From: Lennart Poettering Date: Wed, 21 Aug 2024 08:10:34 +0000 (+0200) Subject: man: document .membership files that nss-systemd processes X-Git-Tag: v257-rc1~650 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d1b04f47e32bd1012ae2e3e6ac9159702463bf15;p=thirdparty%2Fsystemd.git man: document .membership files that nss-systemd processes This has been a glaring omission the docs: when people create .user/.group/.user-privileged/.group-privileged drop-in files, they should also create matching .membership files. --- diff --git a/man/nss-systemd.xml b/man/nss-systemd.xml index 4233bf6a437..890faaea329 100644 --- a/man/nss-systemd.xml +++ b/man/nss-systemd.xml @@ -93,6 +93,17 @@ lrwxrwxrwx. 1 root root 19 May 10 4711.user-privileged -> foobar.user-privileg .user-privileged and .group-privileged suffixes) should contain this section, exclusively. + In addition to the two types of user record files and the two types of group record files there's a + fifth type of file that may be placed in the searched directories: files that indicate membership of + users in groups. Specifically, for every pair of user/group where the user shall be a member of a group a + file named + username:groupname.membership + should be created, i.e. the textual UNIX user name, followed by a colon, followed by the textual UNIX + group name, suffixed by .membership. The contents of these files are currently not + read, and the files should be created empty. The mere existence of these files is enough to effect a + user/group membership. If a program provides user and/or group record files in the searched directories, + it should always also create such files, both for primary and auxiliary group memberships. + Note that static user/group records generally do not override conflicting records in /etc/passwd or /etc/group or other account databases. In fact, before dropping in these files a reasonable level of care should be taken to avoid user/group name and