File: cpu.conf.5

package info (click to toggle)
cpu 1.4.3-12
  • links: PTS, VCS
  • area: main
  • in suites: buster, sid, stretch
  • size: 2,612 kB
  • sloc: sh: 7,535; ansic: 7,392; makefile: 117
file content (199 lines) | stat: -rw-r--r-- 10,318 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
.\" to process use the following command
.\" groff -man -Tascii manpagename.1
.TH CPU.CONF 5 "17 February 2003"
.SH NAME
cpu.conf \- cpu configuration file

.SH DESCRIPTION
This file stores all configurable options for CPU and CPU modules. You can
specify the location of the configuration file at runtime by specifying the
\fI--config\fR or \fI-C\fR command line switches (see \fBcpu(8)\fR). Each CPU
module has its own configuration section, but they are all documented here. It
is recommended that the config file have strict permissions such as 600. Please
note that configuration options take the following format: option = value and
section headers are of the format [HEADER]

.SH GLOBAL OPTIONS
Global options should be under the section marked [GLOBAL]. All options under
this section impact all operations.
.IP "\fBDEFAULT_METHOD\fR = \fImethod\fR"
Specifies what the default administration method is. This value should be a
string of either ldap or passwd.
.IP "\fBCRACKLIB_DICTIONARY\fR = \fIfile\fR"
If CPU was compiled --with-libcrack \fIfile\fR should be the location of
cracklib_dict.

.SH LDAP OPTIONS
LDAP options should be under the section marked [LDAP].
These options are only useful when \fBDEFAULT_METHOD\fR is set to ldap or when
ldap was specified at the command line with the \fB-M\fR switch. These options
are only used by the LDAP module.
.IP "\fBLDAP_HOST\fR = \fIhostname\fR"
\fIhostname\fR should be either the IP address or the hostname of the server
running the LDAP directory that you wish to administer users on. This can be
overridden with the \fB-N\fR command line switch.
.IP "\fBLDAP_PORT\fR = \fIport\fR"
\fIport\fR is the port that the LDAP server specified by \fBLDAP_HOST\fR is
listening on. This value must be non negative. This can be overridden by the
\fB-P\fR command line switch.
.IP "\fBBIND_DN\fR = \fIdn\fR"
\fIdn\fR should be the fully qualified DN of an LDAP entity with appropriate
rights to perform any actions that you wish. This value can be overridden by
the \fB-D\fR command line switch.
.IP "\fBBIND_PASS\fR = \fIpassword\fR"
\fIpassword\fR is the password of the entity specified by \fBBIND_DN\fR. This
value is passed directly to the server, so it may be stored encrypted if your
server supports this. This value can be overridden by the \fB-w\fR command
line switch.
.IP "\fBUSER_BASE\fR = \fIbase_dn\fR"
\fIbase_dn\fR is the base dn that users should be added to, search for,
deleted from, or modified from. In general if you wish to add a user to the
following dn: ou=users,o=company,c=us \fIbase_dn\fR should be set to
ou=users,o=company,c=us. If you set this value to o=company,c=us users will be
added to that dn, although for searching purposes the scope is more broad.
This value can be overridden at the command line with the \fB-U\fR switch.
.IP "\fBGROUP_BASE\fR = \fIbase_dn\fR"
\fIbase_dn\fR is the base dn that groups should be added to, search for,
deleted from, or modified from. In general if you wish to add a group to the
following dn: ou=group,o=company,c=us \fIbase_dn\fR should be set to
ou=group,o=company,c=us. If you set this value to o=company,c=us groups will be
added to that dn, although for searching purposes the scope is more broad.
This value can be overridden at the command line with the \fB-B\fR switch.
.IP "\fBUSER_OBJECT_CLASS\fR = \fIobject_class\fR"
.IP "\fBGROUP_OBJECT_CLASS\fR = \fIobject_class\fR"
\fIobject_class\fR is a comma separated list of object classes that are
required by your LDAP directories schema in order to add or modify users and
groups. The default should be fine, consult your vendors documentation or
contact \fIcpu-users@lists.sourceforge.net\fR if you have problems.
.IP "\fBUSER_FILTER\fR = \fIfilter\fR"
.IP "\fBGROUP_FILTER\fR = \fIfilter\fR"
\fIfilter\fR is a filter that adhears to the following BNF:
.nf
        <filter> ::= '(' <filtercomp> ')'
        <filtercomp> ::= <and> | <or> | <not> | <simple>
        <and> ::= '&' <filterlist>
        <or> ::= '|' <filterlist>
        <not> ::= '!' <filter>
        <filterlist> ::= <filter> | <filter> <filterlist>
        <simple> ::= <attributetype> <filtertype> <attributevalue>
        <filtertype> ::= '=' | '~=' | '<=' | '>='
.fi
These filters are utilized to locate users and groups, as well as to aid in
finding new uid's and gid's.
.IP "\fBUSER_CN_STRING\fR = \fIstring\fR"
\fIstring\fR is used during user creation. It allows you to specify the dn of
the user. The dn becomes string=login,...
.IP "\fBGROUP_CN_STRING\fR = \fIstring\fR"
\fIstring\fR is used during group creation. It allows you to specify the dn of
the group. The dn becomes string=groupname,...
.IP "\fBTIMEOUT\fR = \fItimeout\fR"
\fItimeout\fR should be a value in seconds and greater than 0. If unspecified
the default is 60. This value determines the duration after which an operation
should be aborted.

.LP
The following options are still used by the [LDAP] section, but are more user
centric and less ldap centric.
.IP "\fBSKEL_DIR\fR = \fIdir\fR"
\fIdir\fR should be the path for a directory that files are to be copied from
when \fB-m\fR is given at the command line. This value can be overridden by
the \fB-k\fR command line switch.
.IP "\fBDEFAULT_SHELL\fR = \fIshell\fR"
The default name of the user's login shell. This value can be overridden by
the \fB-s\fR command line switch.
.IP "\fBHOME_DIRECTORY\fR = \fIdirectory\fR"
New users will be created using \fIdirectory\fR prepended to the users login
name. If this variable is undefined, it must be specified at the command line
with the \fB-d\fR switch. When specified at the command line that value is
used for the users home directory.
.IP "\fBMAX_UIDNUMBER\fR = \fIinteger\fR"
.IP "\fBMIN_UIDNUMBER\fR = \fIinteger\fR"
.IP "\fBMAX_GIDNUMBER\fR = \fIinteger\fR"
.IP "\fBMIN_GIDNUMBER\fR = \fIinteger\fR"
.IP "\fBID_MAX_PASSES\fR = \fIinteger\fR"
These values control gid and uid generation. When a uid is not specified at
the command line (for a useradd) these values are used for finding the next
unused uid (random or linear). Similar for groupadd. These are pretty self
evident. \fBID_MAX_PASSES\fR is the number of times that a search should be
performed before giving up.
.IP "\fBRANDOM\fR = \fBtrue or false\fR"
If \fBRANDOM\fR is \fItrue\fR, then a random number will be generated and
searched for (this number, if unused in the directory, will be the users uid
or a groups gid). If a user or group with that ID exists, the process will
continue for \fBID_MAX_PASSES\fR. If \fItrue\fR, a linear scan will be done
starting at \fBMIN_UIDNUMBER\fR (or GIDNUMBER) and will not stop until an
unused ID is found or the number of scans is equal to \fBID_MAX_PASSES\fR. If
random is false, only one query is done on the directory, but it may still be
a bit slower then setting random to true in some cases.
.IP "\fBUSERGROUPS\fR = \fB yes or no\fR"
The \fBUSERGROUPS\fR can be either yes or no. If yes, each created user will
be given their own group to use as a default. If no, each created user will be
placed in the group whose gid is USER_GID.
.IP "\fBUSERS_GID\fR = \fB integer\fR"
If \fBUSERGROUPS\fR is no, then \fBUSERS_GID\fR should be the GID of the group
\'users\' (or the equivalent group) on your system. If this is unspecified, the
default is 100.
.IP "\fBGECOS\fR = \fBstring\fR"
The default value for a user's gecos field. This can be overridden at the
command line with the \fB-c\fR switch.
.IP "\fBPASSWORD_FILE\fR = \fBfile\fR"
The value should be a Unix style, passwd formatted file. In order to use this
value the \fB-F\fR switch must be used at the command line. This value can be
empty if a file is provided with the \fB-F\fR switch. In this case, the users
attributes are taken from the file (if the user is found) and used in the LDAP
entry.
.IP "\fBSHADOW_FILE\fR = \fBfile\fR"
The value should be a Unix style, shadow formatted file. In order to use this
value the \fB-S\fR switch must be used at the command line. This value can be
empty if a file is provided with the \fB-S\fR switch. In this case, the users
attributes are taken from the file (if the user is found) and used in the LDAP
entry (including the password).
.IP "\fBHASH\fR = \fBhash\fR"
\fIhash\fR is a hash of either clear, md5crypt, crypt, sha1, ssha1, md5, or smd5 to be
used when hashing user passwords. This is largely implementation dependent but
all are supported. If you are taking passwords from a standard password file,
this should be clear (I think, need to check...). This can be overridden at
the command line with the \fB-H\fR switch.
.IP "\fBSHADOWLASTCHANGE\fR = \fIinteger\fR"
.IP "\fBSHADOWMAX\fR = \fIinteger\fR"
.IP "\fBSHADOWWARING\fR = \fIinteger\fR"
.IP "\fBSHADOWEXPIRE\fR = \fIinteger\fR"
.IP "\fBSHADOWFLAG\fR = \fIinteger\fR"
.IP "\fBSHADOWMIN\fR = \fIinteger\fR"
.IP "\fBSHADOWINACTIVE\fR = \fIinteger\fR"
These values are better documented in \fBshadow(3)\fR and in \fBshadow(5)\fR.
These are not required by RFC2307 but are by some ldap authentication
implementations. These values can only be specified here, or taken from an
existing shadow file for the user.
.IP "\fBADD_SCRIPT\fR = \fBexecutable\fR"
.IP "\fBDEL_SCRIPT\fR = \fBexecutable\fR"
ADD_SCRIPT and DEL_SCRIPT work the same, however ADD_SCRIPT is used only for a
useradd operation and DEL_SCRIPT is used only for a userdel operation. These
can be overridden via the command line switch -X. If specified in the
configuration file or at the command line, the script is executed after a
successful useradd or userdel. The first argument to the script is the login
name as specified at the command line.

.SH PASSWD OPTIONS
Password options should be under the section marked [PASSWD]. These options are
only useful when \fBDEFAULT_METHOD\fR is set to passwd or when passwd was
specified at the command line with the \fB-M\fR switch. These options are only
used by the passwd module. This module is not yet functional, so I won't
document the options.

.SH SEE ALSO
.B cpu-ldap(8) cpu(8)

.SH AUTHORS
Blake Matheny <bmatheny@purdue.edu>

The current version of this software is always available at
.I http://cpu.sourceforge.net
.SH BUGS

To report a bug or problem, please e-mail:

cpu-users@lists.sourceforge.net

.SH TODO
See TODO file that accompanied software. Please e-mail us with any additional suggestions.