{"id":3769,"date":"2022-12-20T17:20:01","date_gmt":"2022-12-20T20:20:01","guid":{"rendered":"http:\/\/lode.uno\/linux-man\/index.php\/2022\/12\/20\/nsssystemd-man8\/"},"modified":"2022-12-20T17:20:01","modified_gmt":"2022-12-20T20:20:01","slug":"nsssystemd-man8","status":"publish","type":"post","link":"https:\/\/lode.uno\/linux-man\/2022\/12\/20\/nsssystemd-man8\/","title":{"rendered":"NSS&minus;SYSTEMD (man8)"},"content":{"rendered":"<h1 align=\"center\">NSS\u2212SYSTEMD<\/h1>\n<p> <a href=\"#NAME\">NAME<\/a><br \/> <a href=\"#SYNOPSIS\">SYNOPSIS<\/a><br \/> <a href=\"#DESCRIPTION\">DESCRIPTION<\/a><br \/> <a href=\"#CONFIGURATION IN \/ETC\/NSSWITCH.CONF\">CONFIGURATION IN \/ETC\/NSSWITCH.CONF<\/a><br \/> <a href=\"#EXAMPLE: MAPPINGS PROVIDED BY SYSTEMD\u2212MACHINED.SERVICE\">EXAMPLE: MAPPINGS PROVIDED BY SYSTEMD\u2212MACHINED.SERVICE<\/a><br \/> <a href=\"#SEE ALSO\">SEE ALSO<\/a><br \/> <a href=\"#NOTES\">NOTES<\/a> <\/p>\n<hr>\n<h2>NAME <a name=\"NAME\"><\/a> <\/h2>\n<p style=\"margin-left:11%; margin-top: 1em\">nss-systemd, libnss_systemd.so.2 \u2212 UNIX user and group name resolution for user\/group lookup via Varlink<\/p>\n<h2>SYNOPSIS <a name=\"SYNOPSIS\"><\/a> <\/h2>\n<p style=\"margin-left:11%; margin-top: 1em\">libnss_systemd.so.2<\/p>\n<h2>DESCRIPTION <a name=\"DESCRIPTION\"><\/a> <\/h2>\n<p style=\"margin-left:11%; margin-top: 1em\"><b>nss\u2212systemd<\/b> is a plug\u2212in module for the GNU Name Service Switch (NSS) functionality of the GNU C Library (<b>glibc<\/b>), providing UNIX user and group name resolution for services implementing the <b><font color=\"#0000FF\">User\/Group Record Lookup API via Varlink<\/font><\/b> <small><font color=\"#000000\">[1]<\/font><\/small> <font color=\"#000000\">, such as the system and service manager <b>systemd<\/b>(1) (for its <i>DynamicUser=<\/i> feature, see <b>systemd.exec<\/b>(5) for details), <b>systemd-homed.service<\/b>(8), or <b>systemd-machined.service<\/b>(8).<\/font><\/p>\n<p style=\"margin-left:11%; margin-top: 1em\"><font color=\"#000000\">This module also ensures that the root and nobody users and groups (i.e. the users\/groups with the UIDs\/GIDs 0 and 65534) remain resolvable at all times, even if they aren&#8217;t listed in \/etc\/passwd or \/etc\/group, or if these files are missing.<\/font><\/p>\n<p style=\"margin-left:11%; margin-top: 1em\"><font color=\"#000000\">This module preferably utilizes <b>systemd-userdbd.service<\/b>(8) for resolving users and groups, but also works without the service running.<\/font><\/p>\n<p style=\"margin-left:11%; margin-top: 1em\"><font color=\"#000000\">To activate the NSS module, add &#8220;systemd&#8221; to the lines starting with &#8220;passwd:&#8221; and &#8220;group:&#8221; in \/etc\/nsswitch.conf.<\/font><\/p>\n<p style=\"margin-left:11%; margin-top: 1em\"><font color=\"#000000\">It is recommended to place &#8220;systemd&#8221; after the &#8220;files&#8221; or &#8220;compat&#8221; entry of the \/etc\/nsswitch.conf lines so that \/etc\/passwd and \/etc\/group based mappings take precedence.<\/font><\/p>\n<h2>CONFIGURATION IN \/ETC\/NSSWITCH.CONF <a name=\"CONFIGURATION IN \/ETC\/NSSWITCH.CONF\"><\/a> <\/h2>\n<p style=\"margin-left:11%; margin-top: 1em\"><font color=\"#000000\">Here is an example \/etc\/nsswitch.conf file that enables <b>nss\u2212systemd<\/b> correctly:<\/font><\/p>\n<p style=\"margin-left:17%; margin-top: 1em\"><font color=\"#000000\">passwd: compat <b>systemd<\/b> <br \/> group: compat [SUCCESS=merge] <b>systemd<\/b> <br \/> shadow: compat<\/font><\/p>\n<p style=\"margin-left:17%; margin-top: 1em\"><font color=\"#000000\">hosts: mymachines resolve [!UNAVAIL=return] myhostname files dns <br \/> networks: files<\/font><\/p>\n<p style=\"margin-left:17%; margin-top: 1em\"><font color=\"#000000\">protocols: db files <br \/> services: db files <br \/> ethers: db files <br \/> rpc: db files<\/font><\/p>\n<p style=\"margin-left:17%; margin-top: 1em\"><font color=\"#000000\">netgroup: nis<\/font><\/p>\n<h2>EXAMPLE: MAPPINGS PROVIDED BY SYSTEMD\u2212MACHINED.SERVICE <a name=\"EXAMPLE: MAPPINGS PROVIDED BY SYSTEMD\u2212MACHINED.SERVICE\"><\/a> <\/h2>\n<p style=\"margin-left:11%; margin-top: 1em\"><font color=\"#000000\">The container &#8220;rawhide&#8221; is spawned using <b>systemd-nspawn<\/b>(1):<\/font><\/p>\n<p style=\"margin-left:17%; margin-top: 1em\"><font color=\"#000000\"># systemd\u2212nspawn \u2212M rawhide \u2212\u2212boot \u2212\u2212network\u2212veth \u2212\u2212private\u2212users=pick <br \/> Spawning container rawhide on \/var\/lib\/machines\/rawhide. <br \/> Selected user namespace base 20119552 and range 65536. <br \/> &#8230;<\/font><\/p>\n<p style=\"margin-left:17%; margin-top: 1em\"><font color=\"#000000\">$ machinectl \u2212\u2212max\u2212addresses=3 <br \/> MACHINE CLASS SERVICE OS VERSION ADDRESSES <br \/> rawhide container systemd\u2212nspawn fedora 30 169.254.40.164 fe80::94aa:3aff:fe7b:d4b9<\/font><\/p>\n<p style=\"margin-left:17%; margin-top: 1em\"><font color=\"#000000\">$ getent passwd vu\u2212rawhide\u22120 vu\u2212rawhide\u221281 <br \/> vu\u2212rawhide\u22120:*:20119552:65534:vu\u2212rawhide\u22120:\/:\/usr\/sbin\/nologin <br \/> vu\u2212rawhide\u221281:*:20119633:65534:vu\u2212rawhide\u221281:\/:\/usr\/sbin\/nologin<\/font><\/p>\n<p style=\"margin-left:17%; margin-top: 1em\"><font color=\"#000000\">$ getent group vg\u2212rawhide\u22120 vg\u2212rawhide\u221281 <br \/> vg\u2212rawhide\u22120:*:20119552: <br \/> vg\u2212rawhide\u221281:*:20119633:<\/font><\/p>\n<p style=\"margin-left:17%; margin-top: 1em\"><font color=\"#000000\">$ ps \u2212o user:15,pid,tty,command \u2212e|grep &#8216;^vu\u2212rawhide&#8217; <br \/> vu\u2212rawhide\u22120 692 ? \/usr\/lib\/systemd\/systemd <br \/> vu\u2212rawhide\u22120 731 ? \/usr\/lib\/systemd\/systemd\u2212journald <br \/> vu\u2212rawhide\u2212192 734 ? \/usr\/lib\/systemd\/systemd\u2212networkd <br \/> vu\u2212rawhide\u2212193 738 ? \/usr\/lib\/systemd\/systemd\u2212resolved <br \/> vu\u2212rawhide\u22120 742 ? \/usr\/lib\/systemd\/systemd\u2212logind <br \/> vu\u2212rawhide\u221281 744 ? \/usr\/bin\/dbus\u2212daemon \u2212\u2212system \u2212\u2212address=systemd: \u2212\u2212nofork \u2212\u2212nopidfile \u2212\u2212systemd\u2212activation \u2212\u2212syslog\u2212only <br \/> vu\u2212rawhide\u22120 746 ? \/usr\/sbin\/sshd \u2212D &#8230; <br \/> vu\u2212rawhide\u22120 752 ? \/usr\/lib\/systemd\/systemd \u2212\u2212user <br \/> vu\u2212rawhide\u22120 753 ? (sd\u2212pam) <br \/> vu\u2212rawhide\u22120 1628 ? login \u2212\u2212 zbyszek <br \/> vu\u2212rawhide\u22121000 1630 ? \/usr\/lib\/systemd\/systemd \u2212\u2212user <br \/> vu\u2212rawhide\u22121000 1631 ? (sd\u2212pam) <br \/> vu\u2212rawhide\u22121000 1637 pts\/8 \u2212zsh<\/font><\/p>\n<h2>SEE ALSO <a name=\"SEE ALSO\"><\/a> <\/h2>\n<p style=\"margin-left:11%; margin-top: 1em\"><font color=\"#000000\"><b>systemd<\/b>(1), <b>systemd.exec<\/b>(5), <b>nss-resolve<\/b>(8), <b>nss-myhostname<\/b>(8), <b>nss-mymachines<\/b>(8), <b>systemd-userdbd.service<\/b>(8), <b>systemd-homed.service<\/b>(8), <b>systemd-machined.service<\/b>(8), <b>nsswitch.conf<\/b>(5), <b>getent<\/b>(1)<\/font><\/p>\n<h2>NOTES <a name=\"NOTES\"><\/a> <\/h2>\n<table width=\"100%\" border=\"0\" rules=\"none\" frame=\"void\" cellspacing=\"0\" cellpadding=\"0\">\n<tr valign=\"top\" align=\"left\">\n<td width=\"12%\"><\/td>\n<td width=\"3%\">\n<p style=\"margin-top: 1em\"><font color=\"#000000\">1.<\/font><\/p>\n<\/td>\n<td width=\"2%\"><\/td>\n<td width=\"61%\">\n<p style=\"margin-top: 1em\"><font color=\"#000000\">User\/Group Record Lookup API via Varlink<\/font><\/p>\n<\/td>\n<td width=\"22%\"> <\/td>\n<\/tr>\n<\/table>\n<p style=\"margin-left:17%;\"><font color=\"#000000\">https:\/\/systemd.io\/USER_GROUP_API<\/font><\/p>\n<hr>\n","protected":false},"excerpt":{"rendered":"<p>  nss-systemd, libnss_systemd.so.2 \u2212 UNIX user and group name resolution for user\/group lookup via Varlink <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[5,52,4,872],"class_list":["post-3769","post","type-post","status-publish","format-standard","hentry","category-8-administracion-del-sistema","tag-5","tag-administracion","tag-man8","tag-nss-systemd"],"gutentor_comment":0,"_links":{"self":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/3769","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/comments?post=3769"}],"version-history":[{"count":0,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/3769\/revisions"}],"wp:attachment":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/media?parent=3769"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/categories?post=3769"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/tags?post=3769"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}