From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 8 Oct 2025 09:50:02 +0000 (+0200)
Subject: man: fix description of .membership files
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b97fccf0ce2fea8f64a1b266e24e96e5a410f971;p=thirdparty%2Fsystemd.git

man: fix description of .membership files

First, let's say "must" rather than "shall" regarding creation of these
files, because without them group memberships will not work.

Secondly, suggest placing an empty JSON object in them, rather than
making them empty, simply to avoid issues with older systems that didn't
backport d6570eafe3b86584ca42979d1ced5bfd2228a5c7.

Fixes: #38943
---

diff --git a/man/nss-systemd.xml b/man/nss-systemd.xml
index ddadef01f5a..faa2f72d325 100644
--- a/man/nss-systemd.xml
+++ b/man/nss-systemd.xml
@@ -98,11 +98,12 @@ lrwxrwxrwx. 1 root root   19 May 10 4711.user-privileged -> foobar.user-privileg
     users in groups. Specifically, for every pair of user/group where the user shall be a member of a group a
     file named
     <literal><replaceable>username</replaceable>:<replaceable>groupname</replaceable>.membership</literal>
-    should be created, i.e. the textual UNIX user name, followed by a colon, followed by the textual UNIX
-    group name, suffixed by <literal>.membership</literal>. The contents of these files are currently not
-    read, and the files should be created empty. The mere existence of these files is enough to affect a
-    user/group membership. If a program provides user and/or group record files in the searched directories,
-    it should always also create such files, both for primary and auxiliary group memberships.</para>
+    must be created, i.e. the textual UNIX user name, followed by a colon, followed by the textual UNIX group
+    name, suffixed by <literal>.membership</literal>. The contents of these files are currently not read,
+    however it is recommended to create them containing an empty JSON object
+    (i.e. <literal>{}</literal>). The mere existence of these files is enough to affect a user/group
+    membership. If a program provides user and/or group record files in the searched directories, it must
+    always also create such files, both for primary and auxiliary group memberships.</para>
 
     <para>Note that static user/group records generally do not override conflicting records in
     <filename>/etc/passwd</filename> or <filename>/etc/group</filename> or other account databases. In fact,