From f387a2942ab573c67d615ac14e2d74bc7542b4a4 Mon Sep 17 00:00:00 2001 From: Ulrich Drepper Date: Sat, 9 Feb 2013 23:07:52 +0100 Subject: [PATCH] nss.conf.5: New page describing nss.conf Signed-off-by: Michael Kerrisk --- man5/nss.5 | 109 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 109 insertions(+) create mode 100644 man5/nss.5 diff --git a/man5/nss.5 b/man5/nss.5 new file mode 100644 index 000000000..5bbe20801 --- /dev/null +++ b/man5/nss.5 @@ -0,0 +1,109 @@ +.\" A man page for /etc/default/nss. -*- nroff -*- +.\" +.\" Copyright (C) 2006 Red Hat, Inc. All rights reserved. +.\" +.\" This copyrighted material is made available to anyone wishing to use, +.\" modify, copy, or redistribute it subject to the terms and conditions of the +.\" GNU General Public License v.2. +.\" +.\" This program is distributed in the hope that it will be useful, but WITHOUT +.\" ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +.\" FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for +.\" more details. +.\" +.\" You should have received a copy of the GNU General Public License along +.\" with this program; if not, write to the Free Software Foundation, Inc., +.\" 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +.\" +.\" Author: Ulrich Drepper +.TH nss 5 "May 2006" nss + +.SH NAME +nss \- Name Service Switch configuration file + +.SH DESCRIPTION +Each call to a function which retrieves data from a system database +like the password or group database is handled by the Name Service +Switch implementation in the GNU C library. The various services +provided are implemented by independent modules, each of which +naturally varies widely from the other. +.PP +The default implementations coming with the GNU C library are by +default conservative and do not use unsafe data. This might be +very costly in some situations, especially when the databases +are large. Some modules allow the system administrator to request +taking shortcuts if these are known to be safe. It is then the +system administrator's responsibility to ensure the assumption +is correct. +.PP +There are other modules where the implementation changed over time. +If an implementation used to sacrifize speed for memory consumption +it might create problems if the preference is switched. +.PP +The \fI/etc/default/nss\fR file contains a number of variable +assignments. Each variable controls the behavior of one or more +NSS modules. White spaces are ignored. Lines beginning with `#' +are treated as comments. +.PP +The variables currently recognized are: +.TP +\fBNETID_AUTHORITATIVE =\fR \fITRUE\fR|\fIFALSE\fR +If set to TRUE, the NIS backend for the +.BR initgroups (3) +function will accept the information +from the netid.byname NIS map as authoritative. This can speed up the +function significantly if the group.byname map is large. The content +of the netid.byname map is used \fBas is\fR. The system administrator has +to make sure it is correctly generated. + +.TP +\fBSERVICES_AUTHORITATIVE =\fR \fITRUE\fR|\fIFALSE\fR +If set to TRUE, the NIS backend for the +.BR getservbyname (3) +and +.BR getservbyname_r (3) +function will assume +services.byservicename NIS map exists and is authoritative, particularly +that it contains both keys with /proto and without /proto for both +primary service names and service aliases. The system administrator +has to make sure it is correctly generated. + +.TP +\fBSETENT_BATCH_READ =\fR \fITRUE\fR|\fIFALSE\fR +If set to TRUE, the NIS backend for the +.BR setpwent (3) +and +.BR setgrent (3) +functions will read the entire +database at once and then hand out the requests one by one from +memory with every corresponding +.BR getpwent (3) +or +.BR getgrent (3) +call respectively. Otherwise each +.BR getpwent (3) +or +.BR getgrent (3) +call might result into a network communication with the server to get +the next entry. + + +.SH EXAMPLE + +The default configuration corresponds to the +following configuration file: + +.nf +NETID_AUTHORITATIVE=FALSE +SERVICES_AUTHORITATIVE=FALSE +SETENT_BATCH_READ=FALSE + + +.SH FILES +\fI/etc/default/nss\fR + +.SH AUTHOR +Ulrich Drepper + +.SH SEE ALSO +\fInsswitch.conf\fR