2004-11-03 13:51:07 +00:00
|
|
|
.\" Copyright (c) 1998, 1999 Thorsten Kukuk (kukuk@vt.uni-paderborn.de)
|
2012-03-28 21:47:10 +00:00
|
|
|
.\" Copyright (c) 2011, Mark R. Bannister <cambridge@users.sourceforge.net>
|
2004-11-03 13:51:07 +00:00
|
|
|
.\"
|
|
|
|
.\" This is free documentation; you can redistribute it and/or
|
|
|
|
.\" modify it under the terms of the GNU General Public License as
|
|
|
|
.\" published by the Free Software Foundation; either version 2 of
|
|
|
|
.\" the License, or (at your option) any later version.
|
|
|
|
.\"
|
|
|
|
.\" The GNU General Public License's references to "object code"
|
|
|
|
.\" and "executables" are to be interpreted as the output of any
|
|
|
|
.\" document formatting or typesetting system, including
|
|
|
|
.\" intermediate and printed output.
|
|
|
|
.\"
|
|
|
|
.\" This manual is distributed in the hope that it will be useful,
|
|
|
|
.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
.\" GNU General Public License for more details.
|
|
|
|
.\"
|
|
|
|
.\" You should have received a copy of the GNU General Public
|
|
|
|
.\" License along with this manual; if not, write to the Free
|
|
|
|
.\" Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111,
|
|
|
|
.\" USA.
|
|
|
|
.\"
|
2012-03-28 21:47:10 +00:00
|
|
|
.TH NSSWITCH.CONF 5 2011-10-13 "Linux" "Linux Programmer's Manual"
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH NAME
|
2012-03-28 21:47:10 +00:00
|
|
|
nsswitch.conf \- Name Service Switch configuration file
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH DESCRIPTION
|
2012-03-28 21:47:10 +00:00
|
|
|
The
|
2005-11-02 13:55:25 +00:00
|
|
|
.I /etc/nsswitch.conf
|
2012-03-28 21:47:10 +00:00
|
|
|
file is a configuration file used by the GNU C Library to determine from
|
|
|
|
what sources to obtain name service information in a range of categories,
|
|
|
|
and in what order.
|
|
|
|
Each category of information is identified by a database name.
|
2004-11-03 13:51:07 +00:00
|
|
|
.LP
|
2012-03-28 21:47:10 +00:00
|
|
|
The file is plain ASCII text, with columns separated by spaces or tab
|
|
|
|
characters.
|
|
|
|
The first column defines the database name.
|
|
|
|
The remaining columns describe the order of sources to query and a
|
|
|
|
limited
|
|
|
|
set of actions that can be performed by lookup result.
|
|
|
|
.LP
|
|
|
|
The following databases are made available by the standard
|
|
|
|
GNU C Library:
|
|
|
|
.RS 3
|
|
|
|
.TP 10
|
2004-11-03 13:51:07 +00:00
|
|
|
.B aliases
|
|
|
|
Mail aliases, used by
|
2012-03-28 21:47:10 +00:00
|
|
|
.BR getaliasent (3)
|
|
|
|
and related functions.
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
|
|
|
.B ethers
|
|
|
|
Ethernet numbers.
|
|
|
|
.TP
|
|
|
|
.B group
|
|
|
|
Groups of users, used by
|
|
|
|
.BR getgrent (3)
|
2012-03-28 21:47:10 +00:00
|
|
|
and related functions.
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
|
|
|
.B hosts
|
|
|
|
Host names and numbers, used by
|
|
|
|
.BR gethostbyname (3)
|
2012-03-28 21:47:10 +00:00
|
|
|
and related functions.
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
|
|
|
.B netgroup
|
|
|
|
Network wide list of hosts and users, used for access rules.
|
2012-03-28 21:47:10 +00:00
|
|
|
C libraries before glibc 2.1 only supported netgroups over NIS.
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
2005-10-04 12:51:59 +00:00
|
|
|
.B networks
|
2004-11-03 13:51:07 +00:00
|
|
|
Network names and numbers, used by
|
|
|
|
.BR getnetent (3)
|
2012-03-28 21:47:10 +00:00
|
|
|
and related functions.
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
|
|
|
.B passwd
|
|
|
|
User passwords, used by
|
|
|
|
.BR getpwent (3)
|
2012-03-28 21:47:10 +00:00
|
|
|
and related functions.
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
|
|
|
.B protocols
|
|
|
|
Network protocols, used by
|
|
|
|
.BR getprotoent (3)
|
2012-03-28 21:47:10 +00:00
|
|
|
and related functions.
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
|
|
|
.B publickey
|
|
|
|
Public and secret keys for Secure_RPC used by NFS and NIS+.
|
|
|
|
.TP
|
|
|
|
.B rpc
|
|
|
|
Remote procedure call names and numbers, used by
|
|
|
|
.BR getrpcbyname (3)
|
2012-03-28 21:47:10 +00:00
|
|
|
and related functions.
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
|
|
|
.B services
|
|
|
|
Network services, used by
|
|
|
|
.BR getservent (3)
|
2012-03-28 21:47:10 +00:00
|
|
|
and related functions.
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
|
|
|
.B shadow
|
|
|
|
Shadow user passwords, used by
|
2012-03-28 21:47:10 +00:00
|
|
|
.BR getspnam (3)
|
|
|
|
and related functions.
|
|
|
|
.RE
|
2004-11-03 13:51:07 +00:00
|
|
|
.LP
|
2012-03-28 21:47:10 +00:00
|
|
|
Here is an example
|
2005-11-02 13:55:25 +00:00
|
|
|
.I /etc/nsswitch.conf
|
2012-03-28 21:47:10 +00:00
|
|
|
file:
|
|
|
|
.LP
|
|
|
|
.RS 3
|
2004-11-03 13:51:07 +00:00
|
|
|
.PD 0
|
|
|
|
.TP 16
|
|
|
|
passwd:
|
|
|
|
compat
|
|
|
|
.TP
|
|
|
|
group:
|
|
|
|
compat
|
|
|
|
.TP
|
|
|
|
shadow:
|
|
|
|
compat
|
|
|
|
.sp 1n
|
|
|
|
.TP
|
|
|
|
hosts:
|
|
|
|
dns [!UNAVAIL=return] files
|
|
|
|
.TP
|
|
|
|
networks:
|
|
|
|
nis [NOTFOUND=return] files
|
|
|
|
.TP
|
|
|
|
ethers:
|
|
|
|
nis [NOTFOUND=return] files
|
|
|
|
.TP
|
|
|
|
protocols:
|
|
|
|
nis [NOTFOUND=return] files
|
|
|
|
.TP
|
|
|
|
rpc:
|
|
|
|
nis [NOTFOUND=return] files
|
|
|
|
.TP
|
|
|
|
services:
|
|
|
|
nis [NOTFOUND=return] files
|
|
|
|
.PD
|
2012-03-28 21:47:10 +00:00
|
|
|
.RE
|
2004-11-03 13:51:07 +00:00
|
|
|
.LP
|
2012-03-28 21:47:10 +00:00
|
|
|
The first column is the database name.
|
|
|
|
The remaining columns specify:
|
|
|
|
.RS 3
|
|
|
|
.TP 3
|
|
|
|
o
|
|
|
|
One or more service specifications e.g. "files", "db", or "nis".
|
|
|
|
The order the services appear on the line determine the order in which
|
|
|
|
those services will be queried, in turn, until a result is found.
|
|
|
|
.TP
|
|
|
|
o
|
|
|
|
Optional actions to perform if a particular result is obtained
|
|
|
|
from the preceding service, e.g. "[NOTFOUND=return]".
|
|
|
|
.RE
|
2004-11-03 13:51:07 +00:00
|
|
|
.LP
|
2012-03-28 21:47:10 +00:00
|
|
|
The service specifications supported on your system depend on the
|
|
|
|
presence of shared libraries, and are therefore extensible.
|
|
|
|
Libraries called
|
|
|
|
.IB /lib/libnss_SERVICE.so. X
|
|
|
|
will provide the named
|
|
|
|
.IR SERVICE .
|
|
|
|
On a standard installation, you can use
|
|
|
|
"files", "db", "nis", and "nisplus".
|
|
|
|
For the hosts database, you can additionally specify "dns".
|
|
|
|
For the passwd, group, and shadow databases, you can additionally specify
|
|
|
|
"compat" (see
|
|
|
|
.B "Compatibility mode"
|
|
|
|
below).
|
2004-11-03 13:51:07 +00:00
|
|
|
The version number
|
2012-03-28 21:47:10 +00:00
|
|
|
.B X
|
|
|
|
may be 1 for glibc 2.0, or 2 for glibc 2.1 and later.
|
|
|
|
On systems with additional libraries installed, you may have access to
|
|
|
|
further services such as "hesiod", "ldap", "winbind" and "wins".
|
2004-11-03 13:51:07 +00:00
|
|
|
.LP
|
2012-03-28 21:47:10 +00:00
|
|
|
An action may also be specified following a service specification, that
|
|
|
|
modifies behaviour following a result obtained from the preceding data
|
|
|
|
source.
|
|
|
|
Action items take the general form:
|
2004-11-03 13:51:07 +00:00
|
|
|
.LP
|
2012-03-28 21:47:10 +00:00
|
|
|
.RS 3
|
|
|
|
[
|
|
|
|
.I STATUS
|
|
|
|
=
|
|
|
|
.I ACTION
|
|
|
|
]
|
|
|
|
.br
|
|
|
|
[ !
|
|
|
|
.I STATUS
|
|
|
|
=
|
|
|
|
.I ACTION
|
|
|
|
]
|
|
|
|
.RE
|
2004-11-03 13:51:07 +00:00
|
|
|
.LP
|
|
|
|
where
|
|
|
|
.LP
|
2012-03-28 21:47:10 +00:00
|
|
|
.RS 3
|
|
|
|
.I STATUS
|
|
|
|
=>
|
|
|
|
.B success
|
|
|
|
|
|
|
|
|
.B notfound
|
|
|
|
|
|
|
|
|
.B unavail
|
|
|
|
|
|
|
|
|
.B tryagain
|
|
|
|
.br
|
|
|
|
.I ACTION
|
|
|
|
=>
|
|
|
|
.B return
|
|
|
|
|
|
|
|
|
.B continue
|
|
|
|
.RE
|
|
|
|
.LP
|
|
|
|
The ! negates the test, matching all possible results except the
|
|
|
|
one specified.
|
2007-04-12 22:42:49 +00:00
|
|
|
The case of the keywords is insignificant.
|
2012-03-28 21:47:10 +00:00
|
|
|
.LP
|
|
|
|
The
|
|
|
|
.I STATUS
|
|
|
|
value is matched against the result of the lookup function called by
|
|
|
|
the preceding service specification, and can be one of:
|
|
|
|
.RS 3
|
|
|
|
.TP 10
|
2004-11-03 13:51:07 +00:00
|
|
|
.B success
|
2012-03-28 21:47:10 +00:00
|
|
|
No error occurred and the requested entry is returned.
|
|
|
|
The default action for this condition is "return".
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
|
|
|
.B notfound
|
2012-03-28 21:47:10 +00:00
|
|
|
The lookup succeeded, but the requested entry was not found.
|
|
|
|
The default action for this condition is "continue".
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
|
|
|
.B unavail
|
2007-04-12 22:42:49 +00:00
|
|
|
The service is permanently unavailable.
|
|
|
|
This can either mean the
|
2012-03-28 21:47:10 +00:00
|
|
|
required file cannot be read, or, for network services, the server
|
|
|
|
is not available or does not allow queries.
|
|
|
|
The default action for this condition is "continue".
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
|
|
|
.B tryagain
|
2007-04-12 22:42:49 +00:00
|
|
|
The service is temporarily unavailable.
|
|
|
|
This could mean a file is
|
|
|
|
locked or a server currently cannot accept more connections.
|
2012-03-28 21:47:10 +00:00
|
|
|
The default action for this condition is "continue".
|
|
|
|
.RE
|
|
|
|
.LP
|
|
|
|
The
|
|
|
|
.I ACTION
|
|
|
|
value can be one of:
|
|
|
|
.RS 3
|
|
|
|
.TP 10
|
|
|
|
.B return
|
|
|
|
Return a result now.
|
|
|
|
Do not call any further lookup functions.
|
|
|
|
.TP
|
|
|
|
.B continue
|
|
|
|
Call the next lookup function.
|
|
|
|
.RE
|
|
|
|
.SS Compatibility mode (compat)
|
|
|
|
The NSS "compat" service is similar to "files" except that it
|
|
|
|
additionally permits special entries in
|
2005-11-02 13:55:25 +00:00
|
|
|
.I /etc/passwd
|
2012-03-28 21:47:10 +00:00
|
|
|
for granting users or members of netgroups access to the system.
|
|
|
|
The following entries are valid in this mode:
|
|
|
|
.RS 3
|
|
|
|
.TP 12
|
|
|
|
.BI + user
|
|
|
|
Include the specified
|
|
|
|
.I user
|
|
|
|
from the NIS passwd map.
|
|
|
|
.TP
|
|
|
|
.BI +@ netgroup
|
|
|
|
Include all users in the given
|
|
|
|
.IR netgroup .
|
|
|
|
.TP
|
|
|
|
.BI \- user
|
|
|
|
Exclude the specified
|
|
|
|
.I user
|
|
|
|
from the NIS passwd map.
|
|
|
|
.TP
|
|
|
|
.BI \-@ netgroup
|
|
|
|
Exclude all users in the given
|
|
|
|
.IR netgroup .
|
|
|
|
.TP
|
|
|
|
.B +
|
|
|
|
Include every user, except previously excluded ones, in the
|
|
|
|
NIS passwd map.
|
|
|
|
.RE
|
|
|
|
.LP
|
|
|
|
By default the source is "nis", but this may be
|
|
|
|
overridden by specifying "nisplus" as source for the pseudo-databases
|
2005-07-19 15:36:19 +00:00
|
|
|
.BR passwd_compat ,
|
2004-11-03 13:51:07 +00:00
|
|
|
.B group_compat
|
|
|
|
and
|
2005-07-19 15:36:19 +00:00
|
|
|
.BR shadow_compat .
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH FILES
|
2012-03-28 21:47:10 +00:00
|
|
|
A service named
|
|
|
|
.I SERVICE
|
|
|
|
is implemented by a shared object library named
|
|
|
|
.IB libnss_SERVICE.so. X
|
2004-11-03 13:51:07 +00:00
|
|
|
that resides in
|
|
|
|
.IR /lib .
|
2012-03-28 21:47:10 +00:00
|
|
|
.RS 3
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP 25
|
|
|
|
.PD 0
|
2005-11-02 13:55:25 +00:00
|
|
|
.I /etc/nsswitch.conf
|
2012-03-28 21:47:10 +00:00
|
|
|
NSS configuration file.
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
2012-03-28 21:47:10 +00:00
|
|
|
.IB /lib/libnss_compat.so. X
|
|
|
|
implements "compat" source.
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
2012-03-28 21:47:10 +00:00
|
|
|
.IB /lib/libnss_db.so. X
|
|
|
|
implements "db" source.
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
2012-03-28 21:47:10 +00:00
|
|
|
.IB /lib/libnss_dns.so. X
|
|
|
|
implements "dns" source.
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
2012-03-28 21:47:10 +00:00
|
|
|
.IB /lib/libnss_files.so. X
|
|
|
|
implements "files" source.
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
2012-03-28 21:47:10 +00:00
|
|
|
.IB /lib/libnss_hesiod.so. X
|
|
|
|
implements "hesiod" source.
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
2012-03-28 21:47:10 +00:00
|
|
|
.IB /lib/libnss_nis.so. X
|
|
|
|
implements "nis" source.
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
2012-03-28 21:47:10 +00:00
|
|
|
.IB /lib/libnss_nisplus.so. X
|
|
|
|
implements "nisplus" source.
|
2008-03-05 11:34:16 +00:00
|
|
|
.PD
|
2012-03-28 21:47:10 +00:00
|
|
|
.RE
|
|
|
|
.SH SEE ALSO
|
|
|
|
.BR getent (1),
|
|
|
|
.BR nss (5).
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH NOTES
|
|
|
|
Within each process that uses
|
|
|
|
.BR nsswitch.conf ,
|
2012-03-28 21:47:10 +00:00
|
|
|
the entire file is read only once.
|
|
|
|
If the file is later changed, the
|
2004-11-03 13:51:07 +00:00
|
|
|
process will continue using the old configuration.
|
|
|
|
.LP
|
2012-03-28 21:47:10 +00:00
|
|
|
Traditionally there was only a single source for service information,
|
|
|
|
often in the form of a single configuration
|
|
|
|
file (e.g. \fI/etc/passwd\fP).
|
|
|
|
However, as other nameservices, like the Network Information
|
|
|
|
Service (NIS) and the Domain Name Service (DNS), became popular,
|
|
|
|
a method was needed
|
|
|
|
that would be more flexible than fixed search orders coded into
|
|
|
|
the C library.
|
|
|
|
.LP
|
|
|
|
The Linux libc5 with NYS support and the GNU C Library 2.x (libc.so.6)
|
|
|
|
introduced a cleaner solution to the problem, based on the
|
|
|
|
.B "Name Service Switch"
|
|
|
|
mechanism used by Sun Microsystems in the Solaris 2 C library.
|