summaryrefslogtreecommitdiffstats
path: root/README.md
blob: b946a7b2c77453093a3733a99d316d2634bf99b3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
# nss-localuser

- [License](#license)
- [Overview](#overview)
- [Install](#documentation)

## License

This code is published with the license MIT (see LICENSE.txt) for details.

## Overview

`nss-localuser` is a plugin for the GNU Name Service Switch (NSS)
functionality of the GNU C Library (`glibc`) providing host name
resolution for *"localuser"* family of virtual hostnames.

It defines the family  *"localuser"* of virtual hostnames as one of the
below names:

- localuser
- localuser-UID
- localuser--APPID
- localuser-UID-APPID
- localuser---APPID

This can be summarized by the following matrix:

  |------------------|------------------|---------------------|-------------------|
  |                  | **current user** | **user of UID**     | **no user**       |
  |------------------|------------------|---------------------|-------------------|
  | **no APP**       | localuser        | localuser-UID       |                   |
  | **app of APPID** | localuser--APPID | localuser-UID-APPID | localuser---APPID |
  |------------------|------------------|---------------------|-------------------|

The delivered NSS service defines one virtual host of name `localuser`
that resolves to an IP address of the localhost loopback that integrates
user ID.

It is intended to enable distinct IP for distinct users, distinct application.

The name *localuser* family is resolved to the IPv4 address range 127.128.0.0/9

The delivered IPv4 address is structured as follow:

```text
+--------+--------+--------+--------+
:01111111:1abbcccc:dddddeee:ffffffff:
+--------+--------+--------+--------+
```

When `a` is `1`, the value 11 bits value `bbccccddddd` encodes the APPID
and the 11 bits value `eeedddddddd` encodes the UID.
This is represented by the following hostnames: `localuser--APPID`
and `localuser-UID-APPID`.

When `abb` is `011`, the 20 bits value `ccccdddddeeeffffffff` encodes the APPID.
This is represented by the following hostnames: `localuser---APPID`.

When `abb` is `010`, the 20 bits value `ccccdddddeeeffffffff` encodes the UID.
This is represented by the following hostnames: `localuser`
and `localuser-UID`.

The values `000` and `001` of `abb` are reserved for futur use.

Examples:

```text
localuser           => 127.160.0.0   (when user has UID = 0)
localuser           => 127.160.3.233 (when user has UID = 1001)

localuser-0         => 127.160.0.0
localuser-45        => 127.160.0.45
localuser-1024      => 127.160.4.0
localuser-1048575   => 127.175.255.255

localuser---0       => 127.176.0.0
localuser---45      => 127.176.0.45
localuser---1048575 => 127.191.255.255

localuser-0-0       => 127.192.0.0
localuser--78       => 127.194.115.233 (when user has UID = 1001)
localuser-23-54     => 127.193.176.23
localuser-2047-2047 => 127.255.255.255
```

The service also provides the reverse resolution.

This module provides a value for IPv6: it translates to a IPv4-mapped IPv6 address
because IPv6 lacks of loopback range.

Example:

```text
localuser-1024 => ::ffff:127.128.4.0
```

For details about NSS integration, see
[Gnu libc documentation](https://www.gnu.org/software/libc/manual/html_node/Name-Service-Switch.html).

## Install

To install this file:

```sh
make all && sudo install
```

The installation directory is automatically detected by the tiny
script detect-nssdir.sh.

If the script detect-nssdir.sh gives the wrong result, just define the
variable nssdir when calling make, as below:

```sh
make install nssdir=~/lib
```

## Configuration and activation

### Manual setting

To activate the NSS module localuser you have to edit
`/etc/nsswitch.conf` and add `localuser` to the
line starting with "`hosts:`".

Your nsswitch file can then look as below:

<pre># /etc/nsswitch.conf

passwd:     files sss systemd
shadow:     files sss
group:      files sss systemd

hosts:      <b>localuser</b> files dns myhostname

ethers:     files
netmasks:   files
networks:   files
protocols:  files
services:   files sss

aliases:    files nisplus</pre>

### Scripted setting

The script activate-localuser.sh can be used to activate,
deactivate or query the status of localuser activation.

It accepts 0, 1 or 2 arguments.

<pre>usage: activate-localuser.sh [command [file]]

command:    on, yes, true, 1:           activate
            off, no, false, 0:          deactivate
            status, test, check, query: status (default)
file:       file to change (default /etc/nsswitch.conf)</pre>