The configuration file controls how a process looks up various databases containing information regarding hosts, users (passwords), groups, netgroups, etc. Each database comes from a source (such as local files, DNS, and NIS), and the order to look up the sources is specified in nsswitch.conf.
Each entry in nsswitch.conf consists of a database name, and a space separated list of sources. Each source can have an optional trailing criterion that determines whether the next listed source is used, or the search terminates at the current source. Each criterion consists of one or more status codes, and actions to take if that status code occurs.
files Local files, such as
/etc/hosts ,
and
/etc/passwd .
|
dns Internet Domain Name System. ``hosts'' and `networks' use IN class entries, all other databases use HS class (Hesiod) entries. |
nis NIS (formerly YP) |
compat support `+/-' in the ``passwd'' and ``group'' databases. If this is present, it must be the only source for that entry. |
group | getgrent(3) |
hosts | gethostbyname(3) |
netgroup | getnetgrent(3) |
networks | getnetbyname(3) |
passwd | getpwent(3) |
shells | getusershell(3) |
success The requested entry was found. |
notfound The entry is not present at this source. |
tryagain The source is busy, and may respond to retries. |
unavail The source is not responding, or entry is corrupt. |
continue Try the next source |
return Return with the current result |
<entry> ::= <database> ":" [<source> [<criteria>]]* |
<criteria> ::= "[" <criterion>+ "]" |
<criterion> ::= <status> "=" <action> |
<status> ::= "success" | "notfound" | "unavail" | "tryagain" |
<action> ::= "return" | "continue" |
Each entry starts on a new line in the file. A `#' delimits a comment to end of line. Blank lines are ignored. A `\' at the end of a line escapes the newline, and causes the next line to be a continuation of the current line. All entries are case-insensitive.
The default criteria is to return on
``success'',
and continue on anything else (i.e,
[success=return
notfound=continue
unavail=continue
tryagain=continue]
).
An alternative source for the information accessed via `+/-' can be used by specifying ``passwd_compat: source''. ``source'' in this case can be `dns', `nis', or any other source except for `files' and `compat'.
).
These made sense when the databases were in local files, but don't make
sense or have lesser relevance when there are possibly multiple sources,
each of an unknown size.
The interfaces are still provided for compatibility, but the source
may not be able to provide complete entries, or duplicate entries may
be retrieved if multiple sources that contain similar information are
specified.
To ensure compatibility with previous and current implementations, the ``compat'' source must appear alone for a given database.
group compat |
group_compat nis |
hosts files dns |
netgroup files [notfound=return] nis |
passwd compat |
passwd_compat nis |
/etc/nsswitch.conf
/etc
.
/etc/hosts
and then from the DNS, and lookup user information from
NIS
then files, use:
hosts: files dns |
passwd: nis [notfound=return] files |
group: nis [notfound=return] files |
The criteria ``[notfound=return]'' sets a policy of "if the user is notfound in nis, don't try files." This treats nis as the authoritative source of information, except when the server is down.