From 02e9308751b25aca5f479c6e69ed5942cef4428b Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 20 Sep 2023 11:50:20 +0200
Subject: [PATCH] docs: excorcise NIS from nsswitch.conf

Let's replace the "compat" module in our proposed nsswitch.conf
configuration with "files", since it is not 1995 anymore.

Fedora and other distros have deprecated and removed NIS support a while
back. While others still retain some support I am not sure we should
advertise it in our examples. Downstream can of course still use
"compat" instead of "files" if they want to, but let's not confuse
people who don't care about NIS anymore with this.

Also, bring the nsswitch.conf snippet in README in line with what our
man pages say.

Also see: https://fedoraproject.org/wiki/Changes/retire_NIS_user_space_utils
---
 README                    | 13 +++++++------
 factory/etc/nsswitch.conf |  6 +++---
 man/nss-myhostname.xml    |  7 +++----
 man/nss-mymachines.xml    |  6 +++---
 man/nss-resolve.xml       |  6 +++---
 man/nss-systemd.xml       | 14 +++++++-------
 6 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/README b/README
index 8e4d967056..a273846a1a 100644
--- a/README
+++ b/README
@@ -383,15 +383,16 @@ GLIBC NSS:
         DynamicUser= setting in unit files.)
 
         To make use of these NSS modules, please add them to the "hosts:",
-        "passwd:" and "group:" lines in /etc/nsswitch.conf. The "resolve" module
-        should replace the glibc "dns" module in this file (and don't worry, it
-        chain-loads the "dns" module if it can't talk to resolved).
+        "passwd:", "group:", "shadow:" and "gshadow:" lines in
+        /etc/nsswitch.conf.
 
         The four modules should be used in the following order:
 
-                passwd: compat systemd
-                group: compat systemd
-                hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
+                passwd: files systemd
+                group: files [SUCCESS=merge] systemd
+                shadow: files systemd
+                gshadow: files systemd
+                hosts: mymachines resolve [!UNAVAIL=return] files myhostname dns
 
 SYSV INIT.D SCRIPTS:
         When calling "systemctl enable/disable/is-enabled" on a unit which is a
diff --git a/factory/etc/nsswitch.conf b/factory/etc/nsswitch.conf
index acfa8474d2..45a6820c5e 100644
--- a/factory/etc/nsswitch.conf
+++ b/factory/etc/nsswitch.conf
@@ -1,8 +1,8 @@
 # This file is part of systemd.
 
-passwd:         compat systemd
-group:          compat [SUCCESS=merge] systemd
-shadow:         compat systemd
+passwd:         files systemd
+group:          files [SUCCESS=merge] systemd
+shadow:         files systemd
 gshadow:        files systemd
 
 hosts:          mymachines resolve [!UNAVAIL=return] files myhostname dns
diff --git a/man/nss-myhostname.xml b/man/nss-myhostname.xml
index 19e7aa237a..360e6d7ceb 100644
--- a/man/nss-myhostname.xml
+++ b/man/nss-myhostname.xml
@@ -93,12 +93,11 @@
     <command>nss-myhostname</command> correctly:</para>
 
     <!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
-<programlisting>passwd:         compat systemd
-group:          compat [SUCCESS=merge] systemd
-shadow:         compat systemd
+<programlisting>passwd:         files systemd
+group:          files [SUCCESS=merge] systemd
+shadow:         files systemd
 gshadow:        files systemd
 
-
 hosts:          mymachines resolve [!UNAVAIL=return] files <command>myhostname</command> dns
 networks:       files
 
diff --git a/man/nss-mymachines.xml b/man/nss-mymachines.xml
index baec10954b..717ecc534b 100644
--- a/man/nss-mymachines.xml
+++ b/man/nss-mymachines.xml
@@ -64,9 +64,9 @@
     <command>nss-mymachines</command> correctly:</para>
 
     <!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
-    <programlisting>passwd:         compat systemd
-group:          compat [SUCCESS=merge] systemd
-shadow:         compat systemd
+    <programlisting>passwd:         files systemd
+group:          files [SUCCESS=merge] systemd
+shadow:         files systemd
 gshadow:        files systemd
 
 hosts:          <command>mymachines</command> resolve [!UNAVAIL=return] files myhostname dns
diff --git a/man/nss-resolve.xml b/man/nss-resolve.xml
index 6a1d84e721..d633be2c3d 100644
--- a/man/nss-resolve.xml
+++ b/man/nss-resolve.xml
@@ -150,9 +150,9 @@
     <command>nss-resolve</command> correctly:</para>
 
     <!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
-<programlisting>passwd:         compat systemd
-group:          compat [SUCCESS=merge] systemd
-shadow:         compat systemd
+<programlisting>passwd:         files systemd
+group:          files [SUCCESS=merge] systemd
+shadow:         files systemd
 gshadow:        files systemd
 
 hosts:          mymachines <command>resolve [!UNAVAIL=return]</command> files myhostname dns
diff --git a/man/nss-systemd.xml b/man/nss-systemd.xml
index b7b453825e..bc975c0e1a 100644
--- a/man/nss-systemd.xml
+++ b/man/nss-systemd.xml
@@ -50,10 +50,10 @@
     <literal>passwd:</literal>, <literal>group:</literal>, <literal>shadow:</literal> and
     <literal>gshadow:</literal> in <filename>/etc/nsswitch.conf</filename>.</para>
 
-    <para>It is recommended to place <literal>systemd</literal> after the <literal>files</literal> or
-    <literal>compat</literal> entry of the <filename>/etc/nsswitch.conf</filename> lines so that
-    <filename>/etc/passwd</filename>, <filename>/etc/group</filename>, <filename>/etc/shadow</filename> and
-    <filename>/etc/gshadow</filename> based mappings take precedence.</para>
+    <para>It is recommended to place <literal>systemd</literal> after the <literal>files</literal> entry of
+    the <filename>/etc/nsswitch.conf</filename> lines so that <filename>/etc/passwd</filename>,
+    <filename>/etc/group</filename>, <filename>/etc/shadow</filename> and <filename>/etc/gshadow</filename>
+    based mappings take precedence.</para>
   </refsect1>
 
   <refsect1>
@@ -106,9 +106,9 @@ lrwxrwxrwx. 1 root root   19 May 10 4711.user-privileged -> foobar.user-privileg
     <command>nss-systemd</command> correctly:</para>
 
     <!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
-    <programlisting>passwd:         compat <command>systemd</command>
-group:          compat [SUCCESS=merge] <command>systemd</command>
-shadow:         compat <command>systemd</command>
+    <programlisting>passwd:         files <command>systemd</command>
+group:          files <command>[SUCCESS=merge] systemd</command>
+shadow:         files <command>systemd</command>
 gshadow:        files <command>systemd</command>
 
 hosts:          mymachines resolve [!UNAVAIL=return] files myhostname dns