DOKK / manpages / debian 10 / dh-sysuser / dh_sysuser.1.en
DH_SYSUSER(1) User Contributed Perl Documentation DH_SYSUSER(1)

dh_sysuser - manage system users, required for package operation

dh_sysuser [debhelper options] [username options] ...

dh_sysuser is debhelper addon, that provide simple and uniform way of creating and removing system users, required for package operation (for example, to run with dropped privileges).

Process of user creation is delegated to useradd(8) utility, whose behavior is controlled by /etc/login.defs configuration file. In default installation,

  • New user have primary group of same name. It is not be member of any other groups.
  • New user have '!' in /etc/shadow password field, making it impossible to login.
  • New user have /usr/sbin/nologin as its shell. You still can get new user's shell with su -s.
  • If home directory is created (see below), its permissions are affected by UMASK variable in /etc/login.defs. By default, it results 0755. Files from /etc/skel are NOT copied.

    WARNING: Paragraph above means that data, stored in new user's home directory is world-readable. If you, as package maintainer, need full control over home directory permissions, you are welcome to file a bug.

dh_sysuser read its arguments from command line and file debian/package.sysuser in pairs, first one being an username and second one is options. The configuration file or commandline arguments must be used to create users: just calling `dh_sysuser` without arguments does nothing. Here are the options that can be specified after the username:

This option request creation of home directory in /var/lib/username. Probably, you should use this form over explicit one, described below, for uniformity.
This option requests creation of home directory at specified path
If you do not need any other options, put this one.

CRUFT OF SYSTEM USERS

While it is easy to create system user (and user in general), it is hard to say, when it is safe to remove it. What should happen to its home directory? What about files outside of home directory? There was some of discussion (#848239, #848240), and no simple and definitive solution arised. So far, dh-sysuser do the following on package removal:

  • If user have been created without home directory, it is considered safe to remove it.
  • If user have been created with home directory, but at time of package removal it is still empty, it is considered safe to remove both user and his empty home directory.
  • If user have been created with home directory, but at time of package removal it is not empty, both user and its home directory are left alone.

    NOTE: As package maintainer, you are encouraged to delete from home directory files, known to be of little value. It increases chances that home directory will become empty, and user will be removed.

In debian/package.sysuser, this will create a foo user with defaults settings, will create a home in the default location for bar, and a custom location for baz:

    foo defaults
    bar home
    baz home=/opt/baz

useradd(8)

2018-06-25 perl v5.26.2