Add a second /etc/passwd + /etc/shadow + /etc/group combination

Question

Is it possible to add a second /etc/passwd + /etc/shadow + /etc/group combination like this to a linux system?

/etc/passwd
/etc/passwd2
/etc/shadow
/etc/shadow2
/etc/group 
/etc/group2

During authentication process PAM should use all of this files.

Background is a chrooted application that should add/delete main system users and groups via union rw-mounts. But if possible I don't want to merge this two worlds in the main passwd.

I think you may create a new pam entry and use "pam_listfile" module. I never use it — Dom, Jan 10 '20 at 09:17

score 2 · Answer 1 · answered Jan 15 '20 at 08:35

Since the pam_unix uses NSS to access the passwd, shadow and group files, you can use an appropriate NSS module like libnss-extrausers and modify /etc/nsswitch.conf to contain:

passwd:         compat extrausers
group:          compat extrausers
shadow:         compat extrausers

The extrausers module allows you to use a second set of files located at the (hardcoded) location /var/lib/extrausers.

Add a second /etc/passwd + /etc/shadow + /etc/group combination

1 Answers1