Build courier-authlib 0.60.2-0hcoop1.

[hcoop/debian/courier-authlib.git] / userdb / makeuserdb.8.in

.\"  <!-- $Id: makeuserdb.sgml,v 1.7 2007/04/22 15:05:16 mrsam Exp $ -->
.\"  <!-- Copyright 1998 - 2007 Double Precision, Inc.  See COPYING for -->
.\"  <!-- distribution information. -->
.\"     Title: makeuserdb
.\"    Author: 
.\" Generator: DocBook XSL Stylesheets v1.72.0 <http://docbook.sf.net/>
.\"      Date: 04/22/2007
.\"    Manual: Double Precision, Inc.
.\"    Source: Double Precision, Inc.
.\"
.TH "MAKEUSERDB" "8" "04/22/2007" "Double Precision, Inc." "Double Precision, Inc."
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.SH "NAME"
make \- create @userdb@
.SH "SYNOPSIS"
.HP 11
\fBmakeuserdb\fR [\-f\ \fIfilename\fR]
.HP 10
\fBpw2userdb\fR
.HP 14
\fBvchkpw2userdb\fR [\-\-vpopmailhome=\fIdir\fR] [\-\-todir=\fIdir\fR]
.SH "DESCRIPTION"
.PP

\fBmakeuserdb\fR
creates
\fI@userdb@.dat\fR
from the contents of
\fI@userdb@\fR.
\fI@userdb@\fR's contents are described later in this document.
Maildrop,
Courier, and other applications use
\fI@userdb@.dat\fR
as a substitute/complement for your system password file. The usual purpose for
\fI@userdb@.dat\fR
is to specify "virtual" accounts \- accounts that do not have an associated system login. Usually (but not necessarily) all virtual accounts share the same system userid.
\fI@userdb@.dat\fR
may also replace your system password file. Because the system password file is a text file, when there's a large number of accounts it will be significantly faster to search
\fI@userdb.dat@\fR, which is a binary database, instead of a flat text file that the system password file usually is.
.PP
The
\fBmakeuserdb\fR
command can be safely executed during normal system activity.
.PP
The
\fB\-f\fR
option creates
\fI\fIfilename\fR\fR\fI.dat\fR
from
\fI\fIfilename\fR\fR, instead of the default
\fI@userdb@.dat\fR
from
\fI@userdb@\fR.
.SS "Format of \fI@userdb@\fR"
.PP

\fI@userdb@\fR
is a plain text file that can be created using any text editor. Blank lines are ignored. Lines that start with the # character are comments, and are also ignored. Other lines define properties of a single "account", one line per account.
\fI@userdb@\fR
may be a directory instead of a plain file. In that case all files in
\fI@userdb@\fR
are essentially concatenated, and are treated as a single file. Each line takes the following format:
.sp
.RS 4
.nf
\fIname\fR<TAB>\fIfield\fR=\fIvalue\fR|\fIfield\fR=\fIvalue\fR...
.fi
.RE
.PP
\fIname\fR
is the account name.
\fIname\fR
MUST contain only lowercase characters If
Courier
is configured to treat lowercase and uppercase account names as identical,
\fIname\fR
is followed by exactly one tab character, then a list of field/value pairs separated by vertical slashes.
\fIfield\fR
is the name of the field,
\fIvalue\fR
is the field value. Fields and values themself cannot contain slashes or control characters. Fields may be specified in any order. Here are all the currently defined fields. Note that not every field is used by every application that reads
\fI@userdb@.dat\fR.
.PP

\fIuid\fR
\-
\fIvalue\fR
is a (possibly) unique numerical user ID for this account.
.PP

\fIgid\fR
\-
\fIvalue\fR
is a (possibly) unique numerical group ID for this account.
.PP

\fIhome\fR
\-
\fIvalue\fR
is the account's home directory.
.PP

\fIshell\fR
\-
\fIvalue\fR
is the account's default login shell.
.PP

\fIsystempw\fR
\-
\fIvalue\fR
is the account's password. See
\fI\fBuserdbpw\fR(8)\fR\&[1]
for details on how to set up this field.
.PP

\fIpop3pw, esmtppw, imappw...\fR
\-
\fIvalue\fR
specifies a separate password used only for authenticating access using a specific service, such as POP3, IMAP, or anything else. If not defined,
\fIsystempw\fR
is always used. This allows access to an account to be restricted only to certain services, such as POP3, even if other services are also enabled on the server.
.PP

\fImail\fR
\-
\fIvalue\fR
specifies the location of the account's Maildir mailbox. This is an optional field that is normally used when
\fBuserdb\fR
is used to provide aliases for other mail accounts. For example, one particular multi\-domain E\-mail service configuration that's used by both
Qmail
and
Courier
servers is to deliver mail for a mailbox in a virtual domain, such as "user@example.com", to a local mailbox called "example\-user". Instead of requiring the E\-mail account holder to log in as "example\-user" to download mail from this account, a
\fBuserdb\fR
entry for "user@example.com" is set up with
\fImail\fR
set to the location of example\-user's Maildir mailbox, thus hiding the internal mail configuration from the E\-mail account holder's view.
.PP

\fIquota\fR
\-
\fIvalue\fR
specifies the maildir quota for the account's Maildir. This has nothing to do with actual filesystem quotas.
Courier
has a software\-based Maildir quota enforcement mechanism which requires additional setup and configuration. See
\fI\fBmaildirquota\fR(7)\fR\&[2]
for additional information.
.SS "\fI@userdb@shadow.dat\fR"
.PP
All fields whose name ends with 'pw' will NOT copied to
\fI@userdb@.dat\fR. These fields will be copied to
\fI@userdb@shadow.dat\fR.
\fBmakeuserdb\fR
creates
\fI@userdb@shadow.dat\fR
without any group and world permissions. Note that
\fBmakeuserdb\fR
reports an error if
\fB@userdb@\fR
has any group or world permissions.
.SS "CONVERTING \fI/etc/passwd\fR and vpopmail to \fI@userdb@\fR format"
.PP

\fBpw2userdb\fR
reads the
\fI/etc/passwd\fR
and
\fI/etc/shadow\fR
files and converts all entries to the
\fI@userdb@\fR
format, printing the result on standard output. The output of
\fBpw2userdb\fR
can be saved as
\fB@userdb@\fR
(or as some file in this subdirectory). Linear searches of
\fI/etc/passwd\fR
can be very slow when you have tens of thousands of accounts. Programs like
\fBmaildrop\fR
always look in
\fI@userdb@\fR
first. By saving the system password file in
\fI@userdb@\fR
it is possible to significantly reduce the amount of time it takes to look up this information.
.PP
After saving the output of
\fBpw2userdb\fR, you must still run
\fBmakeuserdb\fR
to create
\fI@userdb@.dat\fR.
.PP

\fBvchkpw2userdb\fR
converts a vpopmail\-style directory hierarchy to the
\fI@userdb@\fR
format. This is an external virtual domain management package that's often used with
Qmail
servers.
.PP
Generally, an account named 'vpopmail' is reserved for this purpose. In that account the file
\fIusers/vpasswd\fR
has the same layout as
\fI/etc/passwd\fR, and performs a similar function, except that all userid in
\fIusers/vpasswd\fR
have the same userid. Additionally, the
\fIdomains\fR
subdirectory stores virtual accounts for multiple domains. For example,
\fIdomains/example.com/vpasswd\fR
has the passwd file for the domain
\fIexample.com\fR. Some systems also have a soft link,
\fIdomains/default\fR, that points to a domain that's considered a "default" domain.
.PP
The
\fBvchkpw2userdb\fR
reads all this information, and tries to convert it into the
\fI@userdb@\fR
format. The
\fI\-\-vpopmailhost\fR
option specifies the top level directory, if it is not the home directory of the vpopmail account.
.PP
The
\fBvchkpw2userdb\fR
script prints the results on standard output. If specified, the
\fI\-\-todir\fR
option tries to convert all
\fIvpasswd\fR
files one at a time, saving each one individually in
\fIdir\fR. For example:
.sp
.RS 4
.nf
mkdir @userdb@
vchkpw2userdb \-\-todir=@userdb@/vpopmail
makeuserdb
.fi
.RE
.PP
It is still necessary to run
\fBmakeuserdb\fR, of course, to create the binary database file
\fI@userdb@.dat\fR
.PP
NOTE: You are still required to create the
\fB@userdb@\fR
entry which maps system userids back to accounts, "\fIuid\fR=<TAB>\fIname\fR", if that's applicable.
\fBvchkpw2userdb\fR
will not do it for you.
.PP
NOTE:
\fBmakeuserdb\fR
may complain about duplicate entries, if your "default" entries in
\fIusers/vpasswd\fR
or
\fIdomains/default/vpasswd\fR
are the same as anything in any other
\fI@userdb@\fR
file. It is also likely that you'll end up with duplicate, but distinct, entries for every account in the default domain. For example, if your default domain is example.com, you'll end up with duplicate entries \- you'll have entries for both
\fIuser\fR
and
\fIuser@example.com\fR.
.PP
If you intend to maintain the master set of accounts using vchkpw/vpopmail, in order to avoid cleaning this up every time, you might want to consider doing the following: run
\fBvchkpw2userdb\fR
once, using the
\fI\-\-todir\fR
option. Then, go into the resulting directory, and replace one of the redundant files with a soft link to
\fI/dev/null\fR. This allows you to run
\fBvchkpw2userdb\fR
without having to go in and cleaning up again, afterwards.
.SH "FILES"
.sp
.RS 4
.nf
\fI@userdb@\fR
\fI@userdb@.dat\fR
\fI@userdb@shadow.dat\fR
\fI@tmpdir@/userdb.tmp\fR \- temporary file
\fI@tmpdir@/userdbshadow.tmp\fR \- temporary file
.fi
.RE
.SH "BUGS"
.PP
\fBmakeuserdb\fR
is a Perl script, and uses Perl's portable locking. Perl's documentation notes that certain combinations of locking options may not work with some networks.
.SH "SEE ALSO"
.PP

\fI\fBuserdb\fR(8)\fR\&[3],
\fI\fBmaildrop\fR(8)\fR\&[4],
\fI\fBcourier\fR(8)\fR\&[5],
\fI\fBmaildirquota\fR(7)\fR\&[2].
.SH "REFERENCES"
.IP " 1." 4
\fBuserdbpw\fR(8)
.RS 4
\%userdbpw.html
.RE
.IP " 2." 4
\fBmaildirquota\fR(7)
.RS 4
\%maildirquota.html
.RE
.IP " 3." 4
\fBuserdb\fR(8)
.RS 4
\%userdb.html
.RE
.IP " 4." 4
\fBmaildrop\fR(8)
.RS 4
\%maildrop.html
.RE
.IP " 5." 4
\fBcourier\fR(8)
.RS 4
\%courier.html
.RE