1 .\" Copyright (c) 1998, 1999 Thorsten Kukuk (kukuk@vt.uni-paderborn.de)
3 .\" This is free documentation; you can redistribute it and/or
4 .\" modify it under the terms of the GNU General Public License as
5 .\" published by the Free Software Foundation; either version 2 of
6 .\" the License, or (at your option) any later version.
8 .\" The GNU General Public License's references to "object code"
9 .\" and "executables" are to be interpreted as the output of any
10 .\" document formatting or typesetting system, including
11 .\" intermediate and printed output.
13 .\" This manual is distributed in the hope that it will be useful,
14 .\" but WITHOUT ANY WARRANTY; without even the implied warranty of
15 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 .\" GNU General Public License for more details.
18 .\" You should have received a copy of the GNU General Public
19 .\" License along with this manual; if not, write to the Free
20 .\" Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111,
23 .\" This manual page based on the GNU C Library info pages.
25 .TH NSSWITCH.CONF 5 1999-01-17 "Linux" "Linux Programmer's Manual"
27 nsswitch.conf \- System Databases and Name Service Switch configuration file
29 Various functions in the C Library need to be configured to work
30 correctly in the local environment. Traditionally, this was done by
31 using files (e.g., `/etc/passwd'), but other nameservices (like the
32 Network Information Service (NIS) and the Domain Name Service (DNS))
33 became popular, and were hacked into the C library, usually with a fixed
36 The Linux libc5 with NYS support and the GNU C Library 2.x (libc.so.6)
37 contain a cleaner solution of this problem. It is designed after a method
38 used by Sun Microsystems in the C library of Solaris 2. We follow their
39 name and call this scheme "Name Service Switch" (NSS). The sources for
40 the "databases" and their lookup order are specified in the
44 The following databases are available in the NSS:
55 Groups of users, used by
60 Host names and numbers, used by
62 and similar functions.
65 Network wide list of hosts and users, used for access rules.
66 C libraries before glibc 2.1 only support netgroups over NIS.
69 Network names and numbers, used by
74 User passwords, used by
79 Network protocols, used by
84 Public and secret keys for Secure_RPC used by NFS and NIS+.
87 Remote procedure call names and numbers, used by
89 and similar functions.
92 Network services, used by
97 Shadow user passwords, used by
101 .B /etc/nsswitch.conf
102 (namely, the default used when
103 .B /etc/nsswitch.conf
119 dns [!UNAVAIL=return] files
122 nis [NOTFOUND=return] files
125 nis [NOTFOUND=return] files
128 nis [NOTFOUND=return] files
131 nis [NOTFOUND=return] files
134 nis [NOTFOUND=return] files
137 The first column is the database.
138 The rest of the line specifies how the lookup process works.
139 You can specify the way it works for each database individually.
141 The configuration specification for each database can contain two
145 * The service specification like `files', `db', or `nis'.
147 * The reaction on lookup result like `[NOTFOUND=return]'.
150 For libc5 with NYS, the allowed service specifications are `files', `nis',
151 and `nisplus'. For hosts, you could specify `dns' as extra service, for
152 passwd and group `compat', but not for shadow.
154 For glibc, you must have a file called
155 .BI /lib/libnss_SERVICE.so. X
156 for every SERVICE you are using. On a standard installation, you could use
157 `files', `db', `nis', and `nisplus'. For hosts, you could specify `dns' as
158 extra service, for passwd, group, and shadow `compat'. These services will not
159 be used by libc5 with NYS.
162 is 1 for glibc 2.0 and 2 for glibc 2.1.
164 The second item in the specification gives the user much finer
165 control on the lookup process. Action items are placed between two
166 service names and are written within brackets. The general form is
168 `[' ( `!'? STATUS `=' ACTION )+ `]'
174 STATUS => success | notfound | unavail | tryagain
176 ACTION => return | continue
179 The case of the keywords is insignificant. The STATUS values are
180 the results of a call to a lookup function of a specific service. They
184 No error occurred and the wanted entry is returned. The default
185 action for this is `return'.
188 The lookup process works ok but the needed value was not found.
189 The default action is `continue'.
192 The service is permanently unavailable. This can either mean the
193 needed file is not available, or, for DNS, the server is not
194 available or does not allow queries. The default action is
198 The service is temporarily unavailable. This could mean a file is
199 locked or a server currently cannot accept more connections. The
200 default action is `continue'.
202 .SS Interaction with +/- syntax (compat mode)
203 Linux libc5 without NYS does not have the name service switch but does
204 allow the user some policy control. In
206 you could have entries of the form +user or +@netgroup
207 (include the specified user from the NIS passwd map),
208 -user or -@netgroup (exclude the specified user),
209 and + (include every user, except the excluded ones, from the NIS
210 passwd map). Since most people only put a + at the end of
212 to include everything from NIS, the switch provides a faster
213 alternative for this case (`passwd: files nis') which doesn't
214 require the single + entry in
219 If this is not sufficient, the NSS `compat' service provides full
220 +/- semantics. By default, the source is `nis', but this may be
221 overriden by specifying `nisplus' as source for the pseudo-databases
226 This pseudo-databases are only available in GNU C Library.
228 A service named SERVICE is implemented by a shared object library named
229 .BI libnss_SERVICE.so. X
234 .B /etc/nsswitch.conf
237 .BI /lib/libnss_compat.so. X
238 implements `compat' source for glibc2
240 .BI /lib/libnss_db.so. X
241 implements `db' source for glibc2
243 .BI /lib/libnss_dns.so. X
244 implements `dns' source for glibc2
246 .BI /lib/libnss_files.so. X
247 implements `files' source for glibc2
249 .BI /lib/libnss_hesiod.so. X
250 implements `hesiod' source for glibc2
252 .BI /lib/libnss_nis.so. X
253 implements `nis' source for glibc2
255 .B /lib/libnss_nisplus.so.2
256 implements `nisplus' source for glibc 2.1
258 Within each process that uses
260 the entire file is read only once; if the file is later changed, the
261 process will continue using the old configuration.
263 With Solaris, it isn't possible to link programs using the NSS Service
264 statically. With Linux, this is no problem.