nsswitch.conf - System Databases  and  Name  Service  Switch
     configuration file


     Various functions in the C Library need to be configured  to
     work  correctly  in  the  local environment.  Traditionally,
     this was done by  using  files  (e.g.,  `/etc/passwd'),  but
     other  nameservices  (like  the  Network Information Service
     (NIS) and the Domain Name Service (DNS)) became popular, and
     were  hacked into the C library, usually with a fixed search

     The Linux libc5 with NYS support and the GNU C  Library  2.x
     (  contain a cleaner solution of this problem.  It
     is designed after a method used by Sun Microsystems in the C
     library  of  Solaris  2.  We follow their name and call this
     scheme "Name Service Switch"  (NSS).  The  sources  for  the
     "databases"  and  their  lookup  order  are specified in the
     /etc/nsswitch.conf file.

     The following databases are available in the NSS:

          Mail aliases, used by sendmail(8)

          Ethernet numbers

          Groups of users, used by getgrent(3) functions.

          Host names and numbers, used  by  gethostbyname(3)  and
          similar functions.

          Network wide list of hosts and users, used  for  access

          Network names and numbers, used by  getnetent(3)  func-

          User passwords, used by getpwent(3) functions.

          Network protocols, used by getprotoent(3) functions.

          Public and secret keys for secure_rpc used by NIS+  and

     rpc  Remote  procedure  call  names  and  numbers,  used  by
          getrpcbyname(3) and similar functions.

          Network services, used by getservent(3) functions.

          Shadow user passwords, used by getspnam(3)

     An example /etc/nsswitch.conf file could be look like  (This
     is also the default if /etc/nsswitch.conf is missing):
9     passwd:         compat
     group:          compat
     shadow:         compat
9     hosts:          dns [!UNAVAIL=return] files
     networks:       nis [NOTFOUND=return] files
     ethers:         nis [NOTFOUND=return] files
     protocols:      nis [NOTFOUND=return] files
     rpc:            nis [NOTFOUND=return] files
     services:       nis [NOTFOUND=return] files

     The first column is the database as you can guess  from  the
     table  above.  The rest of the line specifies how the lookup
     process works.  You can specify the way it  works  for  each
     database individually.

     The configuration specification for each database  can  con-
     tain two different items:
     * The service specification like `files', `db', or `nis'.
     * The reaction on lookup result like `[NOTFOUND=return]'.

     For libc5 with NYS, the allowed service  specifications  are
     `files',  `nis'  and `nisplus'. For hosts, you could specify
     `dns' as extra service, for passwd and group  `compat',  but
     not for shadow.

     For  GNU  C  Library,  you   must   have   a   file   called
     /lib/ for every SERVICE you are using. On
     a standard installation, you could use `files', `db',  `nis'
     and  `nisplus'.  For hosts, you could specify `dns' as extra
     service, for passwd, group and shadow  `compat'.  This  Ser-
     vices will not be used by libc5 with NYS.

     The second item in the specification  gives  the  user  much
     finer  control  on  the  lookup  process.   Action items are
     placed between two service  names  and  are  written  within
     brackets.  The general form is

9     STATUS => success | notfound | unavail | tryagain
     ACTION => return | continue

     The case of the keywords is insignificant. The STATUS values
     are the results of a call to a lookup function of a specific
     service.  They mean:

          No error occurred and the wanted entry is returned. The
          default action for this is `return'.

          The lookup process works ok but the  needed  value  was
          not found.  The default action is `continue'.

          The  service  is  permanently  unavailable.   This  can
          either  mean  the needed file is not available, or, for
          DNS, the server is not  available  or  does  not  allow
          queries.  The default action is `continue'.

          The service is  temporarily  unavailable.   This  could
          mean  a  file  is  locked  or a server currently cannot
          accept more connections.  The default action  is  `con-

  Interaction with +/- syntax (compat mode)
     Linux libc5 without NYS does not has the name service switch
     but  does allow the user some policy control. In /etc/passwd
     you could have entries  of  the  form  +user  or  +@netgroup
     (include  the specified user from the NIS passwd map), -user
     or -@netgroup (exclude the specified user)  and  +  (include
     every  user,  except  the excluded ones, from the NIS passwd
     map). Since  most  people  only  put  a  +  at  the  end  of
     /etc/passwd  to include everything from NIS, the switch pro-
     vides a faster alternative for  this  case  (`passwd:  files
     nis')   which   doesn't   require  the  single  +  entry  in
     /etc/passwd, /etc/group and /etc/shadow.   If  this  is  not
     sufficient,  the  NSS  `compat'  service  provides  full +/-
     semantics. By default, the source is `nis', but this may  be
     overriden  by specifying `nisplus' as source for the pseudo-
     databases  passwd_compat,  group_compat  and  shadow_compat.
     This pseudo-databases are only available in GNU C Library.


     A service named SERVICE is implemented by  a  shared  object
     library named that resides in /lib.

                              C Library 2.x
     /lib/      implements `db' source  for  GNU  C
                              Library 2.x
     /lib/     implements `dns' source for  GNU  C
                              Library 2.x
     /lib/   implements `files' source for GNU C
                              Library 2.x
     /lib/  implements `hesoid' source for  GNU
                              C Library 2.x
     /lib/     implements `nis' source for  GNU  C
                              Library 2.x
     /lib/ implements `nisplus' source for GNU
                              C Library 2.x


     Within each process that uses nsswitch.conf, the entire file
     is read only once; if the file is later changed, the process
     will continue using the old configuration.
     With Solaris, is isn't possible to link programs  using  the
     NSS Service statically. With Linux, this is no problem.