diff options
| author | Lennart Poettering <lennart@poettering.net> | 2021-05-05 15:53:07 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2021-05-08 14:25:24 +0200 |
| commit | 09001dbdc88f447656d79822bbff9c6d7ed7e5cf (patch) | |
| tree | 0f156b419ce3771e71dd2025385900200f3e1966 /man/nss-mymachines.xml | |
| parent | string-util: explicitly cast character to unsigned (diff) | |
| download | systemd-09001dbdc88f447656d79822bbff9c6d7ed7e5cf.tar.xz systemd-09001dbdc88f447656d79822bbff9c6d7ed7e5cf.zip | |
nss-systemd: set USERDB_SUPPRESS_SHADOW flag when looking up user records
Setting the flags means we won#t try to read the data from /etc/shadow
when reading a user record, thus slightly making conversion quicker and
reducing the chance of generating MAC faults, because we needlessly
access a privileged resource. Previously, passing the flag didn't
matter, when converting our JSON records to NSS since the flag only had
an effect on whether to use NSS getspnam() and related calls or not. But
given that we turn off NSS anyway as backend for this conversion (since
we want to avoid NSS loops, where we turn NSS data to our JSON user
records, and then to NSS forever and ever) it was unnecessary to pass
it.
This changed in one of the previous commits however, where we added
support for reading user definitions from drop-in files, with separate
drop-in files for the shadow data.
Diffstat (limited to 'man/nss-mymachines.xml')
0 files changed, 0 insertions, 0 deletions