man: move 'files' module in NSS 'hosts:' line before myhostname

I am pretty sure /etc/hosts (i.e. an explicitly configured, local,
trusted database) should be useful for overriding the automatic
myhostname logic.

resolved's internal logic handles it that way and hence we should
suggest it in the NSS fallback line, too.

Let's also bring the factory file back into sync with what the docs say.

And update the prose a bit too, to actually match what we recommend.

diff --git a/factory/etc/nsswitch.conf b/factory/etc/nsswitch.conf
index da74b19d9095f54bea3de1e4dffe97faf2c9101e..d87f8811ecb36bb5faf8025eae8961c1b20a8241 100644 (file)
--- a/factory/etc/nsswitch.conf
+++ b/factory/etc/nsswitch.conf
@@ -4,7 +4,7 @@ passwd:         compat systemd
 group:          compat [SUCCESS=merge] systemd
 shadow:         compat
 
-hosts:          files mymachines resolve [!UNAVAIL=return] dns myhostname
+hosts:          mymachines resolve [!UNAVAIL=return] files myhostname dns
 networks:       files
 
 protocols:      db files

diff --git a/man/nss-myhostname.xml b/man/nss-myhostname.xml
index a41c383bb33ba2de455f84cfe4fb48500e90d5ad..b424f1fbd2500c97c18999d864ca5fb6e1ed453e 100644 (file)
--- a/man/nss-myhostname.xml
+++ b/man/nss-myhostname.xml
@@ -67,12 +67,12 @@
     <literal>hosts:</literal> in <filename>/etc/nsswitch.conf</filename>.</para>
 
     <para>It is recommended to place <literal>myhostname</literal> either between <literal>resolve</literal>
-    and "traditional" modules like <literal>files</literal> and <literal>dns</literal>, or after them. In the
-    first version, well-known names like <literal>localhost</literal> and the machine hostname are given
-    higher priority than the external configuration. This is recommended when the external DNS servers and
-    network are not absolutely trusted. In the second version, external configuration is given higher
-    priority and <command>nss-myhostname</command> only provides a fallback mechanism. This might be suitable
-    in closely controlled networks, for example on a company LAN.</para>
+    and "traditional" modules like <literal>dns</literal>, or after them. In the first version, well-known
+    names like <literal>localhost</literal> and the machine hostname are given higher priority than the
+    external configuration. This is recommended when the external DNS servers and network are not absolutely
+    trusted. In the second version, external configuration is given higher priority and
+    <command>nss-myhostname</command> only provides a fallback mechanism. This might be suitable in closely
+    controlled networks, for example on a company LAN.</para>
   </refsect1>
 
   <refsect1>
@@ -83,11 +83,11 @@
 
     <!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
 <programlisting>passwd:         compat systemd
-group:          compat systemd
+group:          compat [SUCCESS=merge] systemd
 shadow:         compat
 
-# Either (untrusted network):
-hosts:          mymachines resolve [!UNAVAIL=return] <command>myhostname</command> files dns
+# Either (untrusted network, see above):
+hosts:          mymachines resolve [!UNAVAIL=return] files <command>myhostname</command> dns
 # Or (only trusted networks):
 hosts:          mymachines resolve [!UNAVAIL=return] files dns <command>myhostname</command>
 networks:       files

diff --git a/man/nss-mymachines.xml b/man/nss-mymachines.xml
index e0e6989c40c292d6242406257f692cde2f07b922..56ee073c8a357ec508ec8c3966f4fababa170b07 100644 (file)
--- a/man/nss-mymachines.xml
+++ b/man/nss-mymachines.xml
@@ -42,10 +42,10 @@
     <para>To activate the NSS module, add <literal>mymachines</literal> to the line starting with
     <literal>hosts:</literal> in <filename>/etc/nsswitch.conf</filename>.</para>
 
-    <para>It is recommended to place <literal>mymachines</literal> after the <literal>files</literal> or
-    <literal>compat</literal> entry of the <filename>/etc/nsswitch.conf</filename> line to make sure that its
-    mappings are preferred over other resolvers such as DNS, but so that <filename>/etc/hosts</filename>
-    based mappings take precedence.</para>
+    <para>It is recommended to place <literal>mymachines</literal> before the <literal>resolve</literal> or
+    <literal>dns</literal> entry of the <literal>hosts:</literal> line of
+    <filename>/etc/nsswitch.conf</filename> in order to make sure that its mappings are preferred over other
+    resolvers such as DNS.</para>
   </refsect1>
 
   <refsect1>
@@ -56,10 +56,10 @@
 
     <!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
     <programlisting>passwd:         compat systemd
-group:          compat systemd
+group:          compat [SUCCESS=merge] systemd
 shadow:         compat
 
-hosts:          <command>mymachines</command> resolve [!UNAVAIL=return] myhostname files dns
+hosts:          <command>mymachines</command> resolve [!UNAVAIL=return] files myhostname dns
 networks:       files
 
 protocols:      db files

diff --git a/man/nss-resolve.xml b/man/nss-resolve.xml
index c377468953dbac286af1405ab1cf77f2e6b0785b..e6963e5812a93e18c7bc0bac35c73a294d5c1fd3 100644 (file)
--- a/man/nss-resolve.xml
+++ b/man/nss-resolve.xml
@@ -44,14 +44,12 @@
     <literal>dns</literal> somewhere after <literal>resolve</literal>, to fall back to
     <command>nss-dns</command> if <filename>systemd-resolved.service</filename> is not available.</para>
 
-    <para>Note that <command>systemd-resolved</command> will synthesize DNS resource
-    records in a few cases, for example for <literal>localhost</literal> and the
-    current hostname, see
-    <citerefentry><refentrytitle>systemd-resolved</refentrytitle><manvolnum>8</manvolnum></citerefentry>
-    for the full list. This duplicates the functionality of
-    <citerefentry><refentrytitle>nss-myhostname</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
-    but it is still recommended (see examples below) to keep
-    <command>nss-myhostname</command> configured in
+    <para>Note that <command>systemd-resolved</command> will synthesize DNS resource records in a few cases,
+    for example for <literal>localhost</literal> and the current local hostname, see
+    <citerefentry><refentrytitle>systemd-resolved</refentrytitle><manvolnum>8</manvolnum></citerefentry> for
+    the full list. This duplicates the functionality of
+    <citerefentry><refentrytitle>nss-myhostname</refentrytitle><manvolnum>8</manvolnum></citerefentry>, but
+    it is still recommended (see examples below) to keep <command>nss-myhostname</command> configured in
     <filename>/etc/nsswitch.conf</filename>, to keep those names resolveable if
     <command>systemd-resolved</command> is not running.</para>
   </refsect1>
@@ -64,10 +62,10 @@
 
     <!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
 <programlisting>passwd:         compat systemd
-group:          compat systemd
+group:          compat [SUCCESS=merge] systemd
 shadow:         compat
 
-hosts:          mymachines <command>resolve [!UNAVAIL=return]</command> myhostname files dns
+hosts:          mymachines <command>resolve [!UNAVAIL=return]</command> files myhostname dns
 networks:       files
 
 protocols:      db files

diff --git a/man/nss-systemd.xml b/man/nss-systemd.xml
index 34aee0e88016970f87d4b9cea5d68dec4a0c438b..6285b8da9da332a7fa8b8dcadb83c259be9bb452 100644 (file)
--- a/man/nss-systemd.xml
+++ b/man/nss-systemd.xml
@@ -65,7 +65,7 @@
 group:          compat [SUCCESS=merge] <command>systemd</command>
 shadow:         compat
 
-hosts:          mymachines resolve [!UNAVAIL=return] myhostname files dns
+hosts:          mymachines resolve [!UNAVAIL=return] files myhostname dns
 networks:       files
 
 protocols:      db files