Glibc 2.26 porting notes/nsswitch.conf in glibc-2.26
TL;DR (the fix)
Make sure the /etc/nsswitch.conf file contains
passwd: files shadow: files group: files...
passwd: compat files shadow: compat files group: compat files...
passwd: compat shadow: compat group: compat...
What is broken
If you have compat database only listed as a service resolver and install glibc-2.26 most programs will fail to resolve users and groups: login, ssh and so on will fail.
One of many manifestations of the problem:
emerge --update --deep @world
portage: 'portage' user or group missing. For the defaults, line 1 goes into passwd, and 2 into group. portage:x:250:250:portage:/var/tmp/portage:/bin/false portage::250:portage...
Why the breakage
Details can be seen at bug #627338
glibc-2.26 deprecates obsolete NSL libraries. (in this case libnss_compat.so.2 gone away)
Gentoo happened not to change nsswitch.conf since 2006.
Normally /etc/nsswitch.conf is installed and updated by glibc ebuild when both conditions are met:
FEATURES=config-protect-if-modifiedis set in make.conf
- nsswitch.conf has no user modifications (kept as installed by glibc)
To be extra cautious glibc ebuild fails as TODO.
To update nsswitch.conf the simplest is to add files entry into every line using compat. Example fix:
sed 's/\<compat\>/files compat/g' /etc/nsswitch.conf
But I really, really need the compat functionality!
Well, you can install sys-auth/libnss-compat, which re-adds the functionality. Not really much tested, and not really well-supported so far though.
glibc upstream reversed course in 2.27 and included compat in the default list again. sys-auth/libnss-compat is no longer necessary and only works with glibc-2.26*