nsswitch.conf(5) - phpMan

Command: man perldoc info search(apropos)  


NSSWITCH.CONF(5)           Linux Programmer's Manual          NSSWITCH.CONF(5)



NAME
       nsswitch.conf - System Databases and Name Service Switch configuration file

DESCRIPTION
       Various  functions  in the C Library need to be configured to work correctly in the
       local  environment.   Traditionally,  this  was  done   by   using   files   (e.g.,
       /etc/passwd),  but  other  nameservices (like the Network Information Service (NIS)
       and the Domain Name Service (DNS)) became popular,  and  were  hacked  into  the  C
       library, usually with a fixed search order.

       The  Linux  libc5  with NYS support and the GNU C Library 2.x (libc.so.6) contain a
       cleaner solution of this problem.  It is  designed  after  a  method  used  by  Sun
       Microsystems  in  the  C  library of Solaris 2.  We follow their name and call this
       scheme "Name Service Switch" (NSS).  The sources  for  the  "databases"  and  their
       lookup order are specified in the /etc/nsswitch.conf file.

       The following databases are available in the NSS:

       aliases
              Mail  aliases,  provides  a system-wide mechanism to redirect mail for local
              recipients. Used by mail transfer agents such  as  Postfix  or  sendmail(8).
              Note: On Linux, not like on other Unices, Sendmail uses its own aliases res-
              olution system independent on '/etc/nsswitch.conf'.

       ethers Ethernet numbers.

       group  Groups of users, used by getgrent(3) functions.

       hosts  Host names and numbers, used by gethostbyname(3) and similar functions.

       netgroup
              Network wide list of hosts and users, used for access  rules.   C  libraries
              before glibc 2.1 only support netgroups over NIS.

       networks
              Network names and numbers, used by getnetent(3) functions.

       passwd User passwords, used by getpwent(3) functions.

       protocols
              Network protocols, used by getprotoent(3) functions.

       publickey
              Public and secret keys for Secure_RPC used by NFS and NIS+.

       rpc    Remote procedure call names and numbers, used by getrpcbyname(3) and similar
              functions.

       services
              Network services, used by getservent(3) functions.

       shadow Shadow user passwords, used by getspnam(3).

       An example /etc/nsswitch.conf (namely, the default used when /etc/nsswitch.conf  is
       missing):

       passwd:         compat
       group:          compat
       shadow:         compat

       hosts:          dns [!UNAVAIL=return] files
       networks:       nis [NOTFOUND=return] files
       ethers:         nis [NOTFOUND=return] files
       protocols:      nis [NOTFOUND=return] files
       rpc:            nis [NOTFOUND=return] files
       services:       nis [NOTFOUND=return] files

       The  first  column  is the database.  The rest of the line specifies how the lookup
       process works.  You can specify the way it works for each database individually.

       The configuration specification for each database can contain two different items:
       * The service specification like 'files', 'db', or 'nis'.
       * The reaction on lookup result like '[NOTFOUND=return]'.

       For libc5 with NYS, the allowed service  specifications  are  'files',  'nis',  and
       'nisplus'.   For  hosts,  you  could specify 'dns' as extra service, for passwd and
       group 'compat', but not for shadow.

       For glibc, you must have a file called /lib/libnss_SERVICE.so.X for  every  SERVICE
       you are using.  On a standard installation, you could use 'files', 'db', 'nis', and
       'nisplus'.  For hosts, you could specify 'dns' as extra service, for passwd, group,
       and  shadow 'compat'.  These services will not be used by libc5 with NYS.  The ver-
       sion number X is 1 for glibc 2.0 and 2 for glibc 2.1.

       If System Security Services Daemon (SSSD) is installed on your system, you can  use
       this  service  with  the  'sss'  keyword.   SSSD  supports the following databases:
       passwd, group, services and netgroup.

       The second item in the specification gives the  user  much  finer  control  on  the
       lookup  process.  Action items are placed between two service names and are written
       within brackets.  The general form is

       '[' ( '!'? STATUS '=' ACTION )+ ']'

       where

       STATUS => success | notfound | unavail | tryagain
       ACTION => return | continue

       The case of the keywords is insignificant.  The STATUS values are the results of  a
       call to a lookup function of a specific service.  They mean:

       success
              No  error occurred and the wanted entry is returned.  The default action for
              this is 'return'.

       notfound
              The lookup process works ok but the needed value was not found.  The default
              action  is  'continue'.   However,  if  the  selected action for the 'group'
              database is 'return', the next lookup function  is  always  called,  without
              affecting the search result.

       unavail
              The  service  is  permanently  unavailable.  This can either mean the needed
              file is not available, or, for DNS, the server is not available or does  not
              allow queries.  The default action is 'continue'.

       tryagain
              The service is temporarily unavailable.  This could mean a file is locked or
              a server currently cannot accept more connections.  The  default  action  is
              'continue'.

   Interaction with +/- syntax (compat mode)
       Linux  libc5  without  NYS does not have the name service switch but does allow the
       user some policy control.  In /etc/passwd you could have entries of the form  +user
       or +@netgroup (include the specified user from the NIS passwd map), -user or -@net-
       group (exclude the specified user), and + (include every user, except the  excluded
       ones,  from  the  NIS  passwd  map).   Since most people only put a + at the end of
       /etc/passwd to include everything from NIS, the switch provides a  faster  alterna-
       tive  for  this case ('passwd: files nis') which doesn't require the single + entry
       in /etc/passwd, /etc/group, and /etc/shadow.  If this is not  sufficient,  the  NSS
       'compat' service provides full +/- semantics.  By default, the source is 'nis', but
       this may be overridden by specifying any NSS service except 'compat' itself as  the
       source  for  the  pseudo-databases  passwd_compat,  group_compat and shadow_compat.
       These pseudo-databases are only available in GNU C Library.

       If SSSD is installed on your system, you can use 'sss'  as  the  source  for  these
       pseudo-databases.

FILES
       A service named SERVICE is implemented by a shared object library named libnss_SER-
       VICE.so.X that resides in /lib.

       /etc/nsswitch.conf       configuration file
       /lib/libnss_compat.so.X  implements 'compat' source for glibc2
       /lib/libnss_db.so.X      implements 'db' source for glibc2
       /lib/libnss_dns.so.X     implements 'dns' source for glibc2
       /lib/libnss_files.so.X   implements 'files' source for glibc2
       /lib/libnss_hesiod.so.X  implements 'hesiod' source for glibc2
       /lib/libnss_nis.so.X     implements 'nis' source for glibc2
       /lib/libnss_nisplus.so.2 implements 'nisplus' source for glibc 2.1

       The following files are read  when  "files"  source  is  specified  for  respective
       databases:

       aliases     /etc/aliases
       ethers      /etc/ethers
       group       /etc/group
       hosts       /etc/hosts
       initgroups  /etc/group
       netgroup    /etc/netgroup
       networks    /etc/networks
       passwd      /etc/passwd
       protocols   /etc/protocols
       publickey   /etc/publickey
       rpc         /etc/rpc
       services    /etc/services
       shadow      /etc/shadow

NOTES
       Within  each process that uses nsswitch.conf, the entire file is read only once; if
       the file is later changed, the process will continue using the old configuration.

       With Solaris, it isn't possible to link programs using the NSS Service  statically.
       With Linux, this is no problem.

COLOPHON
       This page is part of release 3.22 of the Linux man-pages project.  A description of
       the project, and information about reporting bugs, can be found at  http://www.ker-
       nel.org/doc/man-pages/.



Linux                             1999-01-17                  NSSWITCH.CONF(5)

Generated by $Id: phpMan.php,v 4.55 2007/09/05 04:42:51 chedong Exp $ Author: Che Dong
On Apache
Under GNU General Public License
2017-12-12 12:21 @127.0.0.1 CrawledBy CCBot/2.0 (http://commoncrawl.org/faq/)
Valid XHTML 1.0!Valid CSS!