mirror of
https://github.com/systemd/systemd.git
synced 2024-12-22 17:35:35 +03:00
man: move 'files' module in NSS 'hosts:' line before myhostname
I am pretty sure /etc/hosts (i.e. an explicitly configured, local, trusted database) should be useful for overriding the automatic myhostname logic. resolved's internal logic handles it that way and hence we should suggest it in the NSS fallback line, too. Let's also bring the factory file back into sync with what the docs say. And update the prose a bit too, to actually match what we recommend.
This commit is contained in:
parent
f331733645
commit
d296c20f1f
@ -4,7 +4,7 @@ passwd: compat systemd
|
|||||||
group: compat [SUCCESS=merge] systemd
|
group: compat [SUCCESS=merge] systemd
|
||||||
shadow: compat
|
shadow: compat
|
||||||
|
|
||||||
hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
|
hosts: mymachines resolve [!UNAVAIL=return] files myhostname dns
|
||||||
networks: files
|
networks: files
|
||||||
|
|
||||||
protocols: db files
|
protocols: db files
|
||||||
|
@ -67,12 +67,12 @@
|
|||||||
<literal>hosts:</literal> in <filename>/etc/nsswitch.conf</filename>.</para>
|
<literal>hosts:</literal> in <filename>/etc/nsswitch.conf</filename>.</para>
|
||||||
|
|
||||||
<para>It is recommended to place <literal>myhostname</literal> either between <literal>resolve</literal>
|
<para>It is recommended to place <literal>myhostname</literal> either between <literal>resolve</literal>
|
||||||
and "traditional" modules like <literal>files</literal> and <literal>dns</literal>, or after them. In the
|
and "traditional" modules like <literal>dns</literal>, or after them. In the first version, well-known
|
||||||
first version, well-known names like <literal>localhost</literal> and the machine hostname are given
|
names like <literal>localhost</literal> and the machine hostname are given higher priority than the
|
||||||
higher priority than the external configuration. This is recommended when the external DNS servers and
|
external configuration. This is recommended when the external DNS servers and network are not absolutely
|
||||||
network are not absolutely trusted. In the second version, external configuration is given higher
|
trusted. In the second version, external configuration is given higher priority and
|
||||||
priority and <command>nss-myhostname</command> only provides a fallback mechanism. This might be suitable
|
<command>nss-myhostname</command> only provides a fallback mechanism. This might be suitable in closely
|
||||||
in closely controlled networks, for example on a company LAN.</para>
|
controlled networks, for example on a company LAN.</para>
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
<refsect1>
|
<refsect1>
|
||||||
@ -83,11 +83,11 @@
|
|||||||
|
|
||||||
<!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
|
<!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
|
||||||
<programlisting>passwd: compat systemd
|
<programlisting>passwd: compat systemd
|
||||||
group: compat systemd
|
group: compat [SUCCESS=merge] systemd
|
||||||
shadow: compat
|
shadow: compat
|
||||||
|
|
||||||
# Either (untrusted network):
|
# Either (untrusted network, see above):
|
||||||
hosts: mymachines resolve [!UNAVAIL=return] <command>myhostname</command> files dns
|
hosts: mymachines resolve [!UNAVAIL=return] files <command>myhostname</command> dns
|
||||||
# Or (only trusted networks):
|
# Or (only trusted networks):
|
||||||
hosts: mymachines resolve [!UNAVAIL=return] files dns <command>myhostname</command>
|
hosts: mymachines resolve [!UNAVAIL=return] files dns <command>myhostname</command>
|
||||||
networks: files
|
networks: files
|
||||||
|
@ -42,10 +42,10 @@
|
|||||||
<para>To activate the NSS module, add <literal>mymachines</literal> to the line starting with
|
<para>To activate the NSS module, add <literal>mymachines</literal> to the line starting with
|
||||||
<literal>hosts:</literal> in <filename>/etc/nsswitch.conf</filename>.</para>
|
<literal>hosts:</literal> in <filename>/etc/nsswitch.conf</filename>.</para>
|
||||||
|
|
||||||
<para>It is recommended to place <literal>mymachines</literal> after the <literal>files</literal> or
|
<para>It is recommended to place <literal>mymachines</literal> before the <literal>resolve</literal> or
|
||||||
<literal>compat</literal> entry of the <filename>/etc/nsswitch.conf</filename> line to make sure that its
|
<literal>dns</literal> entry of the <literal>hosts:</literal> line of
|
||||||
mappings are preferred over other resolvers such as DNS, but so that <filename>/etc/hosts</filename>
|
<filename>/etc/nsswitch.conf</filename> in order to make sure that its mappings are preferred over other
|
||||||
based mappings take precedence.</para>
|
resolvers such as DNS.</para>
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
<refsect1>
|
<refsect1>
|
||||||
@ -56,10 +56,10 @@
|
|||||||
|
|
||||||
<!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
|
<!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
|
||||||
<programlisting>passwd: compat systemd
|
<programlisting>passwd: compat systemd
|
||||||
group: compat systemd
|
group: compat [SUCCESS=merge] systemd
|
||||||
shadow: compat
|
shadow: compat
|
||||||
|
|
||||||
hosts: <command>mymachines</command> resolve [!UNAVAIL=return] myhostname files dns
|
hosts: <command>mymachines</command> resolve [!UNAVAIL=return] files myhostname dns
|
||||||
networks: files
|
networks: files
|
||||||
|
|
||||||
protocols: db files
|
protocols: db files
|
||||||
|
@ -44,14 +44,12 @@
|
|||||||
<literal>dns</literal> somewhere after <literal>resolve</literal>, to fall back to
|
<literal>dns</literal> somewhere after <literal>resolve</literal>, to fall back to
|
||||||
<command>nss-dns</command> if <filename>systemd-resolved.service</filename> is not available.</para>
|
<command>nss-dns</command> if <filename>systemd-resolved.service</filename> is not available.</para>
|
||||||
|
|
||||||
<para>Note that <command>systemd-resolved</command> will synthesize DNS resource
|
<para>Note that <command>systemd-resolved</command> will synthesize DNS resource records in a few cases,
|
||||||
records in a few cases, for example for <literal>localhost</literal> and the
|
for example for <literal>localhost</literal> and the current local hostname, see
|
||||||
current hostname, see
|
<citerefentry><refentrytitle>systemd-resolved</refentrytitle><manvolnum>8</manvolnum></citerefentry> for
|
||||||
<citerefentry><refentrytitle>systemd-resolved</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
the full list. This duplicates the functionality of
|
||||||
for the full list. This duplicates the functionality of
|
<citerefentry><refentrytitle>nss-myhostname</refentrytitle><manvolnum>8</manvolnum></citerefentry>, but
|
||||||
<citerefentry><refentrytitle>nss-myhostname</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
it is still recommended (see examples below) to keep <command>nss-myhostname</command> configured in
|
||||||
but it is still recommended (see examples below) to keep
|
|
||||||
<command>nss-myhostname</command> configured in
|
|
||||||
<filename>/etc/nsswitch.conf</filename>, to keep those names resolveable if
|
<filename>/etc/nsswitch.conf</filename>, to keep those names resolveable if
|
||||||
<command>systemd-resolved</command> is not running.</para>
|
<command>systemd-resolved</command> is not running.</para>
|
||||||
</refsect1>
|
</refsect1>
|
||||||
@ -64,10 +62,10 @@
|
|||||||
|
|
||||||
<!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
|
<!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
|
||||||
<programlisting>passwd: compat systemd
|
<programlisting>passwd: compat systemd
|
||||||
group: compat systemd
|
group: compat [SUCCESS=merge] systemd
|
||||||
shadow: compat
|
shadow: compat
|
||||||
|
|
||||||
hosts: mymachines <command>resolve [!UNAVAIL=return]</command> myhostname files dns
|
hosts: mymachines <command>resolve [!UNAVAIL=return]</command> files myhostname dns
|
||||||
networks: files
|
networks: files
|
||||||
|
|
||||||
protocols: db files
|
protocols: db files
|
||||||
|
@ -65,7 +65,7 @@
|
|||||||
group: compat [SUCCESS=merge] <command>systemd</command>
|
group: compat [SUCCESS=merge] <command>systemd</command>
|
||||||
shadow: compat
|
shadow: compat
|
||||||
|
|
||||||
hosts: mymachines resolve [!UNAVAIL=return] myhostname files dns
|
hosts: mymachines resolve [!UNAVAIL=return] files myhostname dns
|
||||||
networks: files
|
networks: files
|
||||||
|
|
||||||
protocols: db files
|
protocols: db files
|
||||||
|
Loading…
Reference in New Issue
Block a user