1// -*- mode:doc -*- ;
2// vim: set syntax=asciidoc:
3
4[[makeuser-syntax]]
5== Makeusers syntax documentation
6
7The syntax to create users is inspired by the makedev syntax, above, but
8is specific to Buildroot.
9
10The syntax for adding a user is a space-separated list of fields, one
11user per line; the fields are:
12
13|=================================================================
14|username |uid |group |gid |password |home |shell |groups |comment
15|=================================================================
16
17Where:
18
19- +username+ is the desired user name (aka login name) for the user.
20  It can not be +root+, and must be unique. If set to +-+, then just a
21  group will be created.
22- +uid+ is the desired UID for the user. It must be unique, and not
23  +0+. If set to +-1+ or +-2+, then a unique UID will be computed by
24  Buildroot, with +-1+ denoting a system UID from [100...999] and +-2+
25  denoting a user UID from [1000...1999].
26- +group+ is the desired name for the user's main group. It can not
27  be +root+. If the group does not exist, it will be created.
28- +gid+ is the desired GID for the user's main group. It must be unique,
29  and not +0+. If set to +-1+ or +-2+, and the group does not already
30  exist, then a unique GID will be computed by Buildroot, with +-1+
31  denoting a system GID from [100...999] and +-2+ denoting a user GID
32  from [1000...1999].
33- +password+ is the crypt(3)-encoded password. If prefixed with +!+,
34  then login is disabled. If prefixed with +=+, then it is interpreted
35  as clear-text, and will be crypt-encoded (using MD5). If prefixed with
36  +!=+, then the password will be crypt-encoded (using MD5) and login
37  will be disabled. If set to +*+, then login is not allowed. If set to
38  +-+, then no password value will be set.
39- +home+ is the desired home directory for the user. If set to '-', no
40  home directory will be created, and the user's home will be +/+.
41  Explicitly setting +home+ to +/+ is not allowed.
42- +shell+ is the desired shell for the user. If set to +-+, then
43  +/bin/false+ is set as the user's shell.
44- +groups+ is the comma-separated list of additional groups the user
45  should be part of. If set to +-+, then the user will be a member of
46  no additional group. Missing groups will be created with an arbitrary
47  +gid+.
48- +comment+ (aka https://en.wikipedia.org/wiki/Gecos_field[GECOS]
49  field) is an almost-free-form text.
50
51There are a few restrictions on the content of each field:
52
53* except for +comment+, all fields are mandatory.
54* except for +comment+, fields may not contain spaces.
55* no field may contain a colon (+:+).
56
57If +home+ is not +-+, then the home directory, and all files below,
58will belong to the user and its main group.
59
60Examples:
61
62----
63foo -1 bar -1 !=blabla /home/foo /bin/sh alpha,bravo Foo user
64----
65
66This will create this user:
67
68- +username+ (aka login name) is: +foo+
69- +uid+ is computed by Buildroot
70- main +group+ is: +bar+
71- main group +gid+ is computed by Buildroot
72- clear-text +password+ is: +blabla+, will be crypt(3)-encoded, and login is disabled.
73- +home+ is: +/home/foo+
74- +shell+ is: +/bin/sh+
75- +foo+ is also a member of +groups+: +alpha+ and +bravo+
76- +comment+ is: +Foo user+
77
78----
79test 8000 wheel -1 = - /bin/sh - Test user
80----
81
82This will create this user:
83
84- +username+ (aka login name) is: +test+
85- +uid+ is : +8000+
86- main +group+ is: +wheel+
87- main group +gid+ is computed by Buildroot, and will use the value defined in the rootfs skeleton
88- +password+ is empty (aka no password).
89- +home+ is +/+ but will not belong to +test+
90- +shell+ is: +/bin/sh+
91- +test+ is not a member of any additional +groups+
92- +comment+ is: +Test user+
93
94
95=== Caveat with automatic UIDs and GIDs
96
97When updating buildroot or when packages are added or removed to/from
98the configuration, it is possible that the automatic UIDs and GIDs are
99changed. This can be a problem if persistent files were created with
100that user or group: after upgrade, they will suddenly have a different
101owner.
102
103Therefore, it is advisable to perpetuate the automatic IDs. This can be
104done by adding a users table with the generated IDs. It is only needed
105to do this for UIDs that actually create persistent files, e.g. database.
106