NSS-SYSTEMD(8)                                     NSS-SYSTEMD(8)

     NAME
          nss-systemd, libnss_systemd.so.2 - UNIX user and group name
          resolution for user/group lookup via Varlink

     SYNOPSIS
          libnss_systemd.so.2

     DESCRIPTION
          nss-systemd is a plug-in module for the GNU Name Service
          Switch (NSS) functionality of the GNU C Library (glibc),
          providing UNIX user and group name resolution for services
          implementing the m[blue]User/Group Record Lookup API via
          Varlinkm[][1], such as the system and service manager
          systemd(1) (for its DynamicUser= feature, see
          systemd.exec(5) for details), systemd-homed.service(8), or
          systemd-machined.service(8).

          This module also ensures that the root and nobody users and
          groups (i.e. the users/groups with the UIDs/GIDs 0 and
          65534) remain resolvable at all times, even if they aren't
          listed in /etc/passwd or /etc/group, or if these files are
          missing.

          This module preferably utilizes systemd-userdbd.service(8)
          for resolving users and groups, but also works without the
          service running.

          To activate the NSS module, add "systemd" to the lines
          starting with "passwd:" and "group:" in /etc/nsswitch.conf.

          It is recommended to place "systemd" after the "files" or
          "compat" entry of the /etc/nsswitch.conf lines so that
          /etc/passwd and /etc/group based mappings take precedence.

     CONFIGURATION IN /ETC/NSSWITCH.CONF
          Here is an example /etc/nsswitch.conf file that enables
          nss-systemd correctly:

              passwd:         compat systemd
              group:          compat [SUCCESS=merge] systemd
              shadow:         compat

              hosts:          mymachines resolve [!UNAVAIL=return] files myhostname dns
              networks:       files

              protocols:      db files
              services:       db files
              ethers:         db files
              rpc:            db files

     Page 1                     systemd 247          (printed 5/24/22)

     NSS-SYSTEMD(8)                                     NSS-SYSTEMD(8)

              netgroup:       nis

     EXAMPLE: MAPPINGS PROVIDED BY SYSTEMD-MACHINED.SERVICE
          The container "rawhide" is spawned using systemd-nspawn(1):

              # systemd-nspawn -M rawhide --boot --network-veth --private-users=pick
              Spawning container rawhide on /var/lib/machines/rawhide.
              Selected user namespace base 20119552 and range 65536.
              ...

              $ machinectl --max-addresses=3
              MACHINE CLASS     SERVICE        OS     VERSION ADDRESSES
              rawhide container systemd-nspawn fedora 30      169.254.40.164 fe80::94aa:3aff:fe7b:d4b9

              $ getent passwd vu-rawhide-0 vu-rawhide-81
              vu-rawhide-0:*:20119552:65534:vu-rawhide-0:/:/usr/sbin/nologin
              vu-rawhide-81:*:20119633:65534:vu-rawhide-81:/:/usr/sbin/nologin

              $ getent group vg-rawhide-0 vg-rawhide-81
              vg-rawhide-0:*:20119552:
              vg-rawhide-81:*:20119633:

              $ ps -o user:15,pid,tty,command -e|grep '^vu-rawhide'
              vu-rawhide-0      692 ?        /lib/systemd/systemd
              vu-rawhide-0      731 ?        /lib/systemd/systemd-journald
              vu-rawhide-192    734 ?        /lib/systemd/systemd-networkd
              vu-rawhide-193    738 ?        /lib/systemd/systemd-resolved
              vu-rawhide-0      742 ?        /lib/systemd/systemd-logind
              vu-rawhide-81     744 ?        /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
              vu-rawhide-0      746 ?        /usr/sbin/sshd -D ...
              vu-rawhide-0      752 ?        /lib/systemd/systemd --user
              vu-rawhide-0      753 ?        (sd-pam)
              vu-rawhide-0     1628 ?        login -- zbyszek
              vu-rawhide-1000  1630 ?        /lib/systemd/systemd --user
              vu-rawhide-1000  1631 ?        (sd-pam)
              vu-rawhide-1000  1637 pts/8    -zsh

     SEE ALSO
          systemd(1), systemd.exec(5), nss-resolve(8), nss-
          myhostname(8), nss-mymachines(8), systemd-
          userdbd.service(8), systemd-homed.service(8), systemd-
          machined.service(8), nsswitch.conf(5), getent(1)

     NOTES
           1. User/Group Record Lookup API via Varlink
              https://systemd.io/USER_GROUP_API

     Page 2                     systemd 247          (printed 5/24/22)