mirror of
https://github.com/systemd/systemd.git
synced 2024-12-23 21:35:11 +03:00
man: add man page decribing well known system credentials
This commit is contained in:
parent
aebdd3f3d7
commit
0bbc5a5674
@ -1086,6 +1086,7 @@ manpages = [
|
||||
['systemd.special', '7', [], ''],
|
||||
['systemd.swap', '5', [], ''],
|
||||
['systemd.syntax', '7', [], ''],
|
||||
['systemd.system-credentials', '7', [], ''],
|
||||
['systemd.target', '5', [], ''],
|
||||
['systemd.time', '7', [], ''],
|
||||
['systemd.timer', '5', [], ''],
|
||||
|
192
man/systemd.system-credentials.xml
Normal file
192
man/systemd.system-credentials.xml
Normal file
@ -0,0 +1,192 @@
|
||||
<?xml version='1.0'?> <!--*-nxml-*-->
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
|
||||
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
|
||||
|
||||
<refentry id="systemd.system-credentials">
|
||||
|
||||
<refentryinfo>
|
||||
<title>systemd.system-credentials</title>
|
||||
<productname>systemd</productname>
|
||||
</refentryinfo>
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>systemd.system-credentials</refentrytitle>
|
||||
<manvolnum>7</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
<refnamediv>
|
||||
<refname>systemd.system-credentials</refname>
|
||||
<refpurpose>System Credentials</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsect1>
|
||||
<title>Description</title>
|
||||
|
||||
<para><ulink url="https://systemd.io/CREDENTIALS">System and Service Credentials</ulink> are data objects
|
||||
that may be passed into booted systems or system services as they are invoked. They can be acquired from
|
||||
various external sources, and propagated into the system and from there into system services. Credentials
|
||||
may optionally be encrypted with a machine-specific key and/or locked to the local TPM2 device, and are
|
||||
only decrypted when the consuming service is invoked.</para>
|
||||
|
||||
<para>System credentials may be used to provision and configure various aspects of the system. Depending
|
||||
on the consuming component credentials are only used on initial invocations or are needed for all
|
||||
invocations.</para>
|
||||
|
||||
<para>Credentials may be used for any kind of data, binary or text, and may carry passwords, secrets,
|
||||
certificates, cryptographic key material, identity information, configuration, and more.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>Well known system credentials</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><varname>firstboot.keymap</varname></term>
|
||||
<listitem>
|
||||
<para>The console key mapping to set (e.g. <literal>de</literal>). Read by
|
||||
<citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||||
and only honoured if no console keymap has been configured before.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>firstboot.locale</varname></term>
|
||||
<term><varname>firstboot.locale-message</varname></term>
|
||||
<listitem>
|
||||
<para>The system locale to set (e.g. <literal>de_DE.UTF-8</literal>). Read by
|
||||
<citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||||
and only honoured if no locale has been configured before. <varname>firstboot.locale</varname> sets
|
||||
<literal>LANG</literal>, while <varname>firstboot.locale-message</varname> sets
|
||||
<literal>LC_MESSAGES</literal>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>firstboot.timezone</varname></term>
|
||||
<listitem>
|
||||
<para>The system timezone to set (e.g. <literal>Europe/Berlin</literal>). Read by
|
||||
<citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||||
and only honoured if no system timezone has been configured before.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>login.issue</varname></term>
|
||||
<listitem>
|
||||
<para>The data of this credential is written to
|
||||
<filename>/etc/issue.d/50-provision.conf</filename>, if the file doesn't exist
|
||||
yet. <citerefentry><refentrytitle>agetty</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
reads this file and shows its contents at the login prompt of terminal logins. See <citerefentry
|
||||
project='man-pages'><refentrytitle>issue</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
|
||||
details.</para>
|
||||
|
||||
<para>Consumed by <filename>/usr/lib/tmpfiles.d/provision.conf</filename>, see
|
||||
<citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>login.motd</varname></term>
|
||||
<listitem>
|
||||
<para>The data of this credential is written to <filename>/etc/motd.d/50-provision.conf</filename>,
|
||||
if the file doesn't exist
|
||||
yet. <citerefentry><refentrytitle>pam_motd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
reads this file and shows its contents as "message of the day" during terminal logins. See
|
||||
<citerefentry
|
||||
project='man-pages'><refentrytitle>motd</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
|
||||
details.</para>
|
||||
|
||||
<para>Consumed by <filename>/usr/lib/tmpfiles.d/provision.conf</filename>, see
|
||||
<citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>network.hosts</varname></term>
|
||||
<listitem>
|
||||
<para>The data of this credential is written to <filename>/etc/hosts</filename>, if the file
|
||||
doesn't exist yet. See <citerefentry
|
||||
project='man-pages'><refentrytitle>hosts</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
|
||||
details.</para>
|
||||
|
||||
<para>Consumed by <filename>/usr/lib/tmpfiles.d/provision.conf</filename>, see
|
||||
<citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>passwd.hashed-password.root</varname></term>
|
||||
<term><varname>passwd.plaintext-password.root</varname></term>
|
||||
<listitem>
|
||||
<para>May contain the password (either in UNIX hashed format, or in plaintext) for the root users.
|
||||
Read by both
|
||||
<citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||||
and
|
||||
<citerefentry><refentrytitle>systemd-sysusers</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||||
and only honoured if no root password has been configured before.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>passwd.shell.root</varname></term>
|
||||
<listitem>
|
||||
<para>The path to the shell program (e.g. <literal>/bin/bash</literal>) for the root user. Read by
|
||||
both
|
||||
<citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||||
and
|
||||
<citerefentry><refentrytitle>systemd-sysusers</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||||
and only honoured if no root shell has been configured before.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>ssh.authorized_keys.root</varname></term>
|
||||
<listitem>
|
||||
<para>The data of this credential is written to <filename>/root/.ssh/authorized_keys</filename>, if
|
||||
the file doesn't exist yet. This allows provisioning SSH access for the system's root user.</para>
|
||||
|
||||
<para>Consumed by <filename>/usr/lib/tmpfiles.d/provision.conf</filename>, see
|
||||
<citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>sysusers.extra</varname></term>
|
||||
<listitem>
|
||||
<para>Additional
|
||||
<citerefentry><refentrytitle>sysusers.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
lines to process during boot.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>sysctl.extra</varname></term>
|
||||
<listitem>
|
||||
<para>Additional
|
||||
<citerefentry><refentrytitle>sysctl.d</refentrytitle><manvolnum>5</manvolnum></citerefentry> lines
|
||||
to process during boot.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>tmpfiles.extra</varname></term>
|
||||
<listitem>
|
||||
<para>Additional
|
||||
<citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
lines to process during boot.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>See Also</title>
|
||||
<para>
|
||||
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>kernel-command-line</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
Loading…
Reference in New Issue
Block a user