nss.conf.5: New page describing nss.conf

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

man5/nss.5

@@ -0,0 +1,109 @@
+.\" A man page for /etc/default/nss. -*- nroff -*-
+.\"
+.\" Copyright (C) 2006 Red Hat, Inc. All rights reserved.
+.\"
+.\" This copyrighted material is made available to anyone wishing to use,
+.\" modify, copy, or redistribute it subject to the terms and conditions of the
+.\" GNU General Public License v.2.
+.\"
+.\" This program is distributed in the hope that it will be useful, but WITHOUT
+.\" ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+.\" FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+.\" more details.
+.\"
+.\" You should have received a copy of the GNU General Public License along
+.\" with this program; if not, write to the Free Software Foundation, Inc.,
+.\" 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+.\"
+.\" Author: Ulrich Drepper <drepper@redhat.com>
+.TH nss 5 "May 2006" nss
+
+.SH NAME
+nss \- Name Service Switch configuration file
+
+.SH DESCRIPTION
+Each call to a function which retrieves data from a system database
+like the password or group database is handled by the Name Service
+Switch implementation in the GNU C library.  The various services
+provided are implemented by independent modules, each of which
+naturally varies widely from the other.
+.PP
+The default implementations coming with the GNU C library are by
+default conservative and do not use unsafe data.  This might be
+very costly in some situations, especially when the databases
+are large.  Some modules allow the system administrator to request
+taking shortcuts if these are known to be safe.  It is then the
+system administrator's responsibility to ensure the assumption
+is correct.
+.PP
+There are other modules where the implementation changed over time.
+If an implementation used to sacrifize speed for memory consumption
+it might create problems if the preference is switched.
+.PP
+The \fI/etc/default/nss\fR file contains a number of variable
+assignments.  Each variable controls the behavior of one or more
+NSS modules.  White spaces are ignored.  Lines beginning with `#'
+are treated as comments.
+.PP
+The variables currently recognized are:
+.TP
+\fBNETID_AUTHORITATIVE =\fR \fITRUE\fR|\fIFALSE\fR
+If set to TRUE, the NIS backend for the
+.BR initgroups (3)
+function will accept the information
+from the netid.byname NIS map as authoritative.  This can speed up the
+function significantly if the group.byname map is large.  The content
+of the netid.byname map is used \fBas is\fR.  The system administrator has
+to make sure it is correctly generated.
+
+.TP
+\fBSERVICES_AUTHORITATIVE =\fR \fITRUE\fR|\fIFALSE\fR
+If set to TRUE, the NIS backend for the
+.BR getservbyname (3)
+and
+.BR getservbyname_r (3)
+function will assume
+services.byservicename NIS map exists and is authoritative, particularly
+that it contains both keys with /proto and without /proto for both
+primary service names and service aliases.  The system administrator
+has to make sure it is correctly generated.
+
+.TP
+\fBSETENT_BATCH_READ =\fR \fITRUE\fR|\fIFALSE\fR
+If set to TRUE, the NIS backend for the
+.BR setpwent (3)
+and
+.BR setgrent (3)
+functions will read the entire
+database at once and then hand out the requests one by one from
+memory with every corresponding
+.BR getpwent (3)
+or
+.BR getgrent (3)
+call respectively.  Otherwise each
+.BR getpwent (3)
+or
+.BR getgrent (3)
+call might result into a network communication with the server to get
+the next entry.
+
+
+.SH EXAMPLE
+
+The default configuration corresponds to the
+following configuration file:
+
+.nf
+NETID_AUTHORITATIVE=FALSE
+SERVICES_AUTHORITATIVE=FALSE
+SETENT_BATCH_READ=FALSE
+
+
+.SH FILES
+\fI/etc/default/nss\fR
+
+.SH AUTHOR
+Ulrich Drepper <drepper@redhat.com>
+
+.SH SEE ALSO
+\fInsswitch.conf\fR