diff options
author | Lennart Poettering <lennart@poettering.net> | 2020-08-17 09:10:32 +0200 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-08-17 18:55:59 +0200 |
commit | d296c20f1fff6a258cc6eacd2141058daa49a1ff (patch) | |
tree | b21001e58291ec0aaa644cf09788de9101bdf130 /man/nss-myhostname.xml | |
parent | f3317336450e1145b97ae9e38bd626f3d4c88eb8 (diff) | |
download | systemd-d296c20f1fff6a258cc6eacd2141058daa49a1ff.tar.gz |
man: move 'files' module in NSS 'hosts:' line before myhostname
I am pretty sure /etc/hosts (i.e. an explicitly configured, local,
trusted database) should be useful for overriding the automatic
myhostname logic.
resolved's internal logic handles it that way and hence we should
suggest it in the NSS fallback line, too.
Let's also bring the factory file back into sync with what the docs say.
And update the prose a bit too, to actually match what we recommend.
Diffstat (limited to 'man/nss-myhostname.xml')
-rw-r--r-- | man/nss-myhostname.xml | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/man/nss-myhostname.xml b/man/nss-myhostname.xml index a41c383bb3..b424f1fbd2 100644 --- a/man/nss-myhostname.xml +++ b/man/nss-myhostname.xml @@ -67,12 +67,12 @@ <literal>hosts:</literal> in <filename>/etc/nsswitch.conf</filename>.</para> <para>It is recommended to place <literal>myhostname</literal> either between <literal>resolve</literal> - and "traditional" modules like <literal>files</literal> and <literal>dns</literal>, or after them. In the - first version, well-known names like <literal>localhost</literal> and the machine hostname are given - higher priority than the external configuration. This is recommended when the external DNS servers and - network are not absolutely trusted. In the second version, external configuration is given higher - priority and <command>nss-myhostname</command> only provides a fallback mechanism. This might be suitable - in closely controlled networks, for example on a company LAN.</para> + and "traditional" modules like <literal>dns</literal>, or after them. In the first version, well-known + names like <literal>localhost</literal> and the machine hostname are given higher priority than the + external configuration. This is recommended when the external DNS servers and network are not absolutely + trusted. In the second version, external configuration is given higher priority and + <command>nss-myhostname</command> only provides a fallback mechanism. This might be suitable in closely + controlled networks, for example on a company LAN.</para> </refsect1> <refsect1> @@ -83,11 +83,11 @@ <!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf --> <programlisting>passwd: compat systemd -group: compat systemd +group: compat [SUCCESS=merge] systemd shadow: compat -# Either (untrusted network): -hosts: mymachines resolve [!UNAVAIL=return] <command>myhostname</command> files dns +# Either (untrusted network, see above): +hosts: mymachines resolve [!UNAVAIL=return] files <command>myhostname</command> dns # Or (only trusted networks): hosts: mymachines resolve [!UNAVAIL=return] files dns <command>myhostname</command> networks: files |