nss-localuser
License
This code is published with the license MIT (see LICENSE.txt) for details.
Overview
nss-localuser is a plugin for the GNU Name Service Switch (NSS)
functionality of the GNU C Library (glibc) providing host name
resolution for "localuser" family of virtual hostnames.
It defines the family "localuser" of virtual hostnames as one of the below names:
- localuser
- localuser-UID
- localuser--APPID
- localuser-UID-APPID
- localuser---APPID
This can be summarized by the following matrix:
|------------------|------------------|---------------------|-------------------| | | current user | user of UID | no user | |------------------|------------------|---------------------|-------------------| | no APP | localuser | localuser-UID | | | app of APPID | localuser--APPID | localuser-UID-APPID | localuser---APPID | |------------------|------------------|---------------------|-------------------|
The delivered NSS service defines one virtual host of name localuser
that resolves to an IP address of the localhost loopback that integrates
user ID.
It is intended to enable distinct IP for distinct users, distinct application.
The name localuser family is resolved to the IPv4 address range 127.128.0.0/9
The delivered IPv4 address is structured as follow:
+--------+--------+--------+--------+
:01111111:1abbcccc:dddddeee:ffffffff:
+--------+--------+--------+--------+
When a is 1, the value 11 bits value bbccccddddd encodes the APPID
and the 11 bits value eeedddddddd encodes the UID.
This is represented by the following hostnames: localuser--APPID
and localuser-UID-APPID.
When abb is 011, the 20 bits value ccccdddddeeeffffffff encodes the APPID.
This is represented by the following hostnames: localuser---APPID.
When abb is 010, the 20 bits value ccccdddddeeeffffffff encodes the UID.
This is represented by the following hostnames: localuser
and localuser-UID.
The values 000 and 001 of abb are reserved for futur use.
Examples:
localuser => 127.160.0.0 (when user has UID = 0)
localuser => 127.160.3.233 (when user has UID = 1001)
localuser-0 => 127.160.0.0
localuser-45 => 127.160.0.45
localuser-1024 => 127.160.4.0
localuser-1048575 => 127.175.255.255
localuser---0 => 127.176.0.0
localuser---45 => 127.176.0.45
localuser---1048575 => 127.191.255.255
localuser-0-0 => 127.192.0.0
localuser--78 => 127.194.115.233 (when user has UID = 1001)
localuser-23-54 => 127.193.176.23
localuser-2047-2047 => 127.255.255.255
The service also provides the reverse resolution.
This module provides a value for IPv6: it translates to a IPv4-mapped IPv6 address because IPv6 lacks of loopback range.
Example:
localuser-1024 => ::ffff:127.128.4.0
For details about NSS integration, see Gnu libc documentation.
Install
To install this file:
make all && sudo install
The installation directory is automatically detected by the tiny script detect-nssdir.sh.
If the script detect-nssdir.sh gives the wrong result, just define the variable nssdir when calling make, as below:
make install nssdir=~/lib
Configuration and activation
Manual setting
To activate the NSS module localuser you have to edit
/etc/nsswitch.conf and add localuser to the
line starting with "hosts:".
Your nsswitch file can then look as below:
# /etc/nsswitch.conf passwd: files sss systemd shadow: files sss group: files sss systemd hosts: localuser files dns myhostname ethers: files netmasks: files networks: files protocols: files services: files sss aliases: files nisplus
Scripted setting
The script activate-localuser.sh can be used to activate, deactivate or query the status of localuser activation.
It accepts 0, 1 or 2 arguments.
usage: activate-localuser.sh [command [file]]
command: on, yes, true, 1: activate
off, no, false, 0: deactivate
status, test, check, query: status (default)
file: file to change (default /etc/nsswitch.conf)