1 .\" Copyright (c) 1998, 1999 Thorsten Kukuk (kukuk@vt.uni-paderborn.de)
2 .\" Copyright (c) 2011, Mark R. Bannister <cambridge@users.sourceforge.net>
4 .\" This is free documentation; you can redistribute it and/or
5 .\" modify it under the terms of the GNU General Public License as
6 .\" published by the Free Software Foundation; either version 2 of
7 .\" the License, or (at your option) any later version.
9 .\" The GNU General Public License's references to "object code"
10 .\" and "executables" are to be interpreted as the output of any
11 .\" document formatting or typesetting system, including
12 .\" intermediate and printed output.
14 .\" This manual is distributed in the hope that it will be useful,
15 .\" but WITHOUT ANY WARRANTY; without even the implied warranty of
16 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 .\" GNU General Public License for more details.
19 .\" You should have received a copy of the GNU General Public
20 .\" License along with this manual; if not, see
21 .\" <http://www.gnu.org/licenses/>.
23 .TH NSSWITCH.CONF 5 2013-02-12 "Linux" "Linux Programmer's Manual"
25 nsswitch.conf \- Name Service Switch configuration file
27 The Name Service Switch (NSS) configuration file,
28 .IR /etc/nsswitch.conf ,
29 is used by the GNU C Library to determine
30 the sources from which to obtain name-service information in
31 a range of categories,
33 Each category of information is identified by a database name.
35 The file is plain ASCII text, with columns separated by spaces or tab
37 The first column specifies the database name.
38 The remaining columns describe the order of sources to query and a
39 limited set of actions that can be performed by lookup result.
41 The following databases are understood by the GNU C Library:
46 and related functions.
52 Groups of users, used by
54 and related functions.
57 Host names and numbers, used by
59 and related functions.
62 Supplementary group access list, used by
67 Network-wide list of hosts and users, used for access rules.
68 C libraries before glibc 2.1 supported netgroups only over NIS.
71 Network names and numbers, used by
73 and related functions.
76 User passwords, used by
78 and related functions.
81 Network protocols, used by
83 and related functions.
86 Public and secret keys for Secure_RPC used by NFS and NIS+.
89 Remote procedure call names and numbers, used by
91 and related functions.
94 Network services, used by
96 and related functions.
99 Shadow user passwords, used by
101 and related functions.
104 .I /etc/nsswitch.conf
121 dns [!UNAVAIL=return] files
124 nis [NOTFOUND=return] files
127 nis [NOTFOUND=return] files
130 nis [NOTFOUND=return] files
133 nis [NOTFOUND=return] files
136 nis [NOTFOUND=return] files
140 The first column is the database name.
141 The remaining columns specify:
143 One or more service specifications e.g., "files", "db", or "nis".
144 The order of the services on the line determines the order in which
145 those services will be queried, in turn, until a result is found.
147 Optional actions to perform if a particular result is obtained
148 from the preceding service, e.g., "[NOTFOUND=return]".
150 The service specifications supported on your system depend on the
151 presence of shared libraries, and are therefore extensible.
153 .IB /lib/libnss_SERVICE.so. X
154 will provide the named
156 On a standard installation, you can use
157 "files", "db", "nis", and "nisplus".
160 database, you can additionally specify "dns".
166 databases, you can additionally specify
168 .B "Compatibility mode"
172 may be 1 for glibc 2.0, or 2 for glibc 2.1 and later.
173 On systems with additional libraries installed, you may have access to
174 further services such as "hesiod", "ldap", "winbind" and "wins".
176 An action may also be specified following a service specification.
177 The action modifies the behavior following a result obtained
178 from the preceding data source.
179 Action items take the general form:
182 .RI [ STATUS = ACTION ]
184 .RI [! STATUS = ACTION ]
207 The ! negates the test, matching all possible results except the
209 The case of the keywords is not significant.
213 value is matched against the result of the lookup function called by
214 the preceding service specification, and can be one of:
218 No error occurred and the requested entry is returned.
219 The default action for this condition is "return".
222 The lookup succeeded, but the requested entry was not found.
223 The default action for this condition is "continue".
226 The service is permanently unavailable.
227 This can mean either that the
228 required file cannot be read, or, for network services, that the server
229 is not available or does not allow queries.
230 The default action for this condition is "continue".
233 The service is temporarily unavailable.
234 This could mean a file is
235 locked or a server currently cannot accept more connections.
236 The default action for this condition is "continue".
246 Do not call any further lookup functions.
247 However, for compatibility reasons, if this is the selected action for the
251 status, and the configuration file does not contain the
253 line, the next lookup function is always called,
254 without affecting the search result.
257 Call the next lookup function.
259 .SS Compatibility mode (compat)
260 The NSS "compat" service is similar to "files" except that it
261 additionally permits special entries in
263 for granting users or members of netgroups access to the system.
264 The following entries are valid in this mode:
268 Include the specified
270 from the NIS passwd map.
273 Include all users in the given
277 Exclude the specified
279 from the NIS passwd map.
282 Exclude all users in the given
286 Include every user, except previously excluded ones, from the
290 By default the source is "nis", but this may be
291 overridden by specifying "nisplus" as the source for the pseudo-databases
299 is implemented by a shared object library named
300 .IB libnss_SERVICE.so. X
306 .I /etc/nsswitch.conf
307 NSS configuration file.
309 .IB /lib/libnss_compat.so. X
310 implements "compat" source.
312 .IB /lib/libnss_db.so. X
313 implements "db" source.
315 .IB /lib/libnss_dns.so. X
316 implements "dns" source.
318 .IB /lib/libnss_files.so. X
319 implements "files" source.
321 .IB /lib/libnss_hesiod.so. X
322 implements "hesiod" source.
324 .IB /lib/libnss_nis.so. X
325 implements "nis" source.
327 .IB /lib/libnss_nisplus.so. X
328 implements "nisplus" source.
332 Within each process that uses
334 the entire file is read only once.
335 If the file is later changed, the
336 process will continue using the old configuration.
338 Traditionally, there was only a single source for service information,
339 often in the form of a single configuration
340 file (e.g., \fI/etc/passwd\fP).
341 However, as other name services, such as the Network Information
342 Service (NIS) and the Domain Name Service (DNS), became popular,
344 that would be more flexible than fixed search orders coded into
346 The Name Service Switch mechanism,
347 which was based on the mechanism used by
348 Sun Microsystems in the Solaris 2 C library,
349 introduced a cleaner solution to the problem.