NSS-SYSTEMD(8) nss-systemd NSS-SYSTEMD(8) nss-systemd libnss_systemd.so.2 - / Varlink libnss_systemd.so.2 nss-systemd GNU Name Service Switch (NSS) GNU C (glibc) / Varlink[1] systemd(1) ( DynamicUser= systemd.exec(5) ) systemd-homed.service(8) systemd-machined.service(8). root nobody ( / UIDs/GIDs 0 65534) /etc/passwd /etc/group . systemd-userdbd.service(8) . NSS "systemd" "passwd:" "group:" "shadow:" "gshadow:" /etc/nsswitch.conf. "systemd" "files" /etc/nsswitch.conf /etc/passwd /etc/group /etc/shadow /etc/gshadow . JSON / / Varlink IPC root nobody /etc/userdb/ /run/userdb/ /run/host/userdb/ /usr/lib/userdb/. JSON. JSON[2] .user . UID .user UID. ( ) .user-privileged. .user-privileged UID . root. : -rw-r--r--. 1 root root 723 May 10 foobar.user -rw-------. 1 root root 123 May 10 foobar.user-privileged lrwxrwxrwx. 1 root root 19 May 10 4711.user -> foobar.user lrwxrwxrwx. 1 root root 19 May 10 4711.user-privileged -> foobar.user-privileged JSON[3] .group .group-privileged. / ( .user .group) "privileged" . / ( .user-privileged .group-privileged) . : . / "username:groupname.membership" ".membership". JSON ( "{}"). /. / . / /etc/passwd /etc/group . / UID/GID. systemd-userdb-load-credentials.service . userdbctl(1) systemd.system-credentials(7) . /ETC/NSSWITCH.CONF /etc/nsswitch.conf nss-systemd : passwd: files systemd group: files [SUCCESS=merge] systemd shadow: files systemd gshadow: files systemd hosts: mymachines resolve [!UNAVAIL=return] files myhostname dns networks: files : db : db ethers: db rpc: db netgroup: nis : systemd-machined "rawhide" systemd-nspawn(1): # systemd-nspawn -M rawhide --boot --network-veth --private-users=pick rawhide /var/lib/machines/rawhide. 20119552 65536. ... $ machinectl --max-addresses=3 MACHINE CLASS SERVICE OS VERSION ADDRESSES rawhide container systemd-nspawn fedora 30 169.254.40.164 fe80::94aa:3aff:fe7b:d4b9 $ getent passwd vu-rawhide-0 vu-rawhide-81 vu-rawhide-0:*:20119552:65534:vu-rawhide-0:/:/usr/sbin/nologin vu-rawhide-81:*:20119633:65534:vu-rawhide-81:/:/usr/sbin/nologin $ getent group vg-rawhide-0 vg-rawhide-81 vg-rawhide-0:*:20119552: vg-rawhide-81:*:20119633: $ ps -o user:15,pid,tty,command -e|grep '^vu-rawhide' vu-rawhide-0 692 ? /usr/lib/systemd/systemd vu-rawhide-0 731 ? /usr/lib/systemd/systemd-journald vu-rawhide-192 734 ? /usr/lib/systemd/systemd-networkd vu-rawhide-193 738 ? /usr/lib/systemd/systemd-resolved vu-rawhide-0 742 ? /usr/lib/systemd/systemd-logind vu-rawhide-81 744 ? /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only vu-rawhide-0 746 ? /usr/sbin/sshd -D ... vu-rawhide-0 752 ? /usr/lib/systemd/systemd --user vu-rawhide-0 753 ? (sd-pam) vu-rawhide-0 1628 ? login -- zbyszek vu-rawhide-1000 1630 ? /usr/lib/systemd/systemd --user vu-rawhide-1000 1631 ? (sd-pam) vu-rawhide-1000 1637 pts/8 -zsh systemd(1) systemd.exec(5) nss-resolve(8) nss-myhostname(8) nss-mymachines(8) systemd-userdbd.service(8) systemd-homed.service(8) systemd-machined.service(8) userdbctl(1) systemd.system-credentials(7) nsswitch.conf(5) getent(1) 1. / Varlink https://systemd.io/USER_GROUP_API 2. JSON https://systemd.io/USER_RECORD 3. JSON https://systemd.io/GROUP_RECORD 3 . . : . systemd 260.1 NSS-SYSTEMD(8)