nss — Name Service Switch configuration file
Each call to a function which retrieves data from a system database like the password or group database is handled by the Name Service Switch implementation in the GNU C library. The various services provided are implemented by independent modules, each of which naturally varies widely from the other.
The default implementations coming with the GNU C library are by default conservative and do not use unsafe data. This might be very costly in some situations, especially when the databases are large. Some modules allow the system administrator to request taking shortcuts if these are known to be safe. It is then the system administrator's responsibility to ensure the assumption is correct.
There are other modules where the implementation changed over time. If an implementation used to sacrifice speed for memory consumption, it might create problems if the preference is switched.
The /etc/default/nss
file
contains a number of variable assignments. Each variable
controls the behavior of one or more NSS modules. White
spaces are ignored. Lines beginning with '#' are treated as
comments.
The variables currently recognized are:
TRUE
|FALSE
If set to TRUE, the NIS backend for the initgroups(3)
function will accept the information from the
netid.byname
NIS map as authoritative. This can speed up the
function significantly if the group.byname
map is
large. The content of the netid.byname
map is
used as is. The
system administrator has to make sure it is correctly
generated.
TRUE
|FALSE
If set to TRUE, the NIS backend for the getservbyname(3) and
getservbyname_r(3)
functions will assume that the services.byservicename
NIS map exists and is authoritative, particularly that
it contains both keys with /proto and without /proto
for both primary service names and service aliases. The
system administrator has to make sure it is correctly
generated.
TRUE
|FALSE
If set to TRUE, the NIS backend for the setpwent(3) and setgrent(3) functions will read the entire database at once and then hand out the requests one by one from memory with every corresponding getpwent(3) or getgrent(3) call respectively. Otherwise, each getpwent(3) or getgrent(3) call might result in a network communication with the server to get the next entry.
The default configuration corresponds to the following configuration file:
NETID_AUTHORITATIVE=FALSE SERVICES_AUTHORITATIVE=FALSE SETENT_BATCH_READ=FALSE
This page is part of release 4.07 of the Linux man-pages
project. A
description of the project, information about reporting bugs,
and the latest version of this page, can be found at
https://www.kernel.org/doc/man−pages/.
Copyright (C) 2006 Red Hat, Inc. All rights reserved. Author: Ulrich Drepper <drepperredhat.com> %%%LICENSE_START(GPLv2_MISC) This copyrighted material is made available to anyone wishing to use, modify, copy, or redistribute it subject to the terms and conditions of the GNU General Public License v.2. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this manual; if not, see <http://www.gnu.org/licenses/>. %%%LICENSE_END |