Project:Toolchain/Glibc 2.26 porting notes/nsswitch.conf in glibc-2.26

From Gentoo Wiki
Jump to:navigation Jump to:search

TL;DR (the fix)

Make sure the /etc/nsswitch.conf file contains files entry:


root #cat /etc/nsswitch.conf
passwd:      files
shadow:      files
group:       files

Also good:

root #cat /etc/nsswitch.conf
passwd:      compat files
shadow:      compat files
group:       compat files


root #cat /etc/nsswitch.conf
passwd:      compat
shadow:      compat
group:       compat

What is broken

If you have compat database only listed as a service resolver and install glibc-2.26 most programs will fail to resolve users and groups: login, ssh and so on will fail.

One of many manifestations of the problem:

root #emerge --update --deep @world
portage: 'portage' user or group missing.
For the defaults, line 1 goes into passwd, and 2 into group.

Why the breakage

Details can be seen at bug #627338

glibc-2.26 deprecates obsolete NSL libraries. (in this case gone away)

Gentoo happened not to change nsswitch.conf since 2006.

Normally /etc/nsswitch.conf is installed and updated by glibc ebuild when both conditions are met:

  • FEATURES=config-protect-if-modified is set in make.conf
  • nsswitch.conf has no user modifications (kept as installed by glibc)

To be extra cautious glibc ebuild fails as TODO.

To update nsswitch.conf the simplest is to add files entry into every line using compat. Example fix:

root #sed 's/\<compat\>/files compat/g' /etc/nsswitch.conf

But I really, really need the compat functionality!

Well, you can install sys-auth/libnss-compat, which re-adds the functionality. Not really much tested, and not really well-supported so far though.

glibc upstream reversed course in 2.27 and included compat in the default list again. sys-auth/libnss-compat is no longer necessary and only works with glibc-2.26*