From 1b0f58cdaaef6a474e704610b77fb45864028fdb Mon Sep 17 00:00:00 2001
From: Peter Schiffer <pschiffe@redhat.com>
Date: Tue, 12 Feb 2013 04:26:41 +0100
Subject: [PATCH] nsswitch.conf.5: Mention initgroups db

Attached patch mentions initgroups db, which was added to the
glibc in commit [1] and describes unexpected behaviour for
group database with notfound status and return action, based
on comment on line 135 in initgroups.c file [2]. More detailed
explanation of this behaviour can be found in email [4] of email
thread [3].

See https://bugzilla.kernel.org/show_bug.cgi?id=53671

[1] http://sourceware.org/git/?p=glibc.git;a=commit;h=9f2da732e7b03825027462dd1c46f8b4d18fc1f5
[2] http://sourceware.org/git/?p=glibc.git;a=blob;f=grp/initgroups.c;h=62fd1fc6de5f9ea08f31134c5ab9a36ae2d5af9e;hb=HEAD
    /* For compatibility reason we will continue to look for more
       entries using the next service even though data has already
       been found if the nsswitch.conf file contained only a 'groups'
       line and no 'initgroups' line.  If the latter is available
       we always respect the status.  This means that the default
       for successful lookups is to return.  */
[3] http://thread.gmane.org/gmane.linux.man/2609
[4] http://article.gmane.org/gmane.linux.man/2620

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
---
 man5/nsswitch.conf.5 | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/man5/nsswitch.conf.5 b/man5/nsswitch.conf.5
index 1623b804b..24c40ac1a 100644
--- a/man5/nsswitch.conf.5
+++ b/man5/nsswitch.conf.5
@@ -21,7 +21,7 @@
 .\" Software Foundation, Inc., 59 Temple Place, Suite 330, Boston,
 .\" MA 02111, USA.
 .\"
-.TH NSSWITCH.CONF 5 2012-04-14 "Linux" "Linux Programmer's Manual"
+.TH NSSWITCH.CONF 5 2013-02-12 "Linux" "Linux Programmer's Manual"
 .SH NAME
 nsswitch.conf \- Name Service Switch configuration file
 .SH DESCRIPTION
@@ -59,6 +59,11 @@ Host names and numbers, used by
 .BR gethostbyname (3)
 and related functions.
 .TP
+.B initgroups
+Supplementary group access list, used by
+.BR getgrouplist (3)
+function.
+.TP
 .B netgroup
 Network-wide list of hosts and users, used for access rules.
 C libraries before glibc 2.1 supported netgroups only over NIS.
@@ -240,6 +245,10 @@ value can be one of:
 .B return
 Return a result now.
 Do not call any further lookup functions.
+However, for compatibility reasons, if this is the selected action
+for the `group' database and the `notfound' status,
+and the configuration file does not contain the `initgroups' line,
+the next lookup function is always called, without affecting the search result.
 .TP
 .B continue
 Call the next lookup function.