Commit | Line | Data |
---|---|---|
d9898ee8 | 1 | <?xml version="1.0"?> |
b0322a85 | 2 | <html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/><title>makeuserdb</title><link rel="stylesheet" type="text/css" href="style.css"/><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"/><link rel="home" href="#makeuserdb" title="makeuserdb"/><link xmlns="" rel="stylesheet" type="text/css" href="manpage.css"/><meta xmlns="" name="MSSmartTagsPreventParsing" content="TRUE"/><link xmlns="" rel="icon" href="icon.gif" type="image/gif"/><!-- |
d9898ee8 | 3 | |
b0322a85 | 4 | Copyright 1998 - 2009 Double Precision, Inc. See COPYING for distribution |
d9898ee8 | 5 | information. |
6 | ||
b0322a85 | 7 | --></head><body><div class="refentry"><a id="makeuserdb" shape="rect"> </a><div class="titlepage"/><div class="refnamediv"><h2>Name</h2><p>makeuserdb — create @userdb@</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">makeuserdb</code> [-f <em class="replaceable"><code>filename</code></em>]</p></div><div class="cmdsynopsis"><p><code class="command">pw2userdb</code> </p></div><div class="cmdsynopsis"><p><code class="command">vchkpw2userdb</code> [--vpopmailhome=<em class="replaceable"><code>dir</code></em>] [--todir=<em class="replaceable"><code>dir</code></em>]</p></div></div><div class="refsect1"><a id="idm247889088800" shape="rect"> </a><h2>DESCRIPTION</h2><p> |
8d138742 | 8 | <span class="command"><strong>makeuserdb</strong></span> creates <code class="filename">@userdb@.dat</code> from |
d9898ee8 | 9 | the contents of <code class="filename">@userdb@</code>. |
10 | <code class="filename">@userdb@</code>'s contents are described later in this document. | |
11 | <span class="application">Maildrop</span>, | |
12 | <span class="application">Courier</span>, and other applications use | |
13 | <code class="filename">@userdb@.dat</code> as a | |
14 | substitute/complement for your system password file. | |
15 | The usual purpose for | |
16 | <code class="filename">@userdb@.dat</code> is to specify "virtual" accounts - accounts | |
17 | that do | |
18 | not have an associated system login. | |
19 | Usually (but not necessarily) all virtual accounts share the same | |
20 | system userid. | |
21 | <code class="filename">@userdb@.dat</code> may also replace | |
22 | your system password file. Because the system password file is a text file, | |
23 | when there's a large number of accounts it will be significantly faster to | |
24 | search | |
25 | <code class="filename">@userdb.dat@</code>, which is a binary database, | |
26 | instead of a flat text file that the system password file usually is.</p><p> | |
8d138742 | 27 | The <span class="command"><strong>makeuserdb</strong></span> command can be safely executed during |
d9898ee8 | 28 | normal system activity.</p><p> |
29 | The <code class="option">-f</code> option creates | |
30 | <code class="filename"><em class="replaceable"><code>filename</code></em>.dat</code> from | |
31 | <code class="filename"><em class="replaceable"><code>filename</code></em></code>, instead of the | |
32 | default <code class="filename">@userdb@.dat</code> from | |
b0322a85 | 33 | <code class="filename">@userdb@</code>.</p><div class="refsect2"><a id="idm247884945760" shape="rect"> </a><h3>Format of <code class="filename">@userdb@</code></h3><p> |
d9898ee8 | 34 | <code class="filename">@userdb@</code> is a plain text file that can be created using |
35 | any text editor. Blank lines are ignored. Lines that start with the # | |
36 | character are comments, and are also ignored. | |
37 | Other lines define properties of a single | |
38 | "account", one line per account. | |
39 | <code class="filename">@userdb@</code> may be a directory instead of a plain file. | |
40 | In that case all files in <code class="filename">@userdb@</code> are essentially | |
41 | concatenated, and are treated as a single file. | |
42 | Each line takes the following format:</p><div class="blockquote"><blockquote class="blockquote"><div class="informalexample"><div class="literallayout"><p><em class="replaceable"><code>name</code></em><span class="token"><TAB></span><em class="replaceable"><code>field</code></em>=<em class="replaceable"><code>value</code></em>|<em class="replaceable"><code>field</code></em>=<em class="replaceable"><code>value</code></em>...</p></div></div></blockquote></div><p><em class="replaceable"><code>name</code></em> is the account name. | |
43 | <em class="replaceable"><code>name</code></em> MUST contain only lowercase characters | |
44 | If <span class="application">Courier</span> is | |
45 | configured to treat lowercase and uppercase account names as | |
46 | identical, <em class="replaceable"><code>name</code></em> is followed by exactly one tab | |
47 | character, then a list of field/value pairs separated by vertical slashes. | |
48 | <em class="replaceable"><code>field</code></em> is the name of the field, | |
49 | <em class="replaceable"><code>value</code></em> is the field value. | |
50 | Fields and values themself cannot contain slashes or control characters. | |
51 | Fields may be | |
52 | specified in any order. Here are all the currently defined fields. Note that | |
53 | not every field is used by every application that reads | |
54 | <code class="filename">@userdb@.dat</code>.</p><div class="blockquote"><blockquote class="blockquote"><p> | |
55 | <em class="parameter"><code>uid</code></em> - <em class="replaceable"><code>value</code></em> is a (possibly) | |
56 | unique numerical user ID for this account.</p><p> | |
57 | <em class="parameter"><code>gid</code></em> - <em class="replaceable"><code>value</code></em> is a (possibly) | |
58 | unique numerical group ID for this account.</p><p> | |
59 | <em class="parameter"><code>home</code></em> - <em class="replaceable"><code>value</code></em> is the account's home | |
60 | directory.</p><p> | |
61 | <em class="parameter"><code>shell</code></em> - <em class="replaceable"><code>value</code></em> is the account's default | |
62 | login shell.</p><p> | |
63 | <em class="parameter"><code>systempw</code></em> - <em class="replaceable"><code>value</code></em> is the account's | |
64 | password. See | |
8d138742 | 65 | <a class="ulink" href="userdbpw.html" target="_top" shape="rect"><span class="citerefentry"><span class="refentrytitle">userdbpw</span>(8)</span></a> |
d9898ee8 | 66 | for details on how to set up this field.</p><p> |
67 | <em class="parameter"><code>pop3pw, esmtppw, imappw...</code></em> - <em class="replaceable"><code>value</code></em> | |
68 | specifies a separate password used only for authenticating access using a | |
69 | specific service, such as POP3, IMAP, or anything else. If not defined, | |
70 | <em class="parameter"><code>systempw</code></em> is always used. This allows access to an account to be | |
71 | restricted only to certain services, such as POP3, even if other services | |
72 | are also enabled on the server.</p><p> | |
73 | <em class="parameter"><code>mail</code></em> - <em class="replaceable"><code>value</code></em> specifies the location of | |
74 | the account's Maildir mailbox. This is an optional field that is normally | |
8d138742 | 75 | used when <span class="command"><strong>userdb</strong></span> is used to provide aliases for other |
d9898ee8 | 76 | mail accounts. For example, one particular multi-domain E-mail |
77 | service configuration | |
78 | that's used by both <span class="application">Qmail</span> and | |
79 | <span class="application">Courier</span> servers is to deliver mail for a | |
80 | mailbox in a virtual domain, such as "user@example.com", to a local mailbox | |
81 | called "example-user". Instead of requiring the E-mail account | |
82 | holder to log in as | |
8d138742 | 83 | "example-user" to download mail from this account, a <span class="command"><strong>userdb</strong></span> |
d9898ee8 | 84 | entry for "user@example.com" is set up with <em class="parameter"><code>mail</code></em> set to the |
85 | location of example-user's Maildir mailbox, thus hiding the internal | |
86 | mail configuration from the E-mail account holder's view.</p><p> | |
87 | <em class="parameter"><code>quota</code></em> - <em class="replaceable"><code>value</code></em> specifies the | |
88 | maildir quota for the account's Maildir. | |
89 | This has nothing to do with actual filesystem quotas. | |
90 | <span class="application">Courier</span> has a | |
91 | software-based Maildir quota enforcement | |
92 | mechanism which requires additional setup and configuration. | |
93 | See | |
8d138742 | 94 | <a class="ulink" href="maildirquota.html" target="_top" shape="rect"><span class="citerefentry"><span class="refentrytitle">maildirquota</span>(7)</span></a> |
b0322a85 | 95 | for additional information.</p></blockquote></div></div><div class="refsect2"><a id="idm247889191520" shape="rect"> </a><h3><code class="filename">@userdb@shadow.dat</code></h3><p> |
d9898ee8 | 96 | All fields whose name ends with 'pw' will NOT copied to |
97 | <code class="filename">@userdb@.dat</code>. These fields will be copied to | |
98 | <code class="filename">@userdb@shadow.dat</code>. | |
8d138742 | 99 | <span class="command"><strong>makeuserdb</strong></span> creates <code class="filename">@userdb@shadow.dat</code> |
d9898ee8 | 100 | without any group and world permissions. |
8d138742 CE |
101 | Note that <span class="command"><strong>makeuserdb</strong></span> reports an error |
102 | if <span class="command"><strong>@userdb@</strong></span> has any group | |
b0322a85 | 103 | or world permissions.</p></div><div class="refsect2"><a id="idm247889185648" shape="rect"> </a><h3>CONVERTING <code class="filename">/etc/passwd</code> |
d9898ee8 | 104 | and vpopmail to <code class="filename">@userdb@</code> format</h3><p> |
8d138742 | 105 | <span class="command"><strong>pw2userdb</strong></span> reads the <code class="filename">/etc/passwd</code> and |
d9898ee8 | 106 | <code class="filename">/etc/shadow</code> files and converts all entries to the |
107 | <code class="filename">@userdb@</code> format, | |
108 | printing the result on standard output. | |
8d138742 CE |
109 | The output of <span class="command"><strong>pw2userdb</strong></span> |
110 | can be saved as <span class="command"><strong>@userdb@</strong></span> (or as some file in this | |
d9898ee8 | 111 | subdirectory). |
112 | Linear searches of <code class="filename">/etc/passwd</code> can | |
113 | be very slow when you have | |
114 | tens of thousands of accounts. | |
8d138742 | 115 | Programs like <span class="command"><strong>maildrop</strong></span> always look in |
d9898ee8 | 116 | <code class="filename">@userdb@</code> first. |
117 | By saving the system password file in | |
118 | <code class="filename">@userdb@</code> it is possible to significantly reduce the | |
119 | amount of | |
120 | time it takes to look up this information.</p><p> | |
8d138742 CE |
121 | After saving the output of <span class="command"><strong>pw2userdb</strong></span>, you must still run |
122 | <span class="command"><strong>makeuserdb</strong></span> to create | |
d9898ee8 | 123 | <code class="filename">@userdb@.dat</code>.</p><p> |
8d138742 | 124 | <span class="command"><strong>vchkpw2userdb</strong></span> converts a vpopmail-style |
d9898ee8 | 125 | directory hierarchy to the <code class="filename">@userdb@</code> format. |
126 | This is an external virtual domain management package that's often used | |
127 | with <span class="application">Qmail</span> servers.</p><p> | |
128 | Generally, an account named 'vpopmail' is reserved for this purpose. | |
129 | In | |
130 | that account the file <code class="filename">users/vpasswd</code> has the same | |
131 | layout as | |
132 | <code class="filename">/etc/passwd</code>, and performs a similar function, except | |
133 | that all userid in <code class="filename">users/vpasswd</code> have the same userid. | |
134 | Additionally, the | |
135 | <code class="filename">domains</code> subdirectory stores virtual accounts for | |
136 | multiple domains. For example, | |
137 | <code class="filename">domains/example.com/vpasswd</code> | |
138 | has the passwd file for the domain <em class="parameter"><code>example.com</code></em>. | |
139 | Some systems also have a soft link, <em class="parameter"><code>domains/default</code></em>, | |
140 | that points to a domain that's considered a "default" domain.</p><p> | |
8d138742 | 141 | The <span class="command"><strong>vchkpw2userdb</strong></span> reads all this information, and tries to |
d9898ee8 | 142 | convert it into the <code class="filename">@userdb@</code> format. The |
143 | <em class="parameter"><code>--vpopmailhost</code></em> option specifies the top level | |
144 | directory, if it is | |
145 | not the home directory of the vpopmail account.</p><p> | |
8d138742 | 146 | The <span class="command"><strong>vchkpw2userdb</strong></span> script prints the results on standard |
d9898ee8 | 147 | output. If specified, the <em class="parameter"><code>--todir</code></em> option |
148 | tries to convert all | |
149 | <code class="filename">vpasswd</code> files one at a time, saving each one | |
150 | individually in <em class="replaceable"><code>dir</code></em>. For example:</p><div class="blockquote"><blockquote class="blockquote"><div class="informalexample"><div class="literallayout"><p><br clear="none"/> | |
151 | mkdir @userdb@<br clear="none"/> | |
152 | vchkpw2userdb --todir=@userdb@/vpopmail<br clear="none"/> | |
153 | makeuserdb<br clear="none"/> | |
154 | </p></div></div></blockquote></div><p> | |
8d138742 | 155 | It is still necessary to run <span class="command"><strong>makeuserdb</strong></span>, of course, to |
d9898ee8 | 156 | create the binary database file <code class="filename">@userdb@.dat</code></p><p> |
8d138742 | 157 | NOTE: You are still required to create the <span class="command"><strong>@userdb@</strong></span> entry |
d9898ee8 | 158 | which maps |
159 | system userids back to accounts, | |
160 | "<em class="replaceable"><code>uid</code></em>=<span class="token"><TAB></span><em class="replaceable"><code>name</code></em>", | |
8d138742 | 161 | if that's applicable. <span class="command"><strong>vchkpw2userdb</strong></span> will not do it for |
d9898ee8 | 162 | you.</p><p> |
8d138742 | 163 | NOTE: <span class="command"><strong>makeuserdb</strong></span> may complain about duplicate entries, if |
d9898ee8 | 164 | your "default" entries in <code class="filename">users/vpasswd</code> or |
165 | <code class="filename">domains/default/vpasswd</code> are the same as anything in any | |
166 | other <code class="filename">@userdb@</code> file. It is also likely that you'll end | |
167 | up with duplicate, but distinct, entries for every account in the default | |
168 | domain. For | |
169 | example, if your default domain is example.com, you'll end up with duplicate | |
170 | entries - you'll have entries for both <em class="parameter"><code>user</code></em> and | |
171 | <em class="parameter"><code>user@example.com</code></em>.</p><p>If you intend to maintain the master set of accounts using | |
172 | vchkpw/vpopmail, | |
173 | in order to avoid cleaning this up every time, you might want to consider | |
8d138742 | 174 | doing the following: run <span class="command"><strong>vchkpw2userdb</strong></span> once, using the |
d9898ee8 | 175 | <em class="parameter"><code>--todir</code></em> option. |
176 | Then, go into the resulting directory, and | |
177 | replace one of the redundant files with a soft link to | |
178 | <code class="filename">/dev/null</code>. | |
179 | This allows you to run | |
8d138742 | 180 | <span class="command"><strong>vchkpw2userdb</strong></span> without having to go in and |
b0322a85 | 181 | cleaning up again, afterwards.</p></div></div><div class="refsect1"><a id="idm247883799232" shape="rect"> </a><h2>FILES</h2><div class="literallayout"><p><br clear="none"/> |
d9898ee8 | 182 | <code class="filename">@userdb@</code><br clear="none"/> |
183 | <code class="filename">@userdb@.dat</code><br clear="none"/> | |
184 | <code class="filename">@userdb@shadow.dat</code><br clear="none"/> | |
185 | <code class="filename">@tmpdir@/userdb.tmp</code> - temporary file<br clear="none"/> | |
186 | <code class="filename">@tmpdir@/userdbshadow.tmp</code> - temporary file<br clear="none"/> | |
b0322a85 | 187 | </p></div></div><div class="refsect1"><a id="idm247883794480" shape="rect"> </a><h2>BUGS</h2><p><span class="command"><strong>makeuserdb</strong></span> is a Perl script, and uses Perl's portable |
d9898ee8 | 188 | locking. |
189 | Perl's documentation notes that certain combinations of locking options may | |
b0322a85 | 190 | not work with some networks.</p></div><div class="refsect1"><a id="idm247883792656" shape="rect"> </a><h2>SEE ALSO</h2><p> |
8d138742 CE |
191 | <a class="ulink" href="userdb.html" target="_top" shape="rect"><span class="citerefentry"><span class="refentrytitle">userdb</span>(8)</span></a>, |
192 | <a class="ulink" href="maildrop.html" target="_top" shape="rect"><span class="citerefentry"><span class="refentrytitle">maildrop</span>(8)</span></a>, | |
193 | <a class="ulink" href="courier.html" target="_top" shape="rect"><span class="citerefentry"><span class="refentrytitle">courier</span>(8)</span></a>, | |
194 | <a class="ulink" href="maildirquota.html" target="_top" shape="rect"><span class="citerefentry"><span class="refentrytitle">maildirquota</span>(7)</span></a>. | |
d9898ee8 | 195 | </p></div></div></body></html> |