NSS
Section: Linux Programmer's Manual (5)
Updated: 2020-06-09
Page Index
NAME
nss - Name Service Switch configuration file
DESCRIPTION
Each call to a function which retrieves data from a system database
like the password or group database is handled by the Name Service
Switch implementation in the GNU C library.
The various services
provided are implemented by independent modules, each of which
naturally varies widely from the other.
The default implementations coming with the GNU C library are by
default conservative and do not use unsafe data.
This might be very costly in some situations, especially when the databases
are large.
Some modules allow the system administrator to request
taking shortcuts if these are known to be safe.
It is then the system administrator's responsibility to ensure the assumption
is correct.
There are other modules where the implementation changed over time.
If an implementation used to sacrifice speed for memory consumption,
it might create problems if the preference is switched.
The
/etc/default/nss
file contains a number of variable assignments.
Each variable controls the behavior of one or more
NSS modules.
White spaces are ignored.
Lines beginning with '#'
are treated as comments.
The variables currently recognized are:
- NETID_AUTHORITATIVE = TRUE|FALSE
-
If set to TRUE, the NIS backend for the
initgroups(3)
function will accept the information
from the
netid.byname
NIS map as authoritative.
This can speed up the function significantly if the
group.byname
map is large.
The content of the
netid.byname
map is used as is.
The system administrator has to make sure it is correctly generated.
- SERVICES_AUTHORITATIVE = TRUE|FALSE
-
If set to TRUE, the NIS backend for the
getservbyname(3)
and
getservbyname_r(3)
functions will assume that the
services.byservicename
NIS map exists and is authoritative, particularly
that it contains both keys with /proto and without /proto for both
primary service names and service aliases.
The system administrator has to make sure it is correctly generated.
- SETENT_BATCH_READ = TRUE|FALSE
-
If set to TRUE, the NIS backend for the
setpwent(3)
and
setgrent(3)
functions will read the entire database at once and then
hand out the requests one by one from memory with every corresponding
getpwent(3)
or
getgrent(3)
call respectively.
Otherwise, each
getpwent(3)
or
getgrent(3)
call might result in a network communication with the server to get
the next entry.
FILES
/etc/default/nss
EXAMPLES
The default configuration corresponds to the following configuration file:
NETID_AUTHORITATIVE=FALSE
SERVICES_AUTHORITATIVE=FALSE
SETENT_BATCH_READ=FALSE
SEE ALSO
nsswitch.conf
COLOPHON
This page is part of release 5.10 of the Linux
man-pages
project.
A description of the project,
information about reporting bugs,
and the latest version of this page,
can be found at
https://www.kernel.org/doc/man-pages/.