This is Gentoo's testing wiki. It is a non-operational environment and its textual content is outdated.
Please visit our production wiki at https://wiki.gentoo.org
Glibc 2.26 porting notes/nsswitch.conf in glibc-2.26
TL;DR (the fix)
Make sure the /etc/nsswitch.conf file contains files entry:
Good:
# cat /etc/nsswitch.conf
...
passwd: files
shadow: files
group: files
...Also good:
# cat /etc/nsswitch.conf
...
passwd: compat files
shadow: compat files
group: compat files
...Bad:
# cat /etc/nsswitch.conf
...
passwd: compat
shadow: compat
group: compat
...What is broken
If you have compat database only listed as a service resolver and install glibc-2.26 most programs will fail to resolve users and groups: login, ssh and so on will fail.
One of many manifestations of the problem:
portage: 'portage' user or group missing.
For the defaults, line 1 goes into passwd, and 2 into group.
portage:x:250:250:portage:/var/tmp/portage:/bin/false
portage::250:portageWhy the breakage
Details can be seen at bug #627338
glibc-2.26 deprecates obsolete NSL libraries. (in this case libnss_compat.so.2 gone away)
Gentoo happened not to change nsswitch.conf since 2006.
Normally /etc/nsswitch.conf is installed and updated by glibc ebuild when both conditions are met:
FEATURES=config-protect-if-modifiedis set in make.conf- nsswitch.conf has no user modifications (kept as installed by glibc)
To be extra cautious glibc ebuild fails as TODO.
To update nsswitch.conf the simplest is to add files entry into every line using compat. Example fix:
root #sed 's/\<compat\>/files compat/g' /etc/nsswitch.confBut I really, really need the compat functionality!
Well, you can install sys-auth/libnss-compat, which re-adds the functionality. Not really much tested, and not really well-supported so far though.