# Provide a /etc/passwd and /etc/group that contain root and nobody. # Useful when packaging binaries that insist on using nss to look up # username/groups (like nginx). # /bin/sh is fine to not exist, and provided by another shim. { lib, symlinkJoin, writeTextDir, runCommand, extraPasswdLines ? [ ], extraGroupLines ? [ ], }: symlinkJoin { name = "fake-nss"; paths = [ (writeTextDir "etc/passwd" '' root:x:0:0:root user:/var/empty:/bin/sh ${ lib.concatStrings (map (line: line + "\n") extraPasswdLines) }nobody:x:65534:65534:nobody:/var/empty:/bin/sh '') (writeTextDir "etc/group" '' root:x:0: ${lib.concatStrings (map (line: line + "\n") extraGroupLines)}nobody:x:65534: '') (writeTextDir "etc/nsswitch.conf" '' hosts: files dns '') (runCommand "var-empty" { } '' mkdir -p $out/var/empty '') ]; }