On Do, 06.12.18 14:58, Pavel Březina (pbrezina@xxxxxxxxxx) wrote: > > Then there is nss-mymachines. It's primarily useful if > > systemd-machined or systemd-nspawn is used. Given that those are now > > part of the 'systemd-container' RPM it would be OK to also add > > nss-mymachines to nsswitch.conf only when the RPM is installed, if > > there's a concept for that. That said, in order to simplify things, > > and given that systemd is a very core part of the OS I'd personally > > just put it statically in nsswitch.conf too by default. After all a > > missing NSS module listed in nsswitch.conf is just skipped, hence this > > should not matter. This module should be in the 'passwd', 'group' and > > 'hosts' lines. > > Reading https://bugzilla.redhat.com/show_bug.cgi?id=1284325 there is can > happen some ID overlaps with FreeIPA/Samba which is undesirable. I would say > that this must be solves if this module is enabled by default. Was there any > progress in this area? I think that's a misunderstanding of what the module does. At the point the module announces those uid/gid ranges they are already reserved, hence the conflict is already there. nss-mymachines is hence only the messanger, not the culprit. Moreover, I think that registering all taken users in NSS is really key to minimize such conflicts. Hence, I am very strongly of the opinion that any component taking possession off a user or a range of users it *must* show up in NSS too, so that other components know. I commented on the bug too. Lennart -- Lennart Poettering, Red Hat _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
