nss-systemd systemd nss-systemd 8 nss-systemd libnss_systemd.so.2 UNIX user and group name resolution for user/group lookup via Varlink libnss_systemd.so.2 Description nss-systemd is a plug-in module for the GNU Name Service Switch (NSS) functionality of the GNU C Library (glibc), providing UNIX user and group name resolution for services implementing the User/Group Record Lookup API via Varlink, such as the system and service manager systemd1 (for its DynamicUser= feature, see systemd.exec5 for details), systemd-homed.service8, or systemd-machined.service8. This module also ensures that the root and nobody users and groups (i.e. the users/groups with the UIDs/GIDs 0 and 65534) remain resolvable at all times, even if they aren't listed in /etc/passwd or /etc/group, or if these files are missing. This module preferably utilizes systemd-userdbd.service8 for resolving users and groups, but also works without the service running. To activate the NSS module, add systemd to the lines starting with passwd: and group: in /etc/nsswitch.conf. It is recommended to place systemd after the files or compat entry of the /etc/nsswitch.conf lines so that /etc/passwd and /etc/group based mappings take precedence. Configuration in <filename>/etc/nsswitch.conf</filename> Here is an example /etc/nsswitch.conf file that enables nss-systemd correctly: passwd: compat systemd group: compat [SUCCESS=merge] systemd shadow: compat hosts: mymachines resolve [!UNAVAIL=return] files myhostname dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis Example: Mappings provided by <filename>systemd-machined.service</filename> The container rawhide is spawned using systemd-nspawn1: # systemd-nspawn -M rawhide --boot --network-veth --private-users=pick Spawning container rawhide on /var/lib/machines/rawhide. Selected user namespace base 20119552 and range 65536. ... $ machinectl --max-addresses=3 MACHINE CLASS SERVICE OS VERSION ADDRESSES rawhide container systemd-nspawn fedora 30 169.254.40.164 fe80::94aa:3aff:fe7b:d4b9 $ getent passwd vu-rawhide-0 vu-rawhide-81 vu-rawhide-0:*:20119552:65534:vu-rawhide-0:/:/usr/sbin/nologin vu-rawhide-81:*:20119633:65534:vu-rawhide-81:/:/usr/sbin/nologin $ getent group vg-rawhide-0 vg-rawhide-81 vg-rawhide-0:*:20119552: vg-rawhide-81:*:20119633: $ ps -o user:15,pid,tty,command -e|grep '^vu-rawhide' vu-rawhide-0 692 ? /usr/lib/systemd/systemd vu-rawhide-0 731 ? /usr/lib/systemd/systemd-journald vu-rawhide-192 734 ? /usr/lib/systemd/systemd-networkd vu-rawhide-193 738 ? /usr/lib/systemd/systemd-resolved vu-rawhide-0 742 ? /usr/lib/systemd/systemd-logind vu-rawhide-81 744 ? /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only vu-rawhide-0 746 ? /usr/sbin/sshd -D ... vu-rawhide-0 752 ? /usr/lib/systemd/systemd --user vu-rawhide-0 753 ? (sd-pam) vu-rawhide-0 1628 ? login -- zbyszek vu-rawhide-1000 1630 ? /usr/lib/systemd/systemd --user vu-rawhide-1000 1631 ? (sd-pam) vu-rawhide-1000 1637 pts/8 -zsh See Also systemd1, systemd.exec5, nss-resolve8, nss-myhostname8, nss-mymachines8, systemd-userdbd.service8, systemd-homed.service8, systemd-machined.service8, nsswitch.conf5, getent1