1NSS-SYSTEMD(8) nss-systemd NSS-SYSTEMD(8)
2
3
4
6 nss-systemd, libnss_systemd.so.2 - UNIX user and group name resolution
7 for user/group lookup via Varlink
8
10 libnss_systemd.so.2
11
13 nss-systemd is a plug-in module for the GNU Name Service Switch (NSS)
14 functionality of the GNU C Library (glibc), providing UNIX user and
15 group name resolution for services implementing the User/Group Record
16 Lookup API via Varlink[1], such as the system and service manager
17 systemd(1) (for its DynamicUser= feature, see systemd.exec(5) for
18 details), systemd-homed.service(8), or systemd-machined.service(8).
19
20 This module also ensures that the root and nobody users and groups
21 (i.e. the users/groups with the UIDs/GIDs 0 and 65534) remain
22 resolvable at all times, even if they aren't listed in /etc/passwd or
23 /etc/group, or if these files are missing.
24
25 This module preferably utilizes systemd-userdbd.service(8) for
26 resolving users and groups, but also works without the service running.
27
28 To activate the NSS module, add "systemd" to the lines starting with
29 "passwd:" and "group:" in /etc/nsswitch.conf.
30
31 It is recommended to place "systemd" after the "files" or "compat"
32 entry of the /etc/nsswitch.conf lines so that /etc/passwd and
33 /etc/group based mappings take precedence.
34
36 Here is an example /etc/nsswitch.conf file that enables nss-systemd
37 correctly:
38
39 passwd: compat systemd
40 group: compat [SUCCESS=merge] systemd
41 shadow: compat
42
43 hosts: mymachines resolve [!UNAVAIL=return] files myhostname dns
44 networks: files
45
46 protocols: db files
47 services: db files
48 ethers: db files
49 rpc: db files
50
51 netgroup: nis
52
54 The container "rawhide" is spawned using systemd-nspawn(1):
55
56 # systemd-nspawn -M rawhide --boot --network-veth --private-users=pick
57 Spawning container rawhide on /var/lib/machines/rawhide.
58 Selected user namespace base 20119552 and range 65536.
59 ...
60
61 $ machinectl --max-addresses=3
62 MACHINE CLASS SERVICE OS VERSION ADDRESSES
63 rawhide container systemd-nspawn fedora 30 169.254.40.164 fe80::94aa:3aff:fe7b:d4b9
64
65 $ getent passwd vu-rawhide-0 vu-rawhide-81
66 vu-rawhide-0:*:20119552:65534:vu-rawhide-0:/:/usr/sbin/nologin
67 vu-rawhide-81:*:20119633:65534:vu-rawhide-81:/:/usr/sbin/nologin
68
69 $ getent group vg-rawhide-0 vg-rawhide-81
70 vg-rawhide-0:*:20119552:
71 vg-rawhide-81:*:20119633:
72
73 $ ps -o user:15,pid,tty,command -e|grep '^vu-rawhide'
74 vu-rawhide-0 692 ? /usr/lib/systemd/systemd
75 vu-rawhide-0 731 ? /usr/lib/systemd/systemd-journald
76 vu-rawhide-192 734 ? /usr/lib/systemd/systemd-networkd
77 vu-rawhide-193 738 ? /usr/lib/systemd/systemd-resolved
78 vu-rawhide-0 742 ? /usr/lib/systemd/systemd-logind
79 vu-rawhide-81 744 ? /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
80 vu-rawhide-0 746 ? /usr/sbin/sshd -D ...
81 vu-rawhide-0 752 ? /usr/lib/systemd/systemd --user
82 vu-rawhide-0 753 ? (sd-pam)
83 vu-rawhide-0 1628 ? login -- zbyszek
84 vu-rawhide-1000 1630 ? /usr/lib/systemd/systemd --user
85 vu-rawhide-1000 1631 ? (sd-pam)
86 vu-rawhide-1000 1637 pts/8 -zsh
87
89 systemd(1), systemd.exec(5), nss-resolve(8), nss-myhostname(8), nss-
90 mymachines(8), systemd-userdbd.service(8), systemd-homed.service(8),
91 systemd-machined.service(8), nsswitch.conf(5), getent(1)
92
94 1. User/Group Record Lookup API via Varlink
95 https://systemd.io/USER_GROUP_API
96
97
98
99systemd 248 NSS-SYSTEMD(8)