|  No hay comentarios

NSS−SYSTEMD

NAME
SYNOPSIS
DESCRIPTION
CONFIGURATION IN /ETC/NSSWITCH.CONF
EXAMPLE: MAPPINGS PROVIDED BY SYSTEMD−MACHINED.SERVICE
SEE ALSO
NOTES

NAME

nss-systemd, libnss_systemd.so.2 − UNIX user and group name resolution for user/group lookup via Varlink

SYNOPSIS

libnss_systemd.so.2

DESCRIPTION

nss−systemd is a plug−in module for the GNU Name Service Switch (NSS) functionality of the GNU C Library (glibc), providing UNIX user and group name resolution for services implementing the User/Group Record Lookup API via Varlink [1] , such as the system and service manager systemd(1) (for its DynamicUser= feature, see systemd.exec(5) for details), systemd-homed.service(8), or systemd-machined.service(8).

This module also ensures that the root and nobody users and groups (i.e. the users/groups with the UIDs/GIDs 0 and 65534) remain resolvable at all times, even if they aren’t listed in /etc/passwd or /etc/group, or if these files are missing.

This module preferably utilizes systemd-userdbd.service(8) for resolving users and groups, but also works without the service running.

To activate the NSS module, add “systemd” to the lines starting with “passwd:” and “group:” in /etc/nsswitch.conf.

It is recommended to place “systemd” after the “files” or “compat” entry of the /etc/nsswitch.conf lines so that /etc/passwd and /etc/group based mappings take precedence.

CONFIGURATION IN /ETC/NSSWITCH.CONF

Here is an example /etc/nsswitch.conf file that enables nss−systemd correctly:

passwd: compat systemd
group: compat [SUCCESS=merge] systemd
shadow: compat

hosts: mymachines resolve [!UNAVAIL=return] myhostname files dns
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

netgroup: nis

EXAMPLE: MAPPINGS PROVIDED BY SYSTEMD−MACHINED.SERVICE

The container “rawhide” is spawned using systemd-nspawn(1):

# systemd−nspawn −M rawhide −−boot −−network−veth −−private−users=pick
Spawning container rawhide on /var/lib/machines/rawhide.
Selected user namespace base 20119552 and range 65536.

$ machinectl −−max−addresses=3
MACHINE CLASS SERVICE OS VERSION ADDRESSES
rawhide container systemd−nspawn fedora 30 169.254.40.164 fe80::94aa:3aff:fe7b:d4b9

$ getent passwd vu−rawhide−0 vu−rawhide−81
vu−rawhide−0:*:20119552:65534:vu−rawhide−0:/:/usr/sbin/nologin
vu−rawhide−81:*:20119633:65534:vu−rawhide−81:/:/usr/sbin/nologin

$ getent group vg−rawhide−0 vg−rawhide−81
vg−rawhide−0:*:20119552:
vg−rawhide−81:*:20119633:

$ ps −o user:15,pid,tty,command −e|grep ‘^vu−rawhide’
vu−rawhide−0 692 ? /usr/lib/systemd/systemd
vu−rawhide−0 731 ? /usr/lib/systemd/systemd−journald
vu−rawhide−192 734 ? /usr/lib/systemd/systemd−networkd
vu−rawhide−193 738 ? /usr/lib/systemd/systemd−resolved
vu−rawhide−0 742 ? /usr/lib/systemd/systemd−logind
vu−rawhide−81 744 ? /usr/bin/dbus−daemon −−system −−address=systemd: −−nofork −−nopidfile −−systemd−activation −−syslog−only
vu−rawhide−0 746 ? /usr/sbin/sshd −D …
vu−rawhide−0 752 ? /usr/lib/systemd/systemd −−user
vu−rawhide−0 753 ? (sd−pam)
vu−rawhide−0 1628 ? login −− zbyszek
vu−rawhide−1000 1630 ? /usr/lib/systemd/systemd −−user
vu−rawhide−1000 1631 ? (sd−pam)
vu−rawhide−1000 1637 pts/8 −zsh

SEE ALSO

systemd(1), systemd.exec(5), nss-resolve(8), nss-myhostname(8), nss-mymachines(8), systemd-userdbd.service(8), systemd-homed.service(8), systemd-machined.service(8), nsswitch.conf(5), getent(1)

NOTES

1.

User/Group Record Lookup API via Varlink

https://systemd.io/USER_GROUP_API

Etiquetas: , , ,