[thirdparty/systemd.git] / man / nss-systemd.xml

<?xml version='1.0'?> <!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">

<!--
  SPDX-License-Identifier: LGPL-2.1+

  This file is part of systemd.

  Copyright 2016 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-->

<refentry id="nss-systemd" conditional='ENABLE_NSS_SYSTEMD'>

  <refentryinfo>
    <title>nss-systemd</title>
    <productname>systemd</productname>

    <authorgroup>
      <author>
        <contrib>Developer</contrib>
        <firstname>Lennart</firstname>
        <surname>Poettering</surname>
        <email>lennart@poettering.net</email>
      </author>
    </authorgroup>
  </refentryinfo>

  <refmeta>
    <refentrytitle>nss-systemd</refentrytitle>
    <manvolnum>8</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>nss-systemd</refname>
    <refname>libnss_systemd.so.2</refname>
    <refpurpose>Provide UNIX user and group name resolution for dynamic users and groups.</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <para><filename>libnss_systemd.so.2</filename></para>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para><command>nss-systemd</command> is a plug-in module for the GNU Name Service Switch (NSS) functionality of the
    GNU C Library (<command>glibc</command>), providing UNIX user and group name resolution for dynamic users and
    groups allocated through the <varname>DynamicUser=</varname> option in systemd unit files. See
    <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> for details on
    this option.</para>

    <para>This module also ensures that the root and nobody users and groups (i.e. the users/groups with the UIDs/GIDs
    0 and 65534) remain resolvable at all times, even if they aren't listed in <filename>/etc/passwd</filename> or
    <filename>/etc/group</filename>, or if these files are missing.</para>

    <para>To activate the NSS module, add <literal>systemd</literal> to the lines starting with
    <literal>passwd:</literal> and <literal>group:</literal> in <filename>/etc/nsswitch.conf</filename>.</para>

    <para>It is recommended to place <literal>systemd</literal> after the <literal>files</literal> or
    <literal>compat</literal> entry of the <filename>/etc/nsswitch.conf</filename> lines so that
    <filename>/etc/passwd</filename> and <filename>/etc/group</filename> based mappings take precedence.</para>
  </refsect1>

  <refsect1>
    <title>Example</title>

    <para>Here is an example <filename>/etc/nsswitch.conf</filename> file that enables
    <command>nss-systemd</command> correctly:</para>

    <programlisting>passwd:         compat mymachines <command>systemd</command>
group:          compat mymachines <command>systemd</command>
shadow:         compat

hosts:          files mymachines resolve [!UNAVAIL=return] dns myhostname
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis</programlisting>

  </refsect1>

  <refsect1>
    <title>See Also</title>
    <para>
      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>nss-resolve</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>nss-myhostname</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>nss-mymachines</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
      <citerefentry project='man-pages'><refentrytitle>nsswitch.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry project='man-pages'><refentrytitle>getent</refentrytitle><manvolnum>1</manvolnum></citerefentry>
    </para>
  </refsect1>

</refentry>
Commit	Line	Data
409093fe LP	1	<?xml version='1.0'?> <!---nxml--->
	2	<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
	3	"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
	4
	5	<!--
572eb058 ZJS	6	SPDX-License-Identifier: LGPL-2.1+
572eb058 ZJS	7
409093fe LP	8	This file is part of systemd.
	9
	10	Copyright 2016 Lennart Poettering
	11
	12	systemd is free software; you can redistribute it and/or modify it
	13	under the terms of the GNU Lesser General Public License as published by
	14	the Free Software Foundation; either version 2.1 of the License, or
	15	(at your option) any later version.
	16
	17	systemd is distributed in the hope that it will be useful, but
	18	WITHOUT ANY WARRANTY; without even the implied warranty of
	19	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	20	Lesser General Public License for more details.
	21
	22	You should have received a copy of the GNU Lesser General Public License
	23	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	24	-->
	25
e7e11bbf	26	<refentry id="nss-systemd" conditional='ENABLE_NSS_SYSTEMD'>
409093fe LP	27
	28	<refentryinfo>
	29	<title>nss-systemd</title>
	30	<productname>systemd</productname>
	31
	32	<authorgroup>
	33	<author>
	34	<contrib>Developer</contrib>
	35	<firstname>Lennart</firstname>
	36	<surname>Poettering</surname>
	37	<email>lennart@poettering.net</email>
	38	</author>
	39	</authorgroup>
	40	</refentryinfo>
	41
	42	<refmeta>
	43	<refentrytitle>nss-systemd</refentrytitle>
	44	<manvolnum>8</manvolnum>
	45	</refmeta>
	46
	47	<refnamediv>
	48	<refname>nss-systemd</refname>
	49	<refname>libnss_systemd.so.2</refname>
	50	<refpurpose>Provide UNIX user and group name resolution for dynamic users and groups.</refpurpose>
	51	</refnamediv>
	52
	53	<refsynopsisdiv>
	54	<para><filename>libnss_systemd.so.2</filename></para>
	55	</refsynopsisdiv>
	56
	57	<refsect1>
	58	<title>Description</title>
	59
	60	<para><command>nss-systemd</command> is a plug-in module for the GNU Name Service Switch (NSS) functionality of the
	61	GNU C Library (<command>glibc</command>), providing UNIX user and group name resolution for dynamic users and
	62	groups allocated through the <varname>DynamicUser=</varname> option in systemd unit files. See
	63	<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> for details on
	64	this option.</para>
	65
2129011e LP	66	<para>This module also ensures that the root and nobody users and groups (i.e. the users/groups with the UIDs/GIDs
	67	0 and 65534) remain resolvable at all times, even if they aren't listed in <filename>/etc/passwd</filename> or
	68	<filename>/etc/group</filename>, or if these files are missing.</para>
	69
409093fe LP	70	<para>To activate the NSS module, add <literal>systemd</literal> to the lines starting with
	71	<literal>passwd:</literal> and <literal>group:</literal> in <filename>/etc/nsswitch.conf</filename>.</para>
	72
	73	<para>It is recommended to place <literal>systemd</literal> after the <literal>files</literal> or
	74	<literal>compat</literal> entry of the <filename>/etc/nsswitch.conf</filename> lines so that
	75	<filename>/etc/passwd</filename> and <filename>/etc/group</filename> based mappings take precedence.</para>
	76	</refsect1>
	77
	78	<refsect1>
	79	<title>Example</title>
	80
	81	<para>Here is an example <filename>/etc/nsswitch.conf</filename> file that enables
	82	<command>nss-systemd</command> correctly:</para>
	83
	84	<programlisting>passwd: compat mymachines <command>systemd</command>
	85	group: compat mymachines <command>systemd</command>
	86	shadow: compat
	87
75555c28	88	hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
409093fe LP	89	networks: files
	90
	91	protocols: db files
	92	services: db files
	93	ethers: db files
	94	rpc: db files
	95
	96	netgroup: nis</programlisting>
	97
	98	</refsect1>
	99
	100	<refsect1>
	101	<title>See Also</title>
	102	<para>
	103	<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
	104	<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
	105	<citerefentry><refentrytitle>nss-resolve</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
	106	<citerefentry><refentrytitle>nss-myhostname</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
	107	<citerefentry><refentrytitle>nss-mymachines</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
	108	<citerefentry project='man-pages'><refentrytitle>nsswitch.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
	109	<citerefentry project='man-pages'><refentrytitle>getent</refentrytitle><manvolnum>1</manvolnum></citerefentry>
	110	</para>
	111	</refsect1>
	112
	113	</refentry>