1 <?xml version='
1.0'
?> <!--*-nxml-*-->
2 <!DOCTYPE refentry PUBLIC
"-//OASIS//DTD DocBook XML V4.2//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
6 SPDX-License-Identifier: LGPL-2.1+
8 This file is part of systemd.
10 Copyright 2016 Lennart Poettering
13 <refentry id=
"nss-systemd" conditional='ENABLE_NSS_SYSTEMD'
>
16 <title>nss-systemd
</title>
17 <productname>systemd
</productname>
21 <contrib>Developer
</contrib>
22 <firstname>Lennart
</firstname>
23 <surname>Poettering
</surname>
24 <email>lennart@poettering.net
</email>
30 <refentrytitle>nss-systemd
</refentrytitle>
31 <manvolnum>8</manvolnum>
35 <refname>nss-systemd
</refname>
36 <refname>libnss_systemd.so
.2</refname>
37 <refpurpose>Provide UNIX user and group name resolution for dynamic users and groups.
</refpurpose>
41 <para><filename>libnss_systemd.so
.2</filename></para>
45 <title>Description
</title>
47 <para><command>nss-systemd
</command> is a plug-in module for the GNU Name Service Switch (NSS) functionality of the
48 GNU C Library (
<command>glibc
</command>), providing UNIX user and group name resolution for dynamic users and
49 groups allocated through the
<varname>DynamicUser=
</varname> option in systemd unit files. See
50 <citerefentry><refentrytitle>systemd.exec
</refentrytitle><manvolnum>5</manvolnum></citerefentry> for details on
53 <para>This module also ensures that the root and nobody users and groups (i.e. the users/groups with the UIDs/GIDs
54 0 and
65534) remain resolvable at all times, even if they aren't listed in
<filename>/etc/passwd
</filename> or
55 <filename>/etc/group
</filename>, or if these files are missing.
</para>
57 <para>To activate the NSS module, add
<literal>systemd
</literal> to the lines starting with
58 <literal>passwd:
</literal> and
<literal>group:
</literal> in
<filename>/etc/nsswitch.conf
</filename>.
</para>
60 <para>It is recommended to place
<literal>systemd
</literal> after the
<literal>files
</literal> or
61 <literal>compat
</literal> entry of the
<filename>/etc/nsswitch.conf
</filename> lines so that
62 <filename>/etc/passwd
</filename> and
<filename>/etc/group
</filename> based mappings take precedence.
</para>
66 <title>Example
</title>
68 <para>Here is an example
<filename>/etc/nsswitch.conf
</filename> file that enables
69 <command>nss-systemd
</command> correctly:
</para>
71 <programlisting>passwd: compat mymachines
<command>systemd
</command>
72 group: compat mymachines
<command>systemd
</command>
75 hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
83 netgroup: nis
</programlisting>
88 <title>See Also
</title>
90 <citerefentry><refentrytitle>systemd
</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
91 <citerefentry><refentrytitle>systemd.exec
</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
92 <citerefentry><refentrytitle>nss-resolve
</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
93 <citerefentry><refentrytitle>nss-myhostname
</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
94 <citerefentry><refentrytitle>nss-mymachines
</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
95 <citerefentry project='man-pages'
><refentrytitle>nsswitch.conf
</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
96 <citerefentry project='man-pages'
><refentrytitle>getent
</refentrytitle><manvolnum>1</manvolnum></citerefentry>