I wonder whether you already know the following, and whether it is relevant to begin with. (Plus, my knowledge is fairly sketchy.) Even though you statically link glibc, its code will, at run time, dlopen a certain part of glibc. Why: To provide a really uniform abstraction layer over user account queries, e.g., man 3 getpwnam, regardless of whether the accounts are from /etc/passwd, LDAP, or whatever. Therefore, during run time, glibc first reads some config files of the host to see what kind of user account database the host uses. If it's /etc/passwd, then dlopen the implementation of getpwnam and friends for /etc/passwd; else, if it's LDAP, then dlopen the implementation of getpwnam and friends for LDAP; etc etc. So that later when you call getpwnam, it will happen to "do the right thing". This demands the required *.so files to be accessible during run time. Moreoever, if you statically link glibc, this also demands the required *.so files to version-match the glibc you statically link. (It is the main reason why most people give up on statically linking glibc.)