docs: excorcise NIS from nsswitch.conf

Let's replace the "compat" module in our proposed nsswitch.conf configuration with "files", since it is not 1995 anymore. Fedora and other distros have deprecated and removed NIS support a while back. While others still retain some support I am not sure we should advertise it in our examples. Downstream can of course still use "compat" instead of "files" if they want to, but let's not confuse people who don't care about NIS anymore with this. Also, bring the nsswitch.conf snippet in README in line with what our man pages say. Also see: https://fedoraproject.org/wiki/Changes/retire_NIS_user_space_utils
2024-07-03 08:29:25 +00:00 · 2023-09-20 11:50:20 +02:00 · 2023-09-20 11:50:20 +02:00 · 02e9308751
commit 02e9308751
parent 0d05d1623e
6 changed files with 26 additions and 26 deletions
--- a/13
+++ b/13
@ -383,15 +383,16 @@ GLIBC NSS:
        DynamicUser= setting in unit files.)

        To make use of these NSS modules, please add them to the "hosts:",
-        "passwd:" and "group:" lines in /etc/nsswitch.conf. The "resolve" module
-        should replace the glibc "dns" module in this file (and don't worry, it
-        chain-loads the "dns" module if it can't talk to resolved).
+        "passwd:", "group:", "shadow:" and "gshadow:" lines in
+        /etc/nsswitch.conf.

        The four modules should be used in the following order:

-                passwd: compat systemd
-                group: compat systemd
-                hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
+                passwd: files systemd
+                group: files [SUCCESS=merge] systemd
+                shadow: files systemd
+                gshadow: files systemd
+                hosts: mymachines resolve [!UNAVAIL=return] files myhostname dns

 SYSV INIT.D SCRIPTS:
        When calling "systemctl enable/disable/is-enabled" on a unit which is a
--- a/factory/etc/nsswitch.conf
+++ b/factory/etc/nsswitch.conf
@ -1,8 +1,8 @@
 # This file is part of systemd.

-passwd:         compat systemd
-group:          compat [SUCCESS=merge] systemd
-shadow:         compat systemd
+passwd:         files systemd
+group:          files [SUCCESS=merge] systemd
+shadow:         files systemd
 gshadow:        files systemd

 hosts:          mymachines resolve [!UNAVAIL=return] files myhostname dns
--- a/man/nss-myhostname.xml
+++ b/man/nss-myhostname.xml
@ -93,12 +93,11 @@
    <command>nss-myhostname</command> correctly:</para>

    <!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
-<programlisting>passwd:         compat systemd
-group:          compat [SUCCESS=merge] systemd
-shadow:         compat systemd
+<programlisting>passwd:         files systemd
+group:          files [SUCCESS=merge] systemd
+shadow:         files systemd
 gshadow:        files systemd

-
 hosts:          mymachines resolve [!UNAVAIL=return] files <command>myhostname</command> dns
 networks:       files

--- a/man/nss-mymachines.xml
+++ b/man/nss-mymachines.xml
@ -64,9 +64,9 @@
    <command>nss-mymachines</command> correctly:</para>

    <!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
-    <programlisting>passwd:         compat systemd
-group:          compat [SUCCESS=merge] systemd
-shadow:         compat systemd
+    <programlisting>passwd:         files systemd
+group:          files [SUCCESS=merge] systemd
+shadow:         files systemd
 gshadow:        files systemd

 hosts:          <command>mymachines</command> resolve [!UNAVAIL=return] files myhostname dns
--- a/man/nss-resolve.xml
+++ b/man/nss-resolve.xml
@ -150,9 +150,9 @@
    <command>nss-resolve</command> correctly:</para>

    <!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
-<programlisting>passwd:         compat systemd
-group:          compat [SUCCESS=merge] systemd
-shadow:         compat systemd
+<programlisting>passwd:         files systemd
+group:          files [SUCCESS=merge] systemd
+shadow:         files systemd
 gshadow:        files systemd

 hosts:          mymachines <command>resolve [!UNAVAIL=return]</command> files myhostname dns
--- a/man/nss-systemd.xml
+++ b/man/nss-systemd.xml
@ -50,10 +50,10 @@
    <literal>passwd:</literal>, <literal>group:</literal>, <literal>shadow:</literal> and
    <literal>gshadow:</literal> in <filename>/etc/nsswitch.conf</filename>.</para>

-    <para>It is recommended to place <literal>systemd</literal> after the <literal>files</literal> or
-    <literal>compat</literal> entry of the <filename>/etc/nsswitch.conf</filename> lines so that
-    <filename>/etc/passwd</filename>, <filename>/etc/group</filename>, <filename>/etc/shadow</filename> and
-    <filename>/etc/gshadow</filename> based mappings take precedence.</para>
+    <para>It is recommended to place <literal>systemd</literal> after the <literal>files</literal> entry of
+    the <filename>/etc/nsswitch.conf</filename> lines so that <filename>/etc/passwd</filename>,
+    <filename>/etc/group</filename>, <filename>/etc/shadow</filename> and <filename>/etc/gshadow</filename>
+    based mappings take precedence.</para>
  </refsect1>

  <refsect1>
@ -106,9 +106,9 @@ lrwxrwxrwx. 1 root root   19 May 10 4711.user-privileged -> foobar.user-privileg
    <command>nss-systemd</command> correctly:</para>

    <!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
-    <programlisting>passwd:         compat <command>systemd</command>
-group:          compat [SUCCESS=merge] <command>systemd</command>
-shadow:         compat <command>systemd</command>
+    <programlisting>passwd:         files <command>systemd</command>
+group:          files <command>[SUCCESS=merge] systemd</command>
+shadow:         files <command>systemd</command>
 gshadow:        files <command>systemd</command>

 hosts:          mymachines resolve [!UNAVAIL=return] files myhostname dns