1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-13 23:21:08 +03:00
systemd/man/nss-mymachines.xml
Lennart Poettering c01ff965b4 nss-mymachines: map userns users of containers to real user names
Given a container "foo", that maps user id $UID to container user, using
user namespaces, this NSS module extenstion will now map the $UID to a
name "vu-foo-$TUID" for the translated UID $UID.

Similar, userns groups are mapped to "vg-foo-$TGID" for translated GIDs
of $GID.

This simple change should make userns users more discoverable. Also,
given that many tools like "adduser" check NSS before allocating a UID,
should lower the chance of UID range conflicts between tools.
2015-07-09 14:46:20 -03:00

118 lines
4.1 KiB
XML

<?xml version='1.0'?> <!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!--
This file is part of systemd.
Copyright 2014 Lennart Poettering
systemd is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see <http://www.gnu.org/licenses/>.
-->
<refentry id="nss-mymachines" conditional='ENABLE_MACHINED'>
<refentryinfo>
<title>nss-mymachines</title>
<productname>systemd</productname>
<authorgroup>
<author>
<contrib>Developer</contrib>
<firstname>Lennart</firstname>
<surname>Poettering</surname>
<email>lennart@poettering.net</email>
</author>
</authorgroup>
</refentryinfo>
<refmeta>
<refentrytitle>nss-mymachines</refentrytitle>
<manvolnum>8</manvolnum>
</refmeta>
<refnamediv>
<refname>nss-mymachines</refname>
<refname>libnss_mymachines.so.2</refname>
<refpurpose>Provide hostname resolution for local
container instances.</refpurpose>
</refnamediv>
<refsynopsisdiv>
<para><filename>libnss_mymachines.so.2</filename></para>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
<para><command>nss-mymachines</command> is a plugin for the GNU
Name Service Switch (NSS) functionality of the GNU C Library
(<command>glibc</command>) providing hostname resolution for
container names of containers running locally, that are registered
with
<citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
The container names are resolved to the IP addresses of the
specific container, ordered by their scope.</para>
<para>The module also resolves user IDs used by containers to user
names indicating the container name, and back.</para>
<para>To activate the NSS modules, <literal>mymachines</literal>
has to be added to the lines starting with
<literal>hosts:</literal>, <literal>passwd:</literal> and
<literal>group:</literal> in
<filename>/etc/nsswitch.conf</filename>.</para>
<para>It is recommended to place <literal>mymachines</literal>
near the end of the <filename>nsswitch.conf</filename> lines to
make sure that its mappings are only used as fallback, and any
other mappings, such as DNS or <filename>/etc/hosts</filename>
based mappings take precedence.</para>
</refsect1>
<refsect1>
<title>Example</title>
<para>Here's an example <filename>/etc/nsswitch.conf</filename>
file, that enables <command>mymachines</command> correctly:</para>
<programlisting>passwd: compat <command>mymachines</command>
group: compat <command>mymachines</command>
shadow: compat
hosts: files dns <command>mymachines</command> myhostname
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis</programlisting>
</refsect1>
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>nss-myhostname</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry project='man-pages'><refentrytitle>nsswitch.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry project='man-pages'><refentrytitle>getent</refentrytitle><manvolnum>1</manvolnum></citerefentry>
</para>
</refsect1>
</refentry>