273 lines
7.5 KiB
Groff
273 lines
7.5 KiB
Groff
.\" $NetBSD: nsswitch.conf.5,v 1.29 2017/07/03 21:30:59 wiz Exp $
|
|
.\"
|
|
.\" Copyright (c) 1997, 1998, 1999 The NetBSD Foundation, Inc.
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" This code is derived from software contributed to The NetBSD Foundation
|
|
.\" by Luke Mewburn.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
|
|
.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
|
.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
|
|
.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
.\" POSSIBILITY OF SUCH DAMAGE.
|
|
.\"
|
|
.Dd October 25, 2009
|
|
.Dt NSSWITCH.CONF 5
|
|
.Os
|
|
.Sh NAME
|
|
.Nm nsswitch.conf
|
|
.Nd name-service switch configuration file
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Nm
|
|
file specifies how the
|
|
.Xr nsdispatch 3
|
|
(name-service switch dispatcher) routines in the C library should operate.
|
|
.Pp
|
|
The configuration file controls how a process looks up various databases
|
|
containing information regarding hosts, users (passwords), groups,
|
|
netgroups, etc.
|
|
Each database comes from a source (such as local files, DNS, and
|
|
.Tn NIS ) ,
|
|
and the order to look up the sources is specified in
|
|
.Nm nsswitch.conf .
|
|
.Pp
|
|
Each entry in
|
|
.Nm
|
|
consists of a database name, and a space separated list of sources.
|
|
Each source can have an optional trailing criterion that determines
|
|
whether the next listed source is used, or the search terminates at
|
|
the current source.
|
|
Each criterion consists of one or more status codes, and actions to
|
|
take if that status code occurs.
|
|
.Ss Sources
|
|
The following sources are implemented:
|
|
.Bl -column "multicast_dns" -offset indent -compact
|
|
.It Sy Source Description
|
|
.It files Local files, such as
|
|
.Pa /etc/hosts ,
|
|
and
|
|
.Pa /etc/passwd .
|
|
.It dns Internet Domain Name System.
|
|
.Dq hosts
|
|
and
|
|
.Dq networks
|
|
use
|
|
.Sy IN
|
|
class entries, all other databases use
|
|
.Sy HS
|
|
class (Hesiod) entries.
|
|
.It mdnsd Use
|
|
.Xr mdnsd 8
|
|
for
|
|
.Dq hosts
|
|
lookups, acting as both a system-wide cache for normal unicast DNS
|
|
as well as providing multicast DNS
|
|
.Dq ( zeroconf )
|
|
lookups.
|
|
.It multicast_dns Use
|
|
.Xr mdnsd 8
|
|
only for multicast DNS
|
|
.Dq hosts
|
|
lookups.
|
|
This would normally be used in conjunction with
|
|
.Dq dns ,
|
|
which would then provide unicast DNS resolver functions.
|
|
.It nis NIS (formerly YP)
|
|
.It compat support
|
|
.Sq +/-
|
|
in the
|
|
.Dq passwd
|
|
and
|
|
.Dq group
|
|
databases.
|
|
If this is present, it must be the only source for that entry.
|
|
.El
|
|
.Ss Databases
|
|
The following databases are used by the following C library functions:
|
|
.Bl -column "netgroup" -offset indent -compact
|
|
.It Sy Database Used by
|
|
.It group Ta Xr getgrent 3
|
|
.It hosts Ta Xr gethostbyname 3
|
|
.It netgroup Ta Xr getnetgrent 3
|
|
.It networks Ta Xr getnetbyname 3
|
|
.It passwd Ta Xr getpwent 3
|
|
.It shells Ta Xr getusershell 3
|
|
.El
|
|
.Ss Status codes
|
|
The following status codes are available:
|
|
.Bl -column "tryagain" -offset indent -compact
|
|
.It Sy Status Description
|
|
.It success The requested entry was found.
|
|
.It notfound The entry is not present at this source.
|
|
.It tryagain The source is busy, and may respond to retries.
|
|
.It unavail The source is not responding, or entry is corrupt.
|
|
.El
|
|
.Ss Actions
|
|
For each of the status codes, one of two actions is possible:
|
|
.Bl -column "continue" -offset indent -compact
|
|
.It Sy Action Description
|
|
.It continue Try the next source
|
|
.It return Return with the current result
|
|
.El
|
|
.Ss Format of file
|
|
A
|
|
.Tn BNF
|
|
description of the syntax of
|
|
.Nm
|
|
is:
|
|
.Bl -column "<criterion>" -offset indent
|
|
.It <entry> ::=
|
|
<database> ":" [<source> [<criteria>]]*
|
|
.It <criteria> ::=
|
|
"[" <criterion>+ "]"
|
|
.It <criterion> ::=
|
|
<status> "=" <action>
|
|
.It <status> ::=
|
|
"success" | "notfound" | "unavail" | "tryagain"
|
|
.It <action> ::=
|
|
"return" | "continue"
|
|
.El
|
|
.Pp
|
|
Each entry starts on a new line in the file.
|
|
A
|
|
.Sq #
|
|
delimits a comment to end of line.
|
|
Blank lines are ignored.
|
|
A
|
|
.Sq \e
|
|
at the end of a line escapes the newline, and causes the next line to
|
|
be a continuation of the current line.
|
|
All entries are case-insensitive.
|
|
.Pp
|
|
The default criteria is to return on
|
|
.Dq success ,
|
|
and continue on anything else (i.e,
|
|
.Li [success=return notfound=continue unavail=continue tryagain=continue]
|
|
).
|
|
.Ss Compat mode: +/- syntax
|
|
In historical multi-source implementations, the
|
|
.Sq +
|
|
and
|
|
.Sq -
|
|
characters are used to specify the importing of user password and
|
|
group information from
|
|
.Tn NIS .
|
|
Although
|
|
.Nm
|
|
provides alternative methods of accessing distributed sources such as
|
|
.Tn NIS ,
|
|
specifying a sole source of
|
|
.Dq compat
|
|
will provide the historical behaviour.
|
|
.Pp
|
|
An alternative source for the information accessed via
|
|
.Sq +/-
|
|
can be used by specifying
|
|
.Dq passwd_compat: source .
|
|
.Dq source
|
|
in this case can be
|
|
.Sq dns ,
|
|
.Sq nis ,
|
|
or
|
|
any other source except for
|
|
.Sq files
|
|
and
|
|
.Sq compat .
|
|
.Ss Notes
|
|
Historically, many of the databases had enumeration functions, often of
|
|
the form
|
|
.Fn getXXXent .
|
|
These made sense when the databases were in local files, but don't make
|
|
sense or have lesser relevance when there are possibly multiple sources,
|
|
each of an unknown size.
|
|
The interfaces are still provided for compatibility, but the source
|
|
may not be able to provide complete entries, or duplicate entries may
|
|
be retrieved if multiple sources that contain similar information are
|
|
specified.
|
|
.Pp
|
|
To ensure compatibility with previous and current implementations, the
|
|
.Dq compat
|
|
source must appear alone for a given database.
|
|
.Ss Default source lists
|
|
If, for any reason,
|
|
.Nm nsswitch.conf
|
|
doesn't exist, or it has missing or corrupt entries,
|
|
.Xr nsdispatch 3
|
|
will default to an entry of
|
|
.Dq files
|
|
for the requested database.
|
|
Exceptions are:
|
|
.Bl -column passwd_compat "files dns" -offset indent
|
|
.It Sy Database Default source list
|
|
.It group compat
|
|
.It group_compat nis
|
|
.It hosts files dns
|
|
.It netgroup files [notfound=return] nis
|
|
.It passwd compat
|
|
.It passwd_compat nis
|
|
.El
|
|
.Sh FILES
|
|
.Bl -tag -width /etc/nsswitch.conf -compact
|
|
.It Pa /etc/nsswitch.conf
|
|
The file
|
|
.Nm
|
|
resides in
|
|
.Pa /etc .
|
|
.El
|
|
.Sh EXAMPLES
|
|
To lookup hosts in
|
|
.Pa /etc/hosts
|
|
and then from the DNS, and lookup user information from
|
|
.Tn NIS
|
|
then files, use:
|
|
.Bl -column "passwd:" -offset indent
|
|
.It hosts: files dns
|
|
.It passwd: nis [notfound=return] files
|
|
.It group: nis [notfound=return] files
|
|
.El
|
|
.Pp
|
|
The criteria
|
|
.Dq [notfound=return]
|
|
sets a policy of "if the user is notfound in nis, don't try files."
|
|
This treats nis as the authoritative source of information, except
|
|
when the server is down.
|
|
.Sh SEE ALSO
|
|
.Xr getent 1 ,
|
|
.Xr nsdispatch 3 ,
|
|
.Xr resolv.conf 5 ,
|
|
.Xr named 8 ,
|
|
.Xr ypbind 8
|
|
.Sh HISTORY
|
|
The
|
|
.Nm
|
|
file format first appeared in
|
|
.Nx 1.4 .
|
|
.Sh AUTHORS
|
|
.An Luke Mewburn
|
|
.Aq lukem@NetBSD.org
|
|
wrote this freely distributable name-service switch implementation,
|
|
using ideas from the
|
|
.Tn ULTRIX
|
|
.Xr svc.conf 5
|
|
and
|
|
.Tn Solaris
|
|
.Xr nsswitch.conf 4
|
|
manual pages.
|