAL VARIABLES: +# ================= +# +# The following global variables are available: +# +# skelother +# dirmode +# filemode +# +# These are described in the section "Global Options" above. +# +# +# SERVICE VARIABLES: +# ================== +# +# The main role of adduser.local is to configure a user's account for +# various "services". These services are simply convenient names for +# directories that must be created, Unix groups to which the user must be +# added, files that need to be copied and so on. +# +# adduser.local is informed of the existence of a service by the "service" +# global variable: +# +# service = SERVICENAME +# +# The service name SERVICENAME may be any case-sensitive alphanumeric +# string. Examples used within this file are "www" and "data". Service +# names need not correspond to any real service --- they are completely +# internal to adduser.local, and are only used as a key for service +# variables. The "service" global variable may appear multiple times, each +# time with a different service name. +# +# The order of the "service" global variables IS important, as that is the +# order in which those services are created. This is important if one +# service depends on a prior one having been set up. +# +# The "service" global variable must appear before any of the services +# variables for that service are defined. +# +# The following service variables are available, and may be specified in any +# order: +# +# user +# group +# addtogroup +# homedir +# subdir +# althome +# mounted +# mkdir +# chgrpdir +# mklink +# linkname +# skelfile +# chgrpskel +# +# Remember that each service variable is followed by a service name in +# square brackets. In the following explanations, "SVC" is used as a +# sample service name. +# +# +# user[SVC] = USER +# +# Specifies that the service belongs to a real user, and that that +# service user name is USER. This user name must appear in the password +# database file either in the first field (ie, a user name) or in the +# third (ie, a numeric UID). +# +# Specifying a user name or UID also sets default values for the +# "group" and "homedir" service variables. These default values are +# taken from the password database (the "homedir" variable is only set +# if the "althome" variable is set to false). +# +# +# group[SVC] = GROUP +# +# Specifies that the service's group name is GROUP. This group name +# must appear in the group database file either in the first field (ie, +# a group name) or in the third (ie, a numeric GID). +# +# If this variable is not specified, or is specified with GROUP as an +# empty string "", and the user variable is specified (and points to a +# valid user), the group name is taken to be the service user's default +# group. For example, if "user[svc] = mail" were to be specified, and +# group[svc] were not, the group used would be default group for the +# user "mail" (which happens to be GID 8, ie, "mail"). +# +# This group is also used for the group owner of directories, links +# and copied files, depending on the settings of the "chgrpdir" and +# "chgrpskel" variables. +# +# +# addtogroup[SVC] = BOOLEAN +# +# Instructs whether to add the user to the group specified by the +# "group" variable or implied by the "user" variable. If true, +# adduser.local adds the user to the group, assuming that the group, +# in fact, exists. +# +# If this variable is not specified, false is assumed. +# +# +# homedir[SVC] = PATH +# +# Specifies the service's home directory as an absolute path name (ie, +# starting from "/"). The service's home directory is used to check if +# it is a mount point, as well as a base directory for the "mkdir" and +# "skelfile" variables. If the directory does not exist, those +# variables take no effect. +# +# If this variable is not specified, or is specified with PATH as an +# empty string "", the value used for the service's home directory is +# calculated in one of two ways. The first method is to use the home +# directory of the service user; the second is to use the home directory +# of the user for whom adduser.local was called. +# +# The first method is used when the "althome" variable is set to false +# and the "user" variable is specified (and points to a valid user). +# For example, if "user[svc] = www" and "althome[svc] = false" were to +# be specified, the default value of the "homedir" variable would be +# taken from www's home directory, typically "/var/www". +# +# The second method is used when the "althome" variable is true. For +# example, if adduser.local were to be called for the user "anna", and +# "althome" were set to true, the "homedir" variable would be set to the +# home directory of anna, typically "/home/anna". +# +# Note that neither of these methods is used if the "homedir" variable +# is set to anything other than an empty string; in such a case, the +# specified value for the variable is always used. +# +# +# subdir[SVC] = PATH +# +# Specifies a subdirectory off the home directory. This subdirectory is +# used for creating the new directory, copying the skeleton file and for +# the destination of the link. +# +# If the "althome" variable is set to false, the subdirectory must +# already exist and is used in conjunction with the home directory and +# the user's name (for whom adduser.local was called). For example, if +# the following were to be specified: +# +# homedir[svc] = /media/zip +# subdir[svc] = home +# althome[svc] = false +# mkdir[svc] = true +# +# and the user's name (for whom adduser.local was called) was "james", +# the directory "/media/zip/home/james" would be created. +# +# If, on the other hand, the "althome" variable was set to true, the +# subdirectory is used only in conjunction with the home directory; it +# is THAT directory that is created. For example, if the following were +# to be specified: +# +# althome[svc] = true +# subdir[svc] = "public_html" +# mkdir[svc] = true +# +# and adduser.local were called for the user "kathy" (who had the home +# directory "/home/kathy"), the directory "/home/kathy/public_html" +# would be created. +# +# If this variable is not specified, blank is assumed. +# +# +# althome[SVC] = BOOLEAN +# +# Specifies whether the default value for the "homedir" variable is to +# be taken from the service's home directory or from the user's home +# directory (for whom adduser.local was called). If false, the +# service's home directory (implied by the "user" setting) is used. If +# true, the actual user's home directory is used. +# +# This variable also controls whether or not the user's login name is +# used as part of the directory created by the "mkdir" variable and used +# by the "mklink" and "skelfile" variables. See "homedir" and "mklink" +# for more details. +# +# If this variable is not specified, false is assumed. +# +# +# mounted[SVC] = BOOLEAN +# +# Specifies whether to check if the directory specified by the +# "homedir" variable (or implied by other variables) is mounted or +# not. A directory is mounted if it, or any parent directory, is +# mounted (excluding the root directory, which is always mounted). +# For example, if the following were to be specified (and the user's +# name were "alice"): +# +# homedir[svc] = /home/external/server/ftp +# subdir[svc] = doc/users +# mounted[svc] = true +# mkdir[svc] = true +# +# then the directory "/home/external/server/ftp/doc/users/alice" would +# be created only if either "/home/external/server/ftp", +# "/home/external/server", "/home/external" or "/home" were mounted. +# +# If this variable is not specified, false is assumed (ie, the mount +# check is NOT performed). +# +# Note that "checking for mounting" is defined as examining the contents +# of /proc/mounts. It does NOT actually attempt to mount the +# directories. +# +# +# mkdir[SVC] = BOOLEAN +# +# Directs adduser.local whether or not to create the directory specified +# by the "homedir" and "subdir" variables. If the "althome" variable is +# false, the directory that is created has the user's login name at the +# end. In all cases, the newly created directory belongs to that user. +# For example, if adduser.local was called for the user "david", and the +# following lines were to be specified: +# +# homedir[data1] = "/data/1" +# subdir[data1] = "users" +# althome[data1] = false +# mkdir[data1] = true +# +# then the directory "/data/1/users/david" would be created, owned by +# the user "david". If, on the other hand, the following were to be +# specified (for the same user "david"): +# +# subdir[www] = "public_html" +# althome[www] = true +# mkdir[www] = true +# +# then the directory "/home/david/public_html" would be created +# (assuming "/home/david" was david's home directory), owned by the +# user "david". +# +# The mode of the directory is taken from the "dirmode" global variable +# in this configuration file. See also the comment on that global +# variable. +# +# The group owner of the directory is either the same as the user's (in +# this case, if the user "david" was in the group "users" by default, +# then the group owner would be "users"), or the same as the service +# user's group (see the "group" variable for more information). The +# "chgrpdir" variable specifies which of these two options is used. +# +# If this variable is not specified, false is assumed. +# +# +# chgrpdir[SVC] = BOOLEAN +# +# Specifies the group owner of any directory and link created by the +# "mkdir" and "mklink" variables respectively. If true is specified, +# the group owner is the same as specified by the "group" variable (or +# implied by the "user" variable). If false is specified, the group +# owner is the same as the actual user's default group. +# +# If this variable is not specified, false is assumed. +# +# +# mklink[SVC] = BOOLEAN +# +# Specifies whether or not to create a symbolic link to the created +# directory (see "mkdir" above) in the actual user's home directory. +# The name of the link is taken from the "linkname" variable below. For +# example, if the following were to be specified, and adduser.local were +# called for the user "mark": +# +# homedir[data1] = "/data/1" +# subdir[data1] = "users" +# althome[data1] = false +# mkdir[data1] = true +# mklink[data1] = true +# linkname[data1] = "data1" +# +# then, not only would the directory "/data/1/users/mark" be created, +# but the symbolic link "data1" would be created in his home directory +# as well, pointing to that directory (that is, "/home/mark/data1" -> +# "/data/1/users/mark"). +# +# If this variable is not specified, false is assumed. +# +# +# linkname[SVC] = PATH +# +# Specifies the name of the symbolic link created in the user's home +# directory, as demonstrated in the example above. If PATH includes +# subdirectories, these subdirectories must already exist before the +# symbolic link is created; these can be created by other services prior +# to this one. +# +# If the "mklink" variable is true, and the "linkname" variable is not +# specified, or is an empty string "", the name of the service is used +# (as specified by the "service" global variable). +# +# +# skelfile[SVC] = PATH +# +# Instructs adduser.local to copy the file PATH from the "skelother" +# skeleton directory (see the global variable of that name) into the +# newly-created directory specified by the "mkdir" variable. For +# example, if adduser.local was called for the user "nina", and the +# following lines were to be specified: +# +# homedir[www] = "/home/www" +# subdir[www] = "doc/users" +# althome[www] = false +# mkdir[www] = true +# skelfile[www] = "index.html" +# +# then the directory "/home/www/doc/users/nina" would be created and the +# file "index.html" would be copied from /etc/skel.other (assuming this +# is the directory specified by the "skelother" global variable) into +# that newly-created directory. +# +# The newly-copied file will have a mode as specified by the "filemode" +# global variable, and its group owner will either be the default group +# of the user, or the group as specified by the "group" variable or +# implied by the "user" variable. See the "chgrpskel" variable below. +# +# If this variable is not specified, or PATH is an empty string "", no +# file is copied. If a file of that name already exists, it is NOT +# overwritten. Only one file may be specified in any given service; if +# more are needed, simply create additional services with matching +# "homedir", "subdir", "althome" and "mkdir" variables. +# +# +# chgrpskel[SVC] = BOOLEAN +# +# Determines whether or not adduser.local changes the group owner of the +# copied skeleton file (specified by the "skelfile" variable above) to +# the group specified by the "group" variable or implied by the "user" +# variable. If this variable is false, the default group of the user +# remains the group owner. +# +# If this variable is not specified, false is assumed. +# +# +# End of /etc/adduser.local.conf. |