Penguin
Recent Changes
Blame: nsswitch.conf(5)
EditPageHistoryDiffInfoLikePages
Annotated edit history of nsswitch.conf(5) version 1, including all changes. View license author blame.
Rev Author # Line
1 perry 1 NSSWITCH.CONF
2 !!!NSSWITCH.CONF
3 NAME
4 DESCRIPTION
5 FILES
6 NOTES
7 ----
8 !!NAME
9
10
11 nsswitch.conf - System Databases and Name Service Switch configuration file
12 !!DESCRIPTION
13
14
15 Various functions in the C Library need to be configured to
16 work correctly in the local environment. Traditionally, this
17 was done by using files (e.g., `/etc/passwd'), but other
18 nameservices (like the Network Information Service (NIS) and
19 the Domain Name Service (DNS)) became popular, and were
20 hacked into the C library, usually with a fixed search
21 order.
22
23
24 The Linux libc5 with NYS support and the GNU C Library 2.x
25 (libc.so.6) contain a cleaner solution of this problem. It
26 is designed after a method used by Sun Microsystems in the C
27 library of Solaris 2. We follow their name and call this
28 scheme
29 /etc/nsswitch.conf__
30 file.
31
32
33 The following databases are available in the
34 NSS:
35
36
37 __aliases__
38
39
40 Mail aliases, used by sendmail(8). Presently
41 ignored.
42
43
44 __ethers__
45
46
47 Ethernet numbers.
48
49
50 __group__
51
52
53 Groups of users, used by getgrent(3)
54 functions.
55
56
57 __hosts__
58
59
60 Host names and numbers, used by gethostbyname(3) and
61 similar functions.
62
63
64 __netgroup__
65
66
67 Network wide list of hosts and users, used for access rules.
68 C libraries before glibc 2.1 only support netgroups over
69 NIS.
70
71
72 __network__
73
74
75 Network names and numbers, used by getnetent(3)
76 functions.
77
78
79 __passwd__
80
81
82 User passwords, used by getpwent(3)
83 functions.
84
85
86 __protocols__
87
88
89 Network protocols, used by getprotoent(3)
90 functions.
91
92
93 __publickey__
94
95
96 Public and secret keys for Secure_RPC used by NFS and
97 NIS+.
98
99
100 __rpc__
101
102
103 Remote procedure call names and numbers, used by
104 getrpcbyname(3) and similar functions.
105
106
107 __services__
108
109
110 Network services, used by getservent(3)
111 functions.
112
113
114 __shadow__
115
116
117 Shadow user passwords, used by
118 getspnam(3).
119
120
121 An example __/etc/nsswitch.conf__ file could be look like
122 (This is also the default if __/etc/nsswitch.conf__ is
123 missing):
124
125
126 passwd: compat
127
128
129 group: compat
130
131
132 shadow: compat
133
134
135 hosts: dns [[!UNAVAIL=return] files
136
137
138 networks:
139
140
141 nis [[NOTFOUND=return] files
142
143
144 ethers: nis [[NOTFOUND=return] files
145
146
147 protocols:
148
149
150 nis [[NOTFOUND=return] files
151
152
153 rpc: nis [[NOTFOUND=return] files
154
155
156 services:
157
158
159 nis [[NOTFOUND=return] files
160
161
162 The first column is the database as you can guess from the
163 table above. The rest of the line specifies how the lookup
164 process works. You can specify the way it works for each
165 database individually.
166
167
168 The configuration specification for each database can
169 contain two different items:
170
171
172 * The service specification like `files', `db', or
173 `nis'.
174
175
176 * The reaction on lookup result like
177 `[[NOTFOUND=return]'.
178
179
180 For libc5 with NYS, the allowed service specifications are
181 `files', `nis' and `nisplus'. For hosts, you could specify
182 `dns' as extra service, for passwd and group `compat', but
183 not for shadow.
184
185
186 For glibc, you must have a file called
187 __/lib/libnss_SERVICE.so.__''X'' for every SERVICE you
188 are using. On a standard installation, you could use
189 `files', `db', `nis' and `nisplus'. For hosts, you could
190 specify `dns' as extra service, for passwd, group and shadow
191 `compat'. These services will not be used by libc5 with NYS.
192 The version number ''X'' is 1 for glibc 2.0 and 2 for
193 glibc 2.1.
194
195
196 The second item in the specification gives the user much
197 finer control on the lookup process. Action items are placed
198 between two service names and are written within brackets.
199 The general form is
200
201
202 `[[' ( `!'? STATUS `=' ACTION )+ `]'
203
204
205 where
206
207
208 STATUS =
209
210
211 ACTION =
212
213
214 The case of the keywords is insignificant. The STATUS values
215 are the results of a call to a lookup function of a specific
216 service. They mean:
217
218
219 __success__
220
221
222 No error occurred and the wanted entry is returned. The
223 default action for this is `return'.
224
225
226 __notfound__
227
228
229 The lookup process works ok but the needed value was not
230 found. The default action is `continue'.
231
232
233 __unavail__
234
235
236 The service is permanently unavailable. This can either mean
237 the needed file is not available, or, for DNS, the server is
238 not available or does not allow queries. The default action
239 is `continue'.
240
241
242 __tryagain__
243
244
245 The service is temporarily unavailable. This could mean a
246 file is locked or a server currently cannot accept more
247 connections. The default action is `continue'.
248
249
250 __Interaction with +/- syntax (compat
251 mode)__
252
253
254 Linux libc5 without NYS does not have the name service
255 switch but does allow the user some policy control. In
256 __/etc/passwd__ you could have entries of the form +user
257 or +@netgroup (include the specified user from the NIS
258 passwd map), -user or -@netgroup (exclude the specified
259 user) and + (include every user, except the excluded ones,
260 from the NIS passwd map). Since most people only put a + at
261 the end of __/etc/passwd__ to include everything from
262 NIS, the switch provides a faster alternative for this case
263 (`passwd: files nis') which doesn't require the single +
264 entry in __/etc/passwd__, __/etc/group__ and
265 __/etc/shadow__. If this is not sufficient, the NSS
266 `compat' service provides full +/- semantics. By default,
267 the source is `nis', but this may be overriden by specifying
268 `nisplus' as source for the pseudo-databases
269 __passwd_compat, group_compat__ and __shadow_compat.__
270 This pseudo-databases are only available in GNU C
271 Library.
272 !!FILES
273
274
275 A service named SERVICE is implemented by a shared object
276 library named __libnss_SERVICE.so.__''X'' that resides
277 in ''/lib''.
278
279
280 __/etc/nsswitch.conf__
281
282
283 configuration file
284
285
286 __/lib/libnss_compat.so.__''X''
287
288
289 implements `compat' source for glibc2
290
291
292 __/lib/libnss_db.so.__''X''
293
294
295 implements `db' source for glibc2
296
297
298 __/lib/libnss_dns.so.__''X''
299
300
301 implements `dns' source for glibc2
302
303
304 __/lib/libnss_files.so.__''X''
305
306
307 implements `files' source for glibc2
308
309
310 __/lib/libnss_hesiod.so.__''X''
311
312
313 implements `hesiod' source for glibc2
314
315
316 __/lib/libnss_nis.so.__''X''
317
318
319 implements `nis' source for glibc2
320
321
322 __/lib/libnss_nisplus.so.2__
323
324
325 implements `nisplus' source for glibc 2.1
326 !!NOTES
327
328
329 Within each process that uses __nsswitch.conf__, the
330 entire file is read only once; if the file is later changed,
331 the process will continue using the old
332 configuration.
333
334
335 With Solaris, it isn't possible to link programs using the
336 NSS Service statically. With Linux, this is no
337 problem.
338 ----
This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.