| 1 | <?xml version="1.0"?> |
| 2 | <html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/><title>makeuserdb</title><link rel="stylesheet" href="style.css" type="text/css"/><meta name="generator" content="DocBook XSL Stylesheets V1.72.0"/><link rel="start" href="#makeuserdb" title="makeuserdb"/><link xmlns="" rel="stylesheet" type="text/css" href="manpage.css"/><meta xmlns="" name="MSSmartTagsPreventParsing" content="TRUE"/><link xmlns="" rel="icon" href="icon.gif" type="image/gif"/><!-- |
| 3 | |
| 4 | Copyright 1998 - 2007 Double Precision, Inc. See COPYING for distribution |
| 5 | information. |
| 6 | |
| 7 | --></head><body><div class="refentry" lang="en" xml:lang="en"><a id="makeuserdb" shape="rect"> </a><div class="titlepage"/><div class="refnamediv"><h2>Name</h2><p>make — create @userdb@</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">makeuserdb</code> [-f <em class="replaceable"><code>filename</code></em>]</p></div><div class="cmdsynopsis"><p><code class="command">pw2userdb</code> </p></div><div class="cmdsynopsis"><p><code class="command">vchkpw2userdb</code> [--vpopmailhome=<em class="replaceable"><code>dir</code></em>] [--todir=<em class="replaceable"><code>dir</code></em>]</p></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id282336" shape="rect"> </a><h2>DESCRIPTION</h2><p> |
| 8 | <span><strong class="command">makeuserdb</strong></span> creates <code class="filename">@userdb@.dat</code> from |
| 9 | the contents of <code class="filename">@userdb@</code>. |
| 10 | <code class="filename">@userdb@</code>'s contents are described later in this document. |
| 11 | <span class="application">Maildrop</span>, |
| 12 | <span class="application">Courier</span>, and other applications use |
| 13 | <code class="filename">@userdb@.dat</code> as a |
| 14 | substitute/complement for your system password file. |
| 15 | The usual purpose for |
| 16 | <code class="filename">@userdb@.dat</code> is to specify "virtual" accounts - accounts |
| 17 | that do |
| 18 | not have an associated system login. |
| 19 | Usually (but not necessarily) all virtual accounts share the same |
| 20 | system userid. |
| 21 | <code class="filename">@userdb@.dat</code> may also replace |
| 22 | your system password file. Because the system password file is a text file, |
| 23 | when there's a large number of accounts it will be significantly faster to |
| 24 | search |
| 25 | <code class="filename">@userdb.dat@</code>, which is a binary database, |
| 26 | instead of a flat text file that the system password file usually is.</p><p> |
| 27 | The <span><strong class="command">makeuserdb</strong></span> command can be safely executed during |
| 28 | normal system activity.</p><p> |
| 29 | The <code class="option">-f</code> option creates |
| 30 | <code class="filename"><em class="replaceable"><code>filename</code></em>.dat</code> from |
| 31 | <code class="filename"><em class="replaceable"><code>filename</code></em></code>, instead of the |
| 32 | default <code class="filename">@userdb@.dat</code> from |
| 33 | <code class="filename">@userdb@</code>.</p><div class="refsect2" lang="en" xml:lang="en"><a id="id282645" shape="rect"> </a><h3>Format of <code class="filename">@userdb@</code></h3><p> |
| 34 | <code class="filename">@userdb@</code> is a plain text file that can be created using |
| 35 | any text editor. Blank lines are ignored. Lines that start with the # |
| 36 | character are comments, and are also ignored. |
| 37 | Other lines define properties of a single |
| 38 | "account", one line per account. |
| 39 | <code class="filename">@userdb@</code> may be a directory instead of a plain file. |
| 40 | In that case all files in <code class="filename">@userdb@</code> are essentially |
| 41 | concatenated, and are treated as a single file. |
| 42 | Each line takes the following format:</p><div class="blockquote"><blockquote class="blockquote"><div class="informalexample"><div class="literallayout"><p><em class="replaceable"><code>name</code></em><span class="token"><TAB></span><em class="replaceable"><code>field</code></em>=<em class="replaceable"><code>value</code></em>|<em class="replaceable"><code>field</code></em>=<em class="replaceable"><code>value</code></em>...</p></div></div></blockquote></div><p><em class="replaceable"><code>name</code></em> is the account name. |
| 43 | <em class="replaceable"><code>name</code></em> MUST contain only lowercase characters |
| 44 | If <span class="application">Courier</span> is |
| 45 | configured to treat lowercase and uppercase account names as |
| 46 | identical, <em class="replaceable"><code>name</code></em> is followed by exactly one tab |
| 47 | character, then a list of field/value pairs separated by vertical slashes. |
| 48 | <em class="replaceable"><code>field</code></em> is the name of the field, |
| 49 | <em class="replaceable"><code>value</code></em> is the field value. |
| 50 | Fields and values themself cannot contain slashes or control characters. |
| 51 | Fields may be |
| 52 | specified in any order. Here are all the currently defined fields. Note that |
| 53 | not every field is used by every application that reads |
| 54 | <code class="filename">@userdb@.dat</code>.</p><div class="blockquote"><blockquote class="blockquote"><p> |
| 55 | <em class="parameter"><code>uid</code></em> - <em class="replaceable"><code>value</code></em> is a (possibly) |
| 56 | unique numerical user ID for this account.</p><p> |
| 57 | <em class="parameter"><code>gid</code></em> - <em class="replaceable"><code>value</code></em> is a (possibly) |
| 58 | unique numerical group ID for this account.</p><p> |
| 59 | <em class="parameter"><code>home</code></em> - <em class="replaceable"><code>value</code></em> is the account's home |
| 60 | directory.</p><p> |
| 61 | <em class="parameter"><code>shell</code></em> - <em class="replaceable"><code>value</code></em> is the account's default |
| 62 | login shell.</p><p> |
| 63 | <em class="parameter"><code>systempw</code></em> - <em class="replaceable"><code>value</code></em> is the account's |
| 64 | password. See |
| 65 | <a href="userdbpw.html" target="_top" shape="rect"><span class="citerefentry"><span class="refentrytitle">userdbpw</span>(8)</span></a> |
| 66 | for details on how to set up this field.</p><p> |
| 67 | <em class="parameter"><code>pop3pw, esmtppw, imappw...</code></em> - <em class="replaceable"><code>value</code></em> |
| 68 | specifies a separate password used only for authenticating access using a |
| 69 | specific service, such as POP3, IMAP, or anything else. If not defined, |
| 70 | <em class="parameter"><code>systempw</code></em> is always used. This allows access to an account to be |
| 71 | restricted only to certain services, such as POP3, even if other services |
| 72 | are also enabled on the server.</p><p> |
| 73 | <em class="parameter"><code>mail</code></em> - <em class="replaceable"><code>value</code></em> specifies the location of |
| 74 | the account's Maildir mailbox. This is an optional field that is normally |
| 75 | used when <span><strong class="command">userdb</strong></span> is used to provide aliases for other |
| 76 | mail accounts. For example, one particular multi-domain E-mail |
| 77 | service configuration |
| 78 | that's used by both <span class="application">Qmail</span> and |
| 79 | <span class="application">Courier</span> servers is to deliver mail for a |
| 80 | mailbox in a virtual domain, such as "user@example.com", to a local mailbox |
| 81 | called "example-user". Instead of requiring the E-mail account |
| 82 | holder to log in as |
| 83 | "example-user" to download mail from this account, a <span><strong class="command">userdb</strong></span> |
| 84 | entry for "user@example.com" is set up with <em class="parameter"><code>mail</code></em> set to the |
| 85 | location of example-user's Maildir mailbox, thus hiding the internal |
| 86 | mail configuration from the E-mail account holder's view.</p><p> |
| 87 | <em class="parameter"><code>quota</code></em> - <em class="replaceable"><code>value</code></em> specifies the |
| 88 | maildir quota for the account's Maildir. |
| 89 | This has nothing to do with actual filesystem quotas. |
| 90 | <span class="application">Courier</span> has a |
| 91 | software-based Maildir quota enforcement |
| 92 | mechanism which requires additional setup and configuration. |
| 93 | See |
| 94 | <a href="maildirquota.html" target="_top" shape="rect"><span class="citerefentry"><span class="refentrytitle">maildirquota</span>(7)</span></a> |
| 95 | for additional information.</p></blockquote></div></div><div class="refsect2" lang="en" xml:lang="en"><a id="id325306" shape="rect"> </a><h3><code class="filename">@userdb@shadow.dat</code></h3><p> |
| 96 | All fields whose name ends with 'pw' will NOT copied to |
| 97 | <code class="filename">@userdb@.dat</code>. These fields will be copied to |
| 98 | <code class="filename">@userdb@shadow.dat</code>. |
| 99 | <span><strong class="command">makeuserdb</strong></span> creates <code class="filename">@userdb@shadow.dat</code> |
| 100 | without any group and world permissions. |
| 101 | Note that <span><strong class="command">makeuserdb</strong></span> reports an error |
| 102 | if <span><strong class="command">@userdb@</strong></span> has any group |
| 103 | or world permissions.</p></div><div class="refsect2" lang="en" xml:lang="en"><a id="id325356" shape="rect"> </a><h3>CONVERTING <code class="filename">/etc/passwd</code> |
| 104 | and vpopmail to <code class="filename">@userdb@</code> format</h3><p> |
| 105 | <span><strong class="command">pw2userdb</strong></span> reads the <code class="filename">/etc/passwd</code> and |
| 106 | <code class="filename">/etc/shadow</code> files and converts all entries to the |
| 107 | <code class="filename">@userdb@</code> format, |
| 108 | printing the result on standard output. |
| 109 | The output of <span><strong class="command">pw2userdb</strong></span> |
| 110 | can be saved as <span><strong class="command">@userdb@</strong></span> (or as some file in this |
| 111 | subdirectory). |
| 112 | Linear searches of <code class="filename">/etc/passwd</code> can |
| 113 | be very slow when you have |
| 114 | tens of thousands of accounts. |
| 115 | Programs like <span><strong class="command">maildrop</strong></span> always look in |
| 116 | <code class="filename">@userdb@</code> first. |
| 117 | By saving the system password file in |
| 118 | <code class="filename">@userdb@</code> it is possible to significantly reduce the |
| 119 | amount of |
| 120 | time it takes to look up this information.</p><p> |
| 121 | After saving the output of <span><strong class="command">pw2userdb</strong></span>, you must still run |
| 122 | <span><strong class="command">makeuserdb</strong></span> to create |
| 123 | <code class="filename">@userdb@.dat</code>.</p><p> |
| 124 | <span><strong class="command">vchkpw2userdb</strong></span> converts a vpopmail-style |
| 125 | directory hierarchy to the <code class="filename">@userdb@</code> format. |
| 126 | This is an external virtual domain management package that's often used |
| 127 | with <span class="application">Qmail</span> servers.</p><p> |
| 128 | Generally, an account named 'vpopmail' is reserved for this purpose. |
| 129 | In |
| 130 | that account the file <code class="filename">users/vpasswd</code> has the same |
| 131 | layout as |
| 132 | <code class="filename">/etc/passwd</code>, and performs a similar function, except |
| 133 | that all userid in <code class="filename">users/vpasswd</code> have the same userid. |
| 134 | Additionally, the |
| 135 | <code class="filename">domains</code> subdirectory stores virtual accounts for |
| 136 | multiple domains. For example, |
| 137 | <code class="filename">domains/example.com/vpasswd</code> |
| 138 | has the passwd file for the domain <em class="parameter"><code>example.com</code></em>. |
| 139 | Some systems also have a soft link, <em class="parameter"><code>domains/default</code></em>, |
| 140 | that points to a domain that's considered a "default" domain.</p><p> |
| 141 | The <span><strong class="command">vchkpw2userdb</strong></span> reads all this information, and tries to |
| 142 | convert it into the <code class="filename">@userdb@</code> format. The |
| 143 | <em class="parameter"><code>--vpopmailhost</code></em> option specifies the top level |
| 144 | directory, if it is |
| 145 | not the home directory of the vpopmail account.</p><p> |
| 146 | The <span><strong class="command">vchkpw2userdb</strong></span> script prints the results on standard |
| 147 | output. If specified, the <em class="parameter"><code>--todir</code></em> option |
| 148 | tries to convert all |
| 149 | <code class="filename">vpasswd</code> files one at a time, saving each one |
| 150 | individually in <em class="replaceable"><code>dir</code></em>. For example:</p><div class="blockquote"><blockquote class="blockquote"><div class="informalexample"><div class="literallayout"><p><br clear="none"/> |
| 151 | mkdir @userdb@<br clear="none"/> |
| 152 | vchkpw2userdb --todir=@userdb@/vpopmail<br clear="none"/> |
| 153 | makeuserdb<br clear="none"/> |
| 154 | </p></div></div></blockquote></div><p> |
| 155 | It is still necessary to run <span><strong class="command">makeuserdb</strong></span>, of course, to |
| 156 | create the binary database file <code class="filename">@userdb@.dat</code></p><p> |
| 157 | NOTE: You are still required to create the <span><strong class="command">@userdb@</strong></span> entry |
| 158 | which maps |
| 159 | system userids back to accounts, |
| 160 | "<em class="replaceable"><code>uid</code></em>=<span class="token"><TAB></span><em class="replaceable"><code>name</code></em>", |
| 161 | if that's applicable. <span><strong class="command">vchkpw2userdb</strong></span> will not do it for |
| 162 | you.</p><p> |
| 163 | NOTE: <span><strong class="command">makeuserdb</strong></span> may complain about duplicate entries, if |
| 164 | your "default" entries in <code class="filename">users/vpasswd</code> or |
| 165 | <code class="filename">domains/default/vpasswd</code> are the same as anything in any |
| 166 | other <code class="filename">@userdb@</code> file. It is also likely that you'll end |
| 167 | up with duplicate, but distinct, entries for every account in the default |
| 168 | domain. For |
| 169 | example, if your default domain is example.com, you'll end up with duplicate |
| 170 | entries - you'll have entries for both <em class="parameter"><code>user</code></em> and |
| 171 | <em class="parameter"><code>user@example.com</code></em>.</p><p>If you intend to maintain the master set of accounts using |
| 172 | vchkpw/vpopmail, |
| 173 | in order to avoid cleaning this up every time, you might want to consider |
| 174 | doing the following: run <span><strong class="command">vchkpw2userdb</strong></span> once, using the |
| 175 | <em class="parameter"><code>--todir</code></em> option. |
| 176 | Then, go into the resulting directory, and |
| 177 | replace one of the redundant files with a soft link to |
| 178 | <code class="filename">/dev/null</code>. |
| 179 | This allows you to run |
| 180 | <span><strong class="command">vchkpw2userdb</strong></span> without having to go in and |
| 181 | cleaning up again, afterwards.</p></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id325708" shape="rect"> </a><h2>FILES</h2><div class="literallayout"><p><br clear="none"/> |
| 182 | <code class="filename">@userdb@</code><br clear="none"/> |
| 183 | <code class="filename">@userdb@.dat</code><br clear="none"/> |
| 184 | <code class="filename">@userdb@shadow.dat</code><br clear="none"/> |
| 185 | <code class="filename">@tmpdir@/userdb.tmp</code> - temporary file<br clear="none"/> |
| 186 | <code class="filename">@tmpdir@/userdbshadow.tmp</code> - temporary file<br clear="none"/> |
| 187 | </p></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id325752" shape="rect"> </a><h2>BUGS</h2><p><span><strong class="command">makeuserdb</strong></span> is a Perl script, and uses Perl's portable |
| 188 | locking. |
| 189 | Perl's documentation notes that certain combinations of locking options may |
| 190 | not work with some networks.</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id325768" shape="rect"> </a><h2>SEE ALSO</h2><p> |
| 191 | <a href="userdb.html" target="_top" shape="rect"><span class="citerefentry"><span class="refentrytitle">userdb</span>(8)</span></a>, |
| 192 | <a href="maildrop.html" target="_top" shape="rect"><span class="citerefentry"><span class="refentrytitle">maildrop</span>(8)</span></a>, |
| 193 | <a href="courier.html" target="_top" shape="rect"><span class="citerefentry"><span class="refentrytitle">courier</span>(8)</span></a>, |
| 194 | <a href="maildirquota.html" target="_top" shape="rect"><span class="citerefentry"><span class="refentrytitle">maildirquota</span>(7)</span></a>. |
| 195 | </p></div></div></body></html> |