Luke Granger-Brown
57725ef3ec
git-subtree-dir: third_party/nixpkgs git-subtree-split: 76612b17c0ce71689921ca12d9ffdc9c23ce40b2
77 lines
3.2 KiB
Markdown
77 lines
3.2 KiB
Markdown
# fakeNss {#sec-fakeNss}
|
|
|
|
Provides `/etc/passwd` and `/etc/group` files that contain `root` and `nobody`, allowing user/group lookups to work in binaries that insist on doing those.
|
|
This might be a better choice than a custom script running `useradd` and related utilities if you only need those files to exist with some entries.
|
|
|
|
`fakeNss` also provides `/etc/nsswitch.conf`, configuring NSS host resolution to first check `/etc/hosts` before checking DNS, since the default in the absence of a config file (`dns [!UNAVAIL=return] files`) is quite unexpected.
|
|
|
|
It also creates an empty directory at `/var/empty` because it uses that as the home directory for the `root` and `nobody` users.
|
|
The `/var/empty` directory can also be used as a `chroot` target to prevent file access in processes that do not need to access files, if your container runs such processes.
|
|
|
|
The user entries created by `fakeNss` use the `/bin/sh` shell, which is not provided by `fakeNss` because in most cases it won't be used.
|
|
If you need that to be available, see [`dockerTools.binSh`](#sssec-pkgs-dockerTools-helpers-binSh) or provide your own.
|
|
|
|
## Inputs {#sec-fakeNss-inputs}
|
|
|
|
`fakeNss` is made available in Nixpkgs as a package rather than a function, but it has two attributes that can be overridden and might be useful in particular cases.
|
|
For more details on how overriding works, see [](#ex-fakeNss-overriding) and [](#sec-pkg-override).
|
|
|
|
`extraPasswdLines` (List of Strings; _optional_)
|
|
|
|
: A list of lines that will be added to `/etc/passwd`.
|
|
Useful if extra users need to exist in the output of `fakeNss`.
|
|
If `extraPasswdLines` is specified, it will **not** override the `root` and `nobody` entries created by `fakeNss`.
|
|
Those entries will always exist.
|
|
|
|
Lines specified here must follow the format in {manpage}`passwd(5)`.
|
|
|
|
_Default value:_ `[]`.
|
|
|
|
`extraGroupLines` (List of Strings; _optional_)
|
|
|
|
: A list of lines that will be added to `/etc/group`.
|
|
Useful if extra groups need to exist in the output of `fakeNss`.
|
|
If `extraGroupLines` is specified, it will **not** override the `root` and `nobody` entries created by `fakeNss`.
|
|
Those entries will always exist.
|
|
|
|
Lines specified here must follow the format in {manpage}`group(5)`.
|
|
|
|
_Default value:_ `[]`.
|
|
|
|
## Examples {#sec-fakeNss-examples}
|
|
|
|
:::{.example #ex-fakeNss-dockerTools-buildImage}
|
|
# Using `fakeNss` with `dockerTools.buildImage`
|
|
|
|
This example shows how to use `fakeNss` as-is.
|
|
It is useful with functions in `dockerTools` to allow building Docker images that have the `/etc/passwd` and `/etc/group` files.
|
|
This example includes the `hello` binary in the image so it can do something besides just have the extra files.
|
|
|
|
```nix
|
|
{ dockerTools, fakeNss, hello }:
|
|
dockerTools.buildImage {
|
|
name = "image-with-passwd";
|
|
tag = "latest";
|
|
|
|
copyToRoot = [ fakeNss hello ];
|
|
|
|
config = {
|
|
Cmd = [ "/bin/hello" ];
|
|
};
|
|
}
|
|
```
|
|
:::
|
|
|
|
:::{.example #ex-fakeNss-overriding}
|
|
# Using `fakeNss` with an override to add extra lines
|
|
|
|
The following code uses `override` to add extra lines to `/etc/passwd` and `/etc/group` to create another user and group entry.
|
|
|
|
```nix
|
|
{ fakeNss }:
|
|
fakeNss.override {
|
|
extraPasswdLines = ["newuser:x:9001:9001:new user:/var/empty:/bin/sh"];
|
|
extraGroupLines = ["newuser:x:9001:"];
|
|
}
|
|
```
|
|
:::
|