<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
   "http://www.w3.org/TR/REC-html40/loose.dtd">
<html>
<head>
<title>makeuserdb - Create @userdb@.dat</title>

<!-- $Id: makeuserdb.html.in,v 1.4 1999/08/23 00:11:12 mrsam Exp $ -->

<!-- SECTION 8 -->
</head>
<body text="#000000" bgcolor="#FFFFFF" link="#0000EE" vlink="#551A8B"
alink="#FF0000">

<h1>makeuserdb - Create @userdb@.dat</h1>

<h2>SYNOPSIS</h2>
<pre>   makeuserdb

   pw2userdb</pre>

<h2>DESCRIPTION</h2>

<p>This command creates binary database file, <tt>@userdb@.dat</tt>, based on
the contents of <tt>@userdb@</tt>. <tt>@userdb@.dat</tt> is used by
<i>maildrop</i> and <i>Courier</i> as either a substitute for your system
password file, or as a complement to your system password file. It is possible
to use <tt>@userdb@.dat</tt> to specify "virtual" accounts, accounts that do
not have an associated login.  Typically all virtual accounts share the same
system userid. <tt>@userdb@.dat</tt> can also be used as a substitute for your
system password file. Because the system password file is a text file, when
there's a large number of accounts it will be significantly faster to search a
binary database file, instead of a text file.</p>

<p>The <tt>makeuserdb</tt> command creates <tt>@userdb@.dat</tt> based on the
contents of <tt>@userdb@. This can be either a plain text file, or a
directory. If it is a directory, the contents of all the files in the
directory are combined into one file, before being used to create
<tt>@userdb@.dat</tt>.</tt></p>

<p><tt>makeuserdb</tt> command can be safely executed during normal system
operations.</p>

<h2>Format of <tt>@userdb@</tt></h2>

<tt>@userdb@</tt> is a plain text file that can be created using any text
editor. Blank lines are ignored. Lines that start with the # character are
comments, and are also ignored. Other lines define the properties of a single
account on the local system, one line per account. Each line takes the
following format:<br>
<br>

<pre>name&lt;TAB>field=value|field=value</pre>

<p><i>name</i> is the account name. If Courier is configured to treat
lowercase and uppercase account names as identical, <i>name</i> MUST contain
lowercase characters only. <i>name</i> is followed by exactly one tab
character, then a list of field/value pairs separated by vertical slash
characters. <i>field</i> is the name of the field, <i>value</i> is the field
value. The field value itself cannot contain commas. Fields can be specified
in any order. Here are the currently defined fields.  Note that not every
field is used by every application that uses <tt>@userdb@.dat</tt>.</p>
<ul>
<li>
<tt>uid</tt> - <i>value</i> specifies a unique numerical user ID for this
account.<br>
<br>

</li>
<li>
<tt>gid</tt> - <i>value</i> specifies a unique numerical group ID for this
account.<br>
<br>

</li>
<li>
<tt>home</tt> - <i>value</i> specifies the account's home directory.<br>
<br>

</li>
<li>
<tt>shell</tt> - <i>value</i> specifies the account's default shell.<br>
<br>

</li>
<li>
<tt>systempw</tt> - <i>value</i> specifies the account's system password. If
this field is missing, the password is looked up in the system's default
password file.<br>
<br>

</li>
<li>
<tt>pop3pw</tt> - <i>value</i> specifies the account's POP3 password. If
missing, <i>systempw</i> is used.<br>
<br>

</li>
<li>
<tt>mail</tt> - <i>value</i> specifies the location of the account's Maildir
mailbox. If missing, the account's Maildir is expected to be present in the
default location for system accounts.<br>
<br>

</li>
<li>
<tt>quota</tt> - <i>value</i> specifies the quota for the account's Maildir.
See maildirquota(8) for more information.
</li>
</ul>

<p>The <tt>uid</tt>, <tt>gid</tt>, and <tt>home</tt> fields MUST be specified.
The remaining fields are optional.  If missing, system defaults will be
used.<br>
<br>
</p>
<pre>=uid&lt;TAB>name</pre>

<p>This entry is used to specify reverse mapping from userids to names.
<i>uid</i> specifies the UNIX userid, <i>name</i> specifies the UNIX username.
<i>name</i> must point to another record in <tt>userdb</tt>.</p>

<h2>@userdb@shadow.dat</h2>

<p>All fields whose name ends with 'pw' will NOT copied to
<tt>@userdb@.dat</tt>. These fields will be copied to
<tt>@userdb@shadow.dat</tt>. <tt>makeuserdb</tt> will turn off all group and
world permissions on <tt>@userdb@shadow.dat</tt>. <tt>makeuserdb</tt> will
also fail if <tt>@userdb@</tt> has any group or world permissions.</p>

<h2>CONVERTING /etc/passwd to @userdb@ format</h2>

<p>The <tt>pw2userdb</tt> script reads <tt>/etc/passwd</tt> and
<tt>/etc/shadow</tt> and converts all accounts to <tt>@userdb@</tt> format,
printing the result on standard output. The output can be redirected to
<tt>@userdb@</tt>, or to a file in this subdirectory. Linerar searches of
<tt>/etc/passwd</tt> can be very slow when you have tens of thousands of
accounts. Programs like <i>maildrop</i> always look in <tt>@userdb@</tt>
first, so by having the system password file in the <tt>@userdb@</tt> it is
possible to significantly reduce the amount of time it takes to look it
up.</p>

<p>After saving the output of <tt>pw2userdb</tt>, you must still run
<tt>makeuserdb</tt> to convert it to a binary database format.</p>

<h2>FILES</h2>
<ul>
<li>
@userdb@
</li>
<li>
@userdb@.dat
</li>
<li>
@userdb@shadow.dat
</li>
<li>
@tmpdir@/userdb.tmp - temporary file
</li>
<li>
@tmpdir@/userdbshadow.tmp - temporary file
</li>
</ul>

<h2>BUGS</h2>

<p>No errors will be reported if the same account name appears more than
once.</p>

<p><tt>systempw</tt> and <tt>pop3pw</tt> must be encrypted via crypt.</p>

<p><tt>makeuserdb</tt> is a Perl script, and uses Perl's portable locking.
Perl's documentation notes that certain combinations of locking options may
not work with some networks.</p>

<h2>SEE ALSO</h2>

<p><a href="userdb.html">userdb(8)</a>, maildrop(1), courier(1),
maildirquota(8)</p>
</body>
</html>