table of contents
NSS_WRAPPER(1) | NSS_WRAPPER(1) |
NAME¶
nss_wrapper - A wrapper for the user, group and hosts NSS API
SYNOPSIS¶
LD_PRELOAD=libnss_wrapper.so NSS_WRAPPER_PASSWD=/path/to/passwd NSS_WRAPPER_GROUP=/path/to/group NSS_WRAPPER_HOSTS=/path/to/host ./myapplication
DESCRIPTION¶
There are projects which provide daemons needing to be able to create, modify and delete Unix users. Or just switch user ids to interact with the system e.g. a user space file server. To be able to test that you need the privilege to modify the passwd and groups file. With nss_wrapper it is possible to define your own passwd and groups file which will be used by software to act correctly while under test.
If you have a client and server under test they normally use functions to resolve network names to addresses (dns) or vice versa. The nss_wrappers allow you to create a hosts file to setup name resolution for the addresses you use with socket_wrapper.
LIMITATIONS¶
Some calls in nss_wrapper will only work if uid_wrapper is loaded and active. One of this functions is initgroups() which needs to run setgroups() to set the groups for the user. setgroups() is wrapped by uid_wrapper.
ENVIRONMENT VARIABLES¶
NSS_WRAPPER_PASSWD, NSS_WRAPPER_GROUP
name:password:UID:GID:GECOS:directory:shell
The format of the group file we support is:
group_name:password:GID:user_list
They are also described in man passwd.5 and man group.5 on Linux. You can fill these files with made up accounts. You point nss_wrapper to them using the two variables NSS_WRAPPER_PASSWD=/path/to/your/passwd and NSS_WRAPPER_GROUP=/path/to/your/group.
NSS_WRAPPER_HOSTS
NSS_WRAPPER_HOSTNAME
NSS_WRAPPER_MODULE_SO_PATH, NSS_WRAPPER_MODULE_FN_PREFIX
For _nss_winbind_getpwnam() this would be:
NSS_WRAPPER_MODULE_FN_PREFIX=winbind
NSS_WRAPPER_DEBUGLEVEL
NSS_WRAPPER_DISABLE_DEEPBIND
EXAMPLE¶
$ echo "bob:x:1000:1000:bob gecos:/home/test/bob:/bin/false" > passwd $ echo "root:x:65534:65532:root gecos:/home/test/root:/bin/false" >> passwd $ echo "users:x:1000:" > group $ echo "root:x:65532:" >> group $ LD_PRELOAD=libnss_wrapper.so NSS_WRAPPER_PASSWD=passwd \
NSS_WRAPPER_GROUP=group getent passwd bob bob:x:1000:1000:bob gecos:/home/test/bob:/bin/false $ LD_PRELOAD=libnss_wrapper.so NSS_WRAPPER_HOSTNAME=test.example.org hostname test.example.org
AUTHOR¶
Samba Team
2024-09-22 |