summaryrefslogtreecommitdiffstats
path: root/man/man5/nsswitch.conf.5
diff options
context:
space:
mode:
Diffstat (limited to 'man/man5/nsswitch.conf.5')
-rw-r--r--man/man5/nsswitch.conf.5427
1 files changed, 427 insertions, 0 deletions
diff --git a/man/man5/nsswitch.conf.5 b/man/man5/nsswitch.conf.5
new file mode 100644
index 0000000..b394cf4
--- /dev/null
+++ b/man/man5/nsswitch.conf.5
@@ -0,0 +1,427 @@
+.\" Copyright (c) 1998, 1999 Thorsten Kukuk (kukuk@vt.uni-paderborn.de)
+.\" Copyright (c) 2011, Mark R. Bannister <cambridge@users.sourceforge.net>
+.\"
+.\" SPDX-License-Identifier: GPL-2.0-or-later
+.\"
+.TH nsswitch.conf 5 2024-05-02 "Linux man-pages (unreleased)"
+.SH NAME
+nsswitch.conf \- Name Service Switch configuration file
+.SH DESCRIPTION
+The Name Service Switch (NSS) configuration file,
+.IR /etc/nsswitch.conf ,
+is used by the GNU C Library and certain other applications to determine
+the sources from which to obtain name-service information in
+a range of categories,
+and in what order.
+Each category of information is identified by a database name.
+.P
+The file is plain ASCII text, with columns separated by spaces or tab
+characters.
+The first column specifies the database name.
+The remaining columns describe the order of sources to query and a
+limited set of actions that can be performed by lookup result.
+.P
+The following databases are understood by the GNU C Library:
+.TP 12
+.B aliases
+Mail aliases, used by
+.BR getaliasent (3)
+and related functions.
+.TP
+.B ethers
+Ethernet numbers.
+.TP
+.B group
+Groups of users, used by
+.BR getgrent (3)
+and related functions.
+.TP
+.B hosts
+Host names and numbers, used by
+.BR gethostbyname (3)
+and related functions.
+.TP
+.B initgroups
+Supplementary group access list, used by
+.BR getgrouplist (3)
+function.
+.TP
+.B netgroup
+Network-wide list of hosts and users, used for access rules.
+C libraries before glibc 2.1 supported netgroups only over NIS.
+.TP
+.B networks
+Network names and numbers, used by
+.BR getnetent (3)
+and related functions.
+.TP
+.B passwd
+User passwords, used by
+.BR getpwent (3)
+and related functions.
+.TP
+.B protocols
+Network protocols, used by
+.BR getprotoent (3)
+and related functions.
+.TP
+.B publickey
+Public and secret keys for Secure_RPC used by NFS and NIS+.
+.TP
+.B rpc
+Remote procedure call names and numbers, used by
+.BR getrpcbyname (3)
+and related functions.
+.TP
+.B services
+Network services, used by
+.BR getservent (3)
+and related functions.
+.TP
+.B shadow
+Shadow user passwords, used by
+.BR getspnam (3)
+and related functions.
+.P
+The GNU C Library ignores databases with unknown names.
+Some applications use this to implement special handling for their own
+databases.
+For example,
+.BR sudo (8)
+consults the
+.B sudoers
+database.
+Delegation of subordinate user/group IDs
+can be configured using the
+.B subid
+database.
+Refer to
+.BR subuid (5)
+and
+.BR subgid (5)
+for more details.
+.P
+Here is an example
+.I /etc/nsswitch.conf
+file:
+.P
+.in +4n
+.EX
+passwd: compat
+group: compat
+shadow: compat
+\&
+hosts: dns [!UNAVAIL=return] files
+networks: nis [NOTFOUND=return] files
+ethers: nis [NOTFOUND=return] files
+protocols: nis [NOTFOUND=return] files
+rpc: nis [NOTFOUND=return] files
+services: nis [NOTFOUND=return] files
+.EE
+.in
+.P
+The first column is the database name.
+The remaining columns specify:
+.IP \[bu] 3
+One or more service specifications, for example, "files", "db", or "nis".
+The order of the services on the line determines the order in which
+those services will be queried, in turn, until a result is found.
+.IP \[bu]
+Optional actions to perform if a particular result is obtained
+from the preceding service, for example, "[NOTFOUND=return]".
+.P
+The service specifications supported on your system depend on the
+presence of shared libraries, and are therefore extensible.
+Libraries called
+.IB /lib/libnss_SERVICE.so. X
+will provide the named
+.IR SERVICE .
+On a standard installation, you can use
+"files", "db", "nis", and "nisplus".
+For the
+.B hosts
+database, you can additionally specify "dns".
+For the
+.BR passwd ,
+.BR group ,
+and
+.B shadow
+databases, you can additionally specify
+"compat" (see
+.B "Compatibility mode"
+below).
+The version number
+.B X
+may be 1 for glibc 2.0, or 2 for glibc 2.1 and later.
+On systems with additional libraries installed, you may have access to
+further services such as "hesiod", "ldap", "winbind", and "wins".
+.P
+An action may also be specified following a service specification.
+The action modifies the behavior following a result obtained
+from the preceding data source.
+Action items take the general form:
+.P
+.RS 4
+.RI [ STATUS = ACTION ]
+.br
+.RI [! STATUS = ACTION ]
+.RE
+.P
+where
+.P
+.RS 4
+.I STATUS
+=>
+.B success
+|
+.B notfound
+|
+.B unavail
+|
+.B tryagain
+.br
+.I ACTION
+=>
+.B return
+|
+.B continue
+|
+.B merge
+.RE
+.P
+The ! negates the test, matching all possible results except the
+one specified.
+The case of the keywords is not significant.
+.P
+The
+.I STATUS
+value is matched against the result of the lookup function called by
+the preceding service specification, and can be one of:
+.RS 4
+.TP 12
+.B success
+No error occurred and the requested entry is returned.
+The default action for this condition is "return".
+.TP
+.B notfound
+The lookup succeeded, but the requested entry was not found.
+The default action for this condition is "continue".
+.TP
+.B unavail
+The service is permanently unavailable.
+This can mean either that the
+required file cannot be read, or, for network services, that the server
+is not available or does not allow queries.
+The default action for this condition is "continue".
+.TP
+.B tryagain
+The service is temporarily unavailable.
+This could mean a file is
+locked or a server currently cannot accept more connections.
+The default action for this condition is "continue".
+.RE
+.P
+The
+.I ACTION
+value can be one of:
+.RS 4
+.TP 12
+.B return
+Return a result now.
+Do not call any further lookup functions.
+However, for compatibility reasons, if this is the selected action for the
+.B group
+database and the
+.B notfound
+status, and the configuration file does not contain the
+.B initgroups
+line, the next lookup function is always called,
+without affecting the search result.
+.TP
+.B continue
+Call the next lookup function.
+.TP
+.B merge
+.I [SUCCESS=merge]
+is used between two database entries.
+When a group is located in the first of the two group entries,
+processing will continue on to the next one.
+If the group is also found in the next entry (and the group name and GID
+are an exact match), the member list of the second entry will be added
+to the group object to be returned.
+Available since glibc 2.24.
+Note that merging will not be done for
+.BR getgrent (3)
+nor will duplicate members be pruned when they occur in both entries
+being merged.
+.RE
+.SS Compatibility mode (compat)
+The NSS "compat" service is similar to "files" except that it
+additionally permits special entries in corresponding files
+for granting users or members of netgroups access to the system.
+The following entries are valid in this mode:
+.RS 4
+.P
+For
+.B passwd
+and
+.B shadow
+databases:
+.RS 4
+.TP 12
+.BI + user
+Include the specified
+.I user
+from the NIS passwd/shadow map.
+.TP
+.BI +@ netgroup
+Include all users in the given
+.IR netgroup .
+.TP
+.BI \- user
+Exclude the specified
+.I user
+from the NIS passwd/shadow map.
+.TP
+.BI \-@ netgroup
+Exclude all users in the given
+.IR netgroup .
+.TP
+.B +
+Include every user, except previously excluded ones, from the
+NIS passwd/shadow map.
+.RE
+.P
+For
+.B group
+database:
+.RS 4
+.TP 12
+.BI + group
+Include the specified
+.I group
+from the NIS group map.
+.TP
+.BI \- group
+Exclude the specified
+.I group
+from the NIS group map.
+.TP
+.B +
+Include every group, except previously excluded ones, from the
+NIS group map.
+.RE
+.RE
+.P
+By default, the source is "nis", but this may be
+overridden by specifying any NSS service except "compat" itself
+as the source for the pseudo-databases
+.BR passwd_compat ,
+.BR group_compat ,
+and
+.BR shadow_compat .
+.SH FILES
+A service named
+.I SERVICE
+is implemented by a shared object library named
+.IB libnss_SERVICE.so. X
+that resides in
+.IR /lib .
+.RS 4
+.TP 25
+.PD 0
+.I /etc/nsswitch.conf
+NSS configuration file.
+.TP
+.IB /lib/libnss_compat.so. X
+implements "compat" source.
+.TP
+.IB /lib/libnss_db.so. X
+implements "db" source.
+.TP
+.IB /lib/libnss_dns.so. X
+implements "dns" source.
+.TP
+.IB /lib/libnss_files.so. X
+implements "files" source.
+.TP
+.IB /lib/libnss_hesiod.so. X
+implements "hesiod" source.
+.TP
+.IB /lib/libnss_nis.so. X
+implements "nis" source.
+.TP
+.IB /lib/libnss_nisplus.so. X
+implements "nisplus" source.
+.PD
+.RE
+.P
+The following files are read when "files" source is specified
+for respective databases:
+.RS 4
+.TP 12
+.PD 0
+.B aliases
+.I /etc/aliases
+.TP
+.B ethers
+.I /etc/ethers
+.TP
+.B group
+.I /etc/group
+.TP
+.B hosts
+.I /etc/hosts
+.TP
+.B initgroups
+.I /etc/group
+.TP
+.B netgroup
+.I /etc/netgroup
+.TP
+.B networks
+.I /etc/networks
+.TP
+.B passwd
+.I /etc/passwd
+.TP
+.B protocols
+.I /etc/protocols
+.TP
+.B publickey
+.I /etc/publickey
+.TP
+.B rpc
+.I /etc/rpc
+.TP
+.B services
+.I /etc/services
+.TP
+.B shadow
+.I /etc/shadow
+.PD
+.RE
+.SH NOTES
+Starting with glibc 2.33,
+.\" https://sourceware.org/bugzilla/show_bug.cgi?id=12459
+.B nsswitch.conf
+is automatically reloaded if the file is changed.
+In earlier versions, the entire file was read only once within each process.
+If the file was later changed,
+the process would continue using the old configuration.
+.P
+Traditionally, there was only a single source for service information,
+often in the form of a single configuration
+file (e.g., \fI/etc/passwd\fP).
+However, as other name services, such as the Network Information
+Service (NIS) and the Domain Name Service (DNS), became popular,
+a method was needed
+that would be more flexible than fixed search orders coded into
+the C library.
+The Name Service Switch mechanism,
+which was based on the mechanism used by
+Sun Microsystems in the Solaris 2 C library,
+introduced a cleaner solution to the problem.
+.SH SEE ALSO
+.BR getent (1),
+.BR nss (5)