This folder contains a Name Server module for providing MiG users as virtual
users in a system.

To install the module, run `sudo make install`, which will build the binary and
copy it into /lib, such that it can be used by nsswitch.

The module needs to be registered in the nsswitch.conf file, and a special file
needs to be created in:
/etc/libnss_mig.conf

This file should contain exactly one line with an entry in the passwd
format, describing the MiG system user that all MiG users are mapped
to. Example for RestrictFS:

mig:x:501:501:MIG User:/restrictfs:/bin/false

This sets up all MiG virtual users to have UID and GID 501 and prevents login.

For OpenSSH with an external subsystem it is strictly required that login shell
is set to a value that doesn't just exit, while restrictfs can use /bin/false
or /sbin/nologin for added security.
IMPORTANT: one should NEVER use /bin/bash or any other high-level shell which
will result in automatic shell interpretation of any kind of profile or
shell-rc (e.g. .bashrc) inside the (chrooted) home of the user. Instead for
OpenSSH subsystem setups we recommend pointing the login shell to the actual
subsys handler, which should be safe. If that is not possible at most use the
/bin/sh or similar limted shell without side-loading of init or profile files.
It is important to note that NSS is used by all sshd instances on the system,
so one should take special care to prevent mig virtual user logins on any other
sshd admin instances running on the host. More details about that are available
in the sshd sftpsubsys conf from generateconfs.py . 
With the sshd subsystem the home folder should be set to the MiG user_home
folder, usually found in the state folder. 
If restrictfs is used, it should be set to the restrictfs mount point,
usually /restrictfs.

In any case home folder is then suffixed with the username and expanded
to provide an absolute path. 

The OpenSSH setup using the paramiko handler from grid_sftp as subsystem would
need a line something like this example with UID/GID 1001: 

mig:x:1001:1001:MIG User:/home/mig/state/user_home:/home/mig/mig/server/sftp_subsys.py

The entry in /etc/nsswitch.conf looks like this before updating:
passwd:         compat
group:          compat
shadow:         compat
gshadow:        files

It could could look like this after updating:

passwd:         compat mig
group:          compat
shadow:         compat mig
gshadow:        files



NOTE: The install location depends on architecture and distro but the
Makefile attempts to autodetect the proper location.
You can always call 'make install' with a custom libdir if it does
not fit any of the default /path/to/libnss_X.so ones auto-detected:
libdir=/path/to/libnss_X.so make -e install
