mirror of https://github.com/mkerrisk/man-pages
nsswitch.conf.5: Update NSS compatibility mode description
From the current description of NSS compatibility mode it seems that /etc/passwd is the only file where special entries are permitted. But "compat" service can also be specified for group and shadow databases, so this needs to be changed. The list of special entries is for passwd database only, group and shadow databases are not mentioned. Because group database does not support netgroup special entries and it deals with groups, not users, it is better to make a separate list of entries for it. It is true that the default source for the compat pseudo-databases is "nis", but it can be overridden by any NSS service, not just "nisplus". Even "compat" itself can be specified as the source for the pseudo-databases, but doing that of course leads to infinite recursion, so it makes sense to disallow that. The information was obtained from glibc source code, namely from the following files: nis/nss_compat/compat-pwd.c nis/nss_compat/compat-grp.c nis/nss_compat/compat-spwd.c Signed-off-by: Nikola Forró <nforro@redhat.com> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Nikola Forró
Michael Kerrisk
parent
b5e8061a09
commit
85a7acd768
|
|
@ -260,16 +260,22 @@ Call the next lookup function.
|
|||
.RE
|
||||
.SS Compatibility mode (compat)
|
||||
The NSS "compat" service is similar to "files" except that it
|
||||
additionally permits special entries in
|
||||
.I /etc/passwd
|
||||
additionally permits special entries in corresponding files
|
||||
for granting users or members of netgroups access to the system.
|
||||
The following entries are valid in this mode:
|
||||
.RS 4
|
||||
.LP
|
||||
For
|
||||
.B passwd
|
||||
and
|
||||
.B shadow
|
||||
databases:
|
||||
.RS 4
|
||||
.TP 12
|
||||
.BI + user
|
||||
Include the specified
|
||||
.I user
|
||||
from the NIS passwd map.
|
||||
from the NIS passwd/shadow map.
|
||||
.TP
|
||||
.BI +@ netgroup
|
||||
Include all users in the given
|
||||
|
|
@ -278,7 +284,7 @@ Include all users in the given
|
|||
.BI \- user
|
||||
Exclude the specified
|
||||
.I user
|
||||
from the NIS passwd map.
|
||||
from the NIS passwd/shadow map.
|
||||
.TP
|
||||
.BI \-@ netgroup
|
||||
Exclude all users in the given
|
||||
|
|
@ -286,11 +292,33 @@ Exclude all users in the given
|
|||
.TP
|
||||
.B +
|
||||
Include every user, except previously excluded ones, from the
|
||||
NIS passwd map.
|
||||
NIS passwd/shadow map.
|
||||
.RE
|
||||
.LP
|
||||
For
|
||||
.B group
|
||||
database:
|
||||
.RS 4
|
||||
.TP 12
|
||||
.BI + group
|
||||
Include the specified
|
||||
.I group
|
||||
from the NIS group map.
|
||||
.TP
|
||||
.BI \- group
|
||||
Exclude the specified
|
||||
.I group
|
||||
from the NIS group map.
|
||||
.TP
|
||||
.B +
|
||||
Include every group, except previously excluded ones, from the
|
||||
NIS group map.
|
||||
.RE
|
||||
.RE
|
||||
.LP
|
||||
By default, the source is "nis", but this may be
|
||||
overridden by specifying "nisplus" as the source for the pseudo-databases
|
||||
overridden by specifying any NSS service except "compat" itself
|
||||
as the source for the pseudo-databases
|
||||
.BR passwd_compat ,
|
||||
.BR group_compat ,
|
||||
and
|
||||
|
|
|
|||
Loading…
Reference in New Issue