X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=README;h=a6d40b51b51ac234ecbd5477db36a0a3e5028fc8;hb=1c8b03162112d713f693d91cfd14b11dae5a0a51;hp=0c2883317e95776910b95025cf320cf4c56f9a73;hpb=f9aae39d0e2078b01f9e61a22a29018c04d16c50;p=nsscash%2Fnsscash.git diff --git a/README b/README index 0c28833..a6d40b5 100644 --- a/README +++ b/README @@ -14,8 +14,24 @@ Nsscash consists of two parts: `nsscash`, written in Go, which downloads files via HTTP or HTTPS, parses them, creates indices and writes the result to a local file. The second part is the NSS module (`libnss_cash.so.2`), written in C, which provides integration via `/etc/nsswitch.conf`. It's specifically -designed to be very simple and uses the prepared data for lookups. To support -quick lookups, in O(log n), the files utilize indices. +designed to be very simple and uses the data prepared by `nsscash` for +lookups. To support quick lookups, in O(log n), the files utilize indices. + +Nsscash is very careful when deploying the changes: +- All files are updated using the standard "write to temporary file", "sync", + "rename" steps which is atomic on UNIX file systems. +- All errors cause an immediate abort ("fail fast") with a proper error + message and a non-zero exit status. This prevents hiding possibly important + errors. In addition all files are fetched first and then deployed to try to + prevent inconsistent state if only one file can be downloaded. The state + file (containing last file modifications) is only updated when all + operations were successful. +- To prevent unexpected permissions, `nsscash` does not create new files. The + user must create them first and `nsscash` will then re-use the permissions + and owner/group when updating the file (see examples below). +- To prevent misconfigurations, empty files (no users/groups) are not + permitted and will not be written to disk. This is designed to prevent the + accidental loss of all users/groups on a system. nsscash is licensed under AGPL version 3 or later. @@ -29,6 +45,10 @@ nsscash is licensed under AGPL version 3 or later. - github.com/BurntSushi/toml - C compiler, for `libnss_cash.so.2` +Tested on Debian Stretch and Buster, but should work on any GNU/Linux system. +With adapations to the NSS module it should work on any UNIX-like system which +uses NSS. + == USAGE @@ -95,7 +115,7 @@ typical configuration looks like this: The following global keys are available: - `statepath`: Path to a JSON file which stores the last modification time of - each file; automatically updated by `nsswitch`. Used to fetch data only when + each file; automatically updated by `nsscash`. Used to fetch data only when something has changed to reduce the required traffic. Each `file` block describes a single file to download/write. The following