1NSS-SYSTEMD(8)                    nss-systemd                   NSS-SYSTEMD(8)
2
3
4

NAME

6       nss-systemd, libnss_systemd.so.2 - UNIX user and group name resolution
7       for user/group lookup via Varlink
8

SYNOPSIS

10       libnss_systemd.so.2
11

DESCRIPTION

13       nss-systemd is a plug-in module for the GNU Name Service Switch (NSS)
14       functionality of the GNU C Library (glibc), providing UNIX user and
15       group name resolution for services implementing the User/Group Record
16       Lookup API via Varlink[1], such as the system and service manager
17       systemd(1) (for its DynamicUser= feature, see systemd.exec(5) for
18       details), systemd-homed.service(8), or systemd-machined.service(8).
19
20       This module also ensures that the root and nobody users and groups
21       (i.e. the users/groups with the UIDs/GIDs 0 and 65534) remain
22       resolvable at all times, even if they aren't listed in /etc/passwd or
23       /etc/group, or if these files are missing.
24
25       This module preferably utilizes systemd-userdbd.service(8) for
26       resolving users and groups, but also works without the service running.
27
28       To activate the NSS module, add "systemd" to the lines starting with
29       "passwd:" and "group:" in /etc/nsswitch.conf.
30
31       It is recommended to place "systemd" after the "files" or "compat"
32       entry of the /etc/nsswitch.conf lines so that /etc/passwd and
33       /etc/group based mappings take precedence.
34

CONFIGURATION IN /ETC/NSSWITCH.CONF

36       Here is an example /etc/nsswitch.conf file that enables nss-systemd
37       correctly:
38
39           passwd:         compat systemd
40           group:          compat [SUCCESS=merge] systemd
41           shadow:         compat
42
43           hosts:          mymachines resolve [!UNAVAIL=return] files myhostname dns
44           networks:       files
45
46           protocols:      db files
47           services:       db files
48           ethers:         db files
49           rpc:            db files
50
51           netgroup:       nis
52

EXAMPLE: MAPPINGS PROVIDED BY SYSTEMD-MACHINED.SERVICE

54       The container "rawhide" is spawned using systemd-nspawn(1):
55
56           # systemd-nspawn -M rawhide --boot --network-veth --private-users=pick
57           Spawning container rawhide on /var/lib/machines/rawhide.
58           Selected user namespace base 20119552 and range 65536.
59           ...
60
61           $ machinectl --max-addresses=3
62           MACHINE CLASS     SERVICE        OS     VERSION ADDRESSES
63           rawhide container systemd-nspawn fedora 30      169.254.40.164 fe80::94aa:3aff:fe7b:d4b9
64
65           $ getent passwd vu-rawhide-0 vu-rawhide-81
66           vu-rawhide-0:*:20119552:65534:vu-rawhide-0:/:/usr/sbin/nologin
67           vu-rawhide-81:*:20119633:65534:vu-rawhide-81:/:/usr/sbin/nologin
68
69           $ getent group vg-rawhide-0 vg-rawhide-81
70           vg-rawhide-0:*:20119552:
71           vg-rawhide-81:*:20119633:
72
73           $ ps -o user:15,pid,tty,command -e|grep '^vu-rawhide'
74           vu-rawhide-0      692 ?        /usr/lib/systemd/systemd
75           vu-rawhide-0      731 ?        /usr/lib/systemd/systemd-journald
76           vu-rawhide-192    734 ?        /usr/lib/systemd/systemd-networkd
77           vu-rawhide-193    738 ?        /usr/lib/systemd/systemd-resolved
78           vu-rawhide-0      742 ?        /usr/lib/systemd/systemd-logind
79           vu-rawhide-81     744 ?        /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
80           vu-rawhide-0      746 ?        /usr/sbin/sshd -D ...
81           vu-rawhide-0      752 ?        /usr/lib/systemd/systemd --user
82           vu-rawhide-0      753 ?        (sd-pam)
83           vu-rawhide-0     1628 ?        login -- zbyszek
84           vu-rawhide-1000  1630 ?        /usr/lib/systemd/systemd --user
85           vu-rawhide-1000  1631 ?        (sd-pam)
86           vu-rawhide-1000  1637 pts/8    -zsh
87

SEE ALSO

89       systemd(1), systemd.exec(5), nss-resolve(8), nss-myhostname(8), nss-
90       mymachines(8), systemd-userdbd.service(8), systemd-homed.service(8),
91       systemd-machined.service(8), nsswitch.conf(5), getent(1)
92

NOTES

94        1. User/Group Record Lookup API via Varlink
95           https://systemd.io/USER_GROUP_API
96
97
98
99systemd 248                                                     NSS-SYSTEMD(8)
Impressum