mirror of
https://github.com/systemd/systemd.git
synced 2024-11-28 12:53:36 +08:00
f2a20e9966
The text in the man page provides the justification why I think this is generally the right thing. An additional reason is that with the previous commit (to move resolved earlier), since resolved internally implements the same rules that nss-myhostname does, we'd have this strange inversion where the priority of external configuration would be different in the "resolve" path and in the fallback path.
94 lines
4.2 KiB
XML
94 lines
4.2 KiB
XML
<?xml version='1.0'?> <!--*-nxml-*-->
|
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
|
|
<!-- SPDX-License-Identifier: LGPL-2.1+ -->
|
|
|
|
<refentry id="nss-systemd" conditional='ENABLE_NSS_SYSTEMD'>
|
|
|
|
<refentryinfo>
|
|
<title>nss-systemd</title>
|
|
<productname>systemd</productname>
|
|
</refentryinfo>
|
|
|
|
<refmeta>
|
|
<refentrytitle>nss-systemd</refentrytitle>
|
|
<manvolnum>8</manvolnum>
|
|
</refmeta>
|
|
|
|
<refnamediv>
|
|
<refname>nss-systemd</refname>
|
|
<refname>libnss_systemd.so.2</refname>
|
|
<refpurpose>Provide UNIX user and group name resolution for user/group lookup via Varlink</refpurpose>
|
|
</refnamediv>
|
|
|
|
<refsynopsisdiv>
|
|
<para><filename>libnss_systemd.so.2</filename></para>
|
|
</refsynopsisdiv>
|
|
|
|
<refsect1>
|
|
<title>Description</title>
|
|
|
|
<para><command>nss-systemd</command> is a plug-in module for the GNU Name Service Switch (NSS)
|
|
functionality of the GNU C Library (<command>glibc</command>), providing UNIX user and group name
|
|
resolution for services implementing the <ulink url="https://systemd.io/USER_GROUP_API">User/Group Record
|
|
Lookup API via Varlink</ulink>, such as the system and service manager
|
|
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> (for its
|
|
<varname>DynamicUser=</varname> feature, see
|
|
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
|
|
details) or
|
|
<citerefentry><refentrytitle>systemd-homed.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
|
|
|
<para>This module also ensures that the root and nobody users and groups (i.e. the users/groups with the UIDs/GIDs
|
|
0 and 65534) remain resolvable at all times, even if they aren't listed in <filename>/etc/passwd</filename> or
|
|
<filename>/etc/group</filename>, or if these files are missing.</para>
|
|
|
|
<para>This module preferably utilizes
|
|
<citerefentry><refentrytitle>systemd-userdbd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
|
for resolving users and groups, but also works without the service running.</para>
|
|
|
|
<para>To activate the NSS module, add <literal>systemd</literal> to the lines starting with
|
|
<literal>passwd:</literal> and <literal>group:</literal> in <filename>/etc/nsswitch.conf</filename>.</para>
|
|
|
|
<para>It is recommended to place <literal>systemd</literal> after the <literal>files</literal> or
|
|
<literal>compat</literal> entry of the <filename>/etc/nsswitch.conf</filename> lines so that
|
|
<filename>/etc/passwd</filename> and <filename>/etc/group</filename> based mappings take precedence.</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Example</title>
|
|
|
|
<para>Here is an example <filename>/etc/nsswitch.conf</filename> file that enables
|
|
<command>nss-systemd</command> correctly:</para>
|
|
|
|
<!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
|
|
<programlisting>passwd: compat mymachines <command>systemd</command>
|
|
group: compat [SUCCESS=merge] mymachines [SUCCESS=merge] <command>systemd</command>
|
|
shadow: compat
|
|
|
|
hosts: mymachines resolve [!UNAVAIL=return] myhostname files dns
|
|
networks: files
|
|
|
|
protocols: db files
|
|
services: db files
|
|
ethers: db files
|
|
rpc: db files
|
|
|
|
netgroup: nis</programlisting>
|
|
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>See Also</title>
|
|
<para>
|
|
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>nss-resolve</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>nss-myhostname</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>nss-mymachines</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
|
<citerefentry project='man-pages'><refentrytitle>nsswitch.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
|
<citerefentry project='man-pages'><refentrytitle>getent</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
|
</para>
|
|
</refsect1>
|
|
|
|
</refentry>
|