d9898ee8 |
1 | <?xml version="1.0"?> |
2 | <html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/><title>makeuserdb</title><link rel="stylesheet" href="style.css" type="text/css"/><meta name="generator" content="DocBook XSL Stylesheets V1.72.0"/><link rel="start" href="#makeuserdb" title="makeuserdb"/><link xmlns="" rel="stylesheet" type="text/css" href="manpage.css"/><meta xmlns="" name="MSSmartTagsPreventParsing" content="TRUE"/><link xmlns="" rel="icon" href="icon.gif" type="image/gif"/><!-- |
3 | |
4 | Copyright 1998 - 2007 Double Precision, Inc. See COPYING for distribution |
5 | information. |
6 | |
7 | --></head><body><div class="refentry" lang="en" xml:lang="en"><a id="makeuserdb" shape="rect"> </a><div class="titlepage"/><div class="refnamediv"><h2>Name</h2><p>make — create @userdb@</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">makeuserdb</code> [-f <em class="replaceable"><code>filename</code></em>]</p></div><div class="cmdsynopsis"><p><code class="command">pw2userdb</code> </p></div><div class="cmdsynopsis"><p><code class="command">vchkpw2userdb</code> [--vpopmailhome=<em class="replaceable"><code>dir</code></em>] [--todir=<em class="replaceable"><code>dir</code></em>]</p></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id282336" shape="rect"> </a><h2>DESCRIPTION</h2><p> |
8 | <span><strong class="command">makeuserdb</strong></span> creates <code class="filename">@userdb@.dat</code> from |
9 | the contents of <code class="filename">@userdb@</code>. |
10 | <code class="filename">@userdb@</code>'s contents are described later in this document. |
11 | <span class="application">Maildrop</span>, |
12 | <span class="application">Courier</span>, and other applications use |
13 | <code class="filename">@userdb@.dat</code> as a |
14 | substitute/complement for your system password file. |
15 | The usual purpose for |
16 | <code class="filename">@userdb@.dat</code> is to specify "virtual" accounts - accounts |
17 | that do |
18 | not have an associated system login. |
19 | Usually (but not necessarily) all virtual accounts share the same |
20 | system userid. |
21 | <code class="filename">@userdb@.dat</code> may also replace |
22 | your system password file. Because the system password file is a text file, |
23 | when there's a large number of accounts it will be significantly faster to |
24 | search |
25 | <code class="filename">@userdb.dat@</code>, which is a binary database, |
26 | instead of a flat text file that the system password file usually is.</p><p> |
27 | The <span><strong class="command">makeuserdb</strong></span> command can be safely executed during |
28 | normal system activity.</p><p> |
29 | The <code class="option">-f</code> option creates |
30 | <code class="filename"><em class="replaceable"><code>filename</code></em>.dat</code> from |
31 | <code class="filename"><em class="replaceable"><code>filename</code></em></code>, instead of the |
32 | default <code class="filename">@userdb@.dat</code> from |
33 | <code class="filename">@userdb@</code>.</p><div class="refsect2" lang="en" xml:lang="en"><a id="id282645" shape="rect"> </a><h3>Format of <code class="filename">@userdb@</code></h3><p> |
34 | <code class="filename">@userdb@</code> is a plain text file that can be created using |
35 | any text editor. Blank lines are ignored. Lines that start with the # |
36 | character are comments, and are also ignored. |
37 | Other lines define properties of a single |
38 | "account", one line per account. |
39 | <code class="filename">@userdb@</code> may be a directory instead of a plain file. |
40 | In that case all files in <code class="filename">@userdb@</code> are essentially |
41 | concatenated, and are treated as a single file. |
42 | Each line takes the following format:</p><div class="blockquote"><blockquote class="blockquote"><div class="informalexample"><div class="literallayout"><p><em class="replaceable"><code>name</code></em><span class="token"><TAB></span><em class="replaceable"><code>field</code></em>=<em class="replaceable"><code>value</code></em>|<em class="replaceable"><code>field</code></em>=<em class="replaceable"><code>value</code></em>...</p></div></div></blockquote></div><p><em class="replaceable"><code>name</code></em> is the account name. |
43 | <em class="replaceable"><code>name</code></em> MUST contain only lowercase characters |
44 | If <span class="application">Courier</span> is |
45 | configured to treat lowercase and uppercase account names as |
46 | identical, <em class="replaceable"><code>name</code></em> is followed by exactly one tab |
47 | character, then a list of field/value pairs separated by vertical slashes. |
48 | <em class="replaceable"><code>field</code></em> is the name of the field, |
49 | <em class="replaceable"><code>value</code></em> is the field value. |
50 | Fields and values themself cannot contain slashes or control characters. |
51 | Fields may be |
52 | specified in any order. Here are all the currently defined fields. Note that |
53 | not every field is used by every application that reads |
54 | <code class="filename">@userdb@.dat</code>.</p><div class="blockquote"><blockquote class="blockquote"><p> |
55 | <em class="parameter"><code>uid</code></em> - <em class="replaceable"><code>value</code></em> is a (possibly) |
56 | unique numerical user ID for this account.</p><p> |
57 | <em class="parameter"><code>gid</code></em> - <em class="replaceable"><code>value</code></em> is a (possibly) |
58 | unique numerical group ID for this account.</p><p> |
59 | <em class="parameter"><code>home</code></em> - <em class="replaceable"><code>value</code></em> is the account's home |
60 | directory.</p><p> |
61 | <em class="parameter"><code>shell</code></em> - <em class="replaceable"><code>value</code></em> is the account's default |
62 | login shell.</p><p> |
63 | <em class="parameter"><code>systempw</code></em> - <em class="replaceable"><code>value</code></em> is the account's |
64 | password. See |
65 | <a href="userdbpw.html" target="_top" shape="rect"><span class="citerefentry"><span class="refentrytitle">userdbpw</span>(8)</span></a> |
66 | for details on how to set up this field.</p><p> |
67 | <em class="parameter"><code>pop3pw, esmtppw, imappw...</code></em> - <em class="replaceable"><code>value</code></em> |
68 | specifies a separate password used only for authenticating access using a |
69 | specific service, such as POP3, IMAP, or anything else. If not defined, |
70 | <em class="parameter"><code>systempw</code></em> is always used. This allows access to an account to be |
71 | restricted only to certain services, such as POP3, even if other services |
72 | are also enabled on the server.</p><p> |
73 | <em class="parameter"><code>mail</code></em> - <em class="replaceable"><code>value</code></em> specifies the location of |
74 | the account's Maildir mailbox. This is an optional field that is normally |
75 | used when <span><strong class="command">userdb</strong></span> is used to provide aliases for other |
76 | mail accounts. For example, one particular multi-domain E-mail |
77 | service configuration |
78 | that's used by both <span class="application">Qmail</span> and |
79 | <span class="application">Courier</span> servers is to deliver mail for a |
80 | mailbox in a virtual domain, such as "user@example.com", to a local mailbox |
81 | called "example-user". Instead of requiring the E-mail account |
82 | holder to log in as |
83 | "example-user" to download mail from this account, a <span><strong class="command">userdb</strong></span> |
84 | entry for "user@example.com" is set up with <em class="parameter"><code>mail</code></em> set to the |
85 | location of example-user's Maildir mailbox, thus hiding the internal |
86 | mail configuration from the E-mail account holder's view.</p><p> |
87 | <em class="parameter"><code>quota</code></em> - <em class="replaceable"><code>value</code></em> specifies the |
88 | maildir quota for the account's Maildir. |
89 | This has nothing to do with actual filesystem quotas. |
90 | <span class="application">Courier</span> has a |
91 | software-based Maildir quota enforcement |
92 | mechanism which requires additional setup and configuration. |
93 | See |
94 | <a href="maildirquota.html" target="_top" shape="rect"><span class="citerefentry"><span class="refentrytitle">maildirquota</span>(7)</span></a> |
95 | for additional information.</p></blockquote></div></div><div class="refsect2" lang="en" xml:lang="en"><a id="id325306" shape="rect"> </a><h3><code class="filename">@userdb@shadow.dat</code></h3><p> |
96 | All fields whose name ends with 'pw' will NOT copied to |
97 | <code class="filename">@userdb@.dat</code>. These fields will be copied to |
98 | <code class="filename">@userdb@shadow.dat</code>. |
99 | <span><strong class="command">makeuserdb</strong></span> creates <code class="filename">@userdb@shadow.dat</code> |
100 | without any group and world permissions. |
101 | Note that <span><strong class="command">makeuserdb</strong></span> reports an error |
102 | if <span><strong class="command">@userdb@</strong></span> has any group |
103 | or world permissions.</p></div><div class="refsect2" lang="en" xml:lang="en"><a id="id325356" shape="rect"> </a><h3>CONVERTING <code class="filename">/etc/passwd</code> |
104 | and vpopmail to <code class="filename">@userdb@</code> format</h3><p> |
105 | <span><strong class="command">pw2userdb</strong></span> reads the <code class="filename">/etc/passwd</code> and |
106 | <code class="filename">/etc/shadow</code> files and converts all entries to the |
107 | <code class="filename">@userdb@</code> format, |
108 | printing the result on standard output. |
109 | The output of <span><strong class="command">pw2userdb</strong></span> |
110 | can be saved as <span><strong class="command">@userdb@</strong></span> (or as some file in this |
111 | subdirectory). |
112 | Linear searches of <code class="filename">/etc/passwd</code> can |
113 | be very slow when you have |
114 | tens of thousands of accounts. |
115 | Programs like <span><strong class="command">maildrop</strong></span> always look in |
116 | <code class="filename">@userdb@</code> first. |
117 | By saving the system password file in |
118 | <code class="filename">@userdb@</code> it is possible to significantly reduce the |
119 | amount of |
120 | time it takes to look up this information.</p><p> |
121 | After saving the output of <span><strong class="command">pw2userdb</strong></span>, you must still run |
122 | <span><strong class="command">makeuserdb</strong></span> to create |
123 | <code class="filename">@userdb@.dat</code>.</p><p> |
124 | <span><strong class="command">vchkpw2userdb</strong></span> converts a vpopmail-style |
125 | directory hierarchy to the <code class="filename">@userdb@</code> format. |
126 | This is an external virtual domain management package that's often used |
127 | with <span class="application">Qmail</span> servers.</p><p> |
128 | Generally, an account named 'vpopmail' is reserved for this purpose. |
129 | In |
130 | that account the file <code class="filename">users/vpasswd</code> has the same |
131 | layout as |
132 | <code class="filename">/etc/passwd</code>, and performs a similar function, except |
133 | that all userid in <code class="filename">users/vpasswd</code> have the same userid. |
134 | Additionally, the |
135 | <code class="filename">domains</code> subdirectory stores virtual accounts for |
136 | multiple domains. For example, |
137 | <code class="filename">domains/example.com/vpasswd</code> |
138 | has the passwd file for the domain <em class="parameter"><code>example.com</code></em>. |
139 | Some systems also have a soft link, <em class="parameter"><code>domains/default</code></em>, |
140 | that points to a domain that's considered a "default" domain.</p><p> |
141 | The <span><strong class="command">vchkpw2userdb</strong></span> reads all this information, and tries to |
142 | convert it into the <code class="filename">@userdb@</code> format. The |
143 | <em class="parameter"><code>--vpopmailhost</code></em> option specifies the top level |
144 | directory, if it is |
145 | not the home directory of the vpopmail account.</p><p> |
146 | The <span><strong class="command">vchkpw2userdb</strong></span> script prints the results on standard |
147 | output. If specified, the <em class="parameter"><code>--todir</code></em> option |
148 | tries to convert all |
149 | <code class="filename">vpasswd</code> files one at a time, saving each one |
150 | individually in <em class="replaceable"><code>dir</code></em>. For example:</p><div class="blockquote"><blockquote class="blockquote"><div class="informalexample"><div class="literallayout"><p><br clear="none"/> |
151 | mkdir @userdb@<br clear="none"/> |
152 | vchkpw2userdb --todir=@userdb@/vpopmail<br clear="none"/> |
153 | makeuserdb<br clear="none"/> |
154 | </p></div></div></blockquote></div><p> |
155 | It is still necessary to run <span><strong class="command">makeuserdb</strong></span>, of course, to |
156 | create the binary database file <code class="filename">@userdb@.dat</code></p><p> |
157 | NOTE: You are still required to create the <span><strong class="command">@userdb@</strong></span> entry |
158 | which maps |
159 | system userids back to accounts, |
160 | "<em class="replaceable"><code>uid</code></em>=<span class="token"><TAB></span><em class="replaceable"><code>name</code></em>", |
161 | if that's applicable. <span><strong class="command">vchkpw2userdb</strong></span> will not do it for |
162 | you.</p><p> |
163 | NOTE: <span><strong class="command">makeuserdb</strong></span> may complain about duplicate entries, if |
164 | your "default" entries in <code class="filename">users/vpasswd</code> or |
165 | <code class="filename">domains/default/vpasswd</code> are the same as anything in any |
166 | other <code class="filename">@userdb@</code> file. It is also likely that you'll end |
167 | up with duplicate, but distinct, entries for every account in the default |
168 | domain. For |
169 | example, if your default domain is example.com, you'll end up with duplicate |
170 | entries - you'll have entries for both <em class="parameter"><code>user</code></em> and |
171 | <em class="parameter"><code>user@example.com</code></em>.</p><p>If you intend to maintain the master set of accounts using |
172 | vchkpw/vpopmail, |
173 | in order to avoid cleaning this up every time, you might want to consider |
174 | doing the following: run <span><strong class="command">vchkpw2userdb</strong></span> once, using the |
175 | <em class="parameter"><code>--todir</code></em> option. |
176 | Then, go into the resulting directory, and |
177 | replace one of the redundant files with a soft link to |
178 | <code class="filename">/dev/null</code>. |
179 | This allows you to run |
180 | <span><strong class="command">vchkpw2userdb</strong></span> without having to go in and |
181 | cleaning up again, afterwards.</p></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id325708" shape="rect"> </a><h2>FILES</h2><div class="literallayout"><p><br clear="none"/> |
182 | <code class="filename">@userdb@</code><br clear="none"/> |
183 | <code class="filename">@userdb@.dat</code><br clear="none"/> |
184 | <code class="filename">@userdb@shadow.dat</code><br clear="none"/> |
185 | <code class="filename">@tmpdir@/userdb.tmp</code> - temporary file<br clear="none"/> |
186 | <code class="filename">@tmpdir@/userdbshadow.tmp</code> - temporary file<br clear="none"/> |
187 | </p></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id325752" shape="rect"> </a><h2>BUGS</h2><p><span><strong class="command">makeuserdb</strong></span> is a Perl script, and uses Perl's portable |
188 | locking. |
189 | Perl's documentation notes that certain combinations of locking options may |
190 | not work with some networks.</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id325768" shape="rect"> </a><h2>SEE ALSO</h2><p> |
191 | <a href="userdb.html" target="_top" shape="rect"><span class="citerefentry"><span class="refentrytitle">userdb</span>(8)</span></a>, |
192 | <a href="maildrop.html" target="_top" shape="rect"><span class="citerefentry"><span class="refentrytitle">maildrop</span>(8)</span></a>, |
193 | <a href="courier.html" target="_top" shape="rect"><span class="citerefentry"><span class="refentrytitle">courier</span>(8)</span></a>, |
194 | <a href="maildirquota.html" target="_top" shape="rect"><span class="citerefentry"><span class="refentrytitle">maildirquota</span>(7)</span></a>. |
195 | </p></div></div></body></html> |