nsswitch.conf(4) nsswitch.conf(4) NAME nsswitch.conf - name service configuration file SYNOPSIS /etc/nsswitch.conf, /var/ns/domains/*/nsswitch.conf DESCRIPTION This file controls the behavior of the name service daemon nsd(1M). It is read by the daemon on startup and is used to build a filesystem maintained by nsd typically mounted on /ns. The paths are of the format /ns/domain/table/protocol/key. Each nsswitch.conf file results in a domain directory under /ns. The /etc/nsswitch.conf file corresponds to /ns/.local, while each file in /var/ns/domains/DOMAINNAME/nsswitch.conf will result in a directory /ns/DOMAINNAME. The file contains a list of maps supported by the daemon and a list of protocols to use to obtain data for each map. Anything following the comment character '#' will be ignored. Each line represents a different map (or a domain wide attribute list, see below). It contains the name of the map (or an alias, see below), followed by a list of protocols to be used in the order in which they should be called: map: protocol1 protocol2 protocol3 ... protocolN Each of these items can include any character but '/' up to 255 characters. If they include whitespace then they should be quoted using the double-quote character '"'. The default list of protocols that are supported via shared libraries includes: files Traditional text files from /etc dns Domain name service. ldap Lightweight Directory Access Protocol version 2. mdbm Mdbm database format files. ndbm Ndbm database format files. db Berkeley db database format files. nis Network Information Services (formerly YP) client. This is an optional product. nisserv Network Information Services (formerly YP) server. This is an optional product. Any standard map that does not have a configuration entry in nsswitch.conf will be assigned a default value. Aliases for the standard maps exist to simplify the file. If a well known tabled is not listed in the /etc/nsswitch.conf file, a default value is used. The maps, aliases, and defaults are: aliases for mail.aliases and mail.byaddr Default value is: aliases(null_extend_key): ndbm(file=/etc/aliases) nis automount for autofs maps. See autofs(1M). Default value is: automount(dynamic): nis(nis_enumerate_key) capability for capability.byname Default value is: capability: files nis clearance for clearance.byname Default value is: clearance: files nis ethers for ethers.byname and ethers.byaddr Default value is: ethers: files nis group for group.byname and group.bygid Default value is: group: files nis hosts for hosts.byname and hosts.byaddr Default value is: hosts: nis dns files ipnodes for ipnodes.byname and ipnodes.byaddr Default value is: ipnodes: dns files mac for mac.byname and mac.byvalue Default value is: mac: files nis mail for mail.aliases and mail.byaddr Default value is: aliases(null_extend_key): ndbm(file=/etc/aliases) nis netgroup for netgroup.byname, netgroup.byhost and netgroup.byuser Default value is: netgroup: nis networks for networks.byname and networks.byaddr Default value is: networks: files nis passwd for passwd.byname and passwd.byuid Default value is: passwd: files(compat) [notfound=return] nis protocols for protocols.byname and protocols.bynumber Default value is: protocols: nis [success=return] files rpc for rpc.byname and rpc.bynumber Default value is: rpc: files nis services for services.byname and services.byport Default value is: services: files nis shadow for shadow.byname Default value is: shadow(mode=0700): files The daemon uses extended attributes attached to each object in the tree to control the behavior of lookups. An attribute is specified by a key and value pair list in parenthesis: (key1=value1, key2=value2, key3=value3) A set of global attributes can be given to nsd on the command line see nsd(1M). Attributes on the domain are given on a line of their own anywhere in the nsswitch.conf file. Attributes on the map are given immediately following the map on a line, and attributes on the protocol are given immediately following the protocol name on a line. Attributes are inherited from above, so if an attribute does not exist on a protocol then it is inherited from the attribute list on the map, and if it does not exist on the map then it is inherited from the domain, and if not from the domain then from the global attributes. If the value is not specified then it is considered a boolean true. All keys and values are strings, but may be interpreted internally as numbers or boolean values. (key1=value1, key2=value2) map1(key1=value1, key3=value3): protocol1(key1=value1) \ protocol2 Most of the attributes are protocol specific and are listed in the manual page for each attribute. Those attributes that are global in meaning are listed in the nsd(1M) manual page. A control can be placed between any two protocols on the line. The control is a state control pair in a set of square brackets. These are used to force non-standard behavior in a file. The states are one of success, notfound, unavail, tryagain and noperm. The controls are return and continue: map: protocol1 protocol2 [state=control] protocol3 A partial example configuration using attributes and controls is: (timeout=100) hosts: files(timeout=1000) dns passwd(timeout=10): files(compat) [notfound=return] nis phone: files(filename=/usr/local/phone, separator=":") This sets a default cache file timeout of 100 seconds for the domain represented by this file. The domain contains five maps hosts.byname, hosts.byaddr, passwd.byname, passwd.byuid and phone. Entries in the hosts.byname and hosts.byaddr maps are identical. First nsd looks in a local ASCII file, then it calls out to a dns server which answers for the domain (as specified in the dns configuration file /etc/resolv.conf, see resolver(4)). Host entries looked up in the local file are given a longer cache timeout of 1000 seconds. The passwd.byname and passwd.byuid maps are identical. First nsd will look in the local ASCII file then it will call out to an nis server answering for this domain. If the key does not exist in the local file then we force nsd to return immediately without ever calling out the nis. However, the files library is given the "compat" flag which will cause it to expand +/- escapes for password lookups using the following libraries. Thus, every user must exist in the local passwd file, but if a +/- escape exists for them in the file the nis protocol is used to expand it. The phone map is a non-standard map. The data is kept in a simple ASCII file /usr/local/phone of the format "key:data". For the local domain /etc/nsswitch.conf if required tables are missing then the nsd daemon will add the table with default values. If you wish to override this behavior then you should add a line for the table with no protocols, such as: shadow.byname: After editing any nsswitch.conf file the nsd daemon must be sent a SIGHUP signal to reread the configuration. You can do this by running killall -HUP nsd. This will not change the contents of the system wide cache. To restart nsd and clear the cache use the nsadmin restart command. The following shows how to set an attribute for any level in the /ns namespace: global Set attributes in the /ns namespace via the -a nsd command line option. domain Set attributes in the /ns/DOMAIN namespace by using (attribute=value) by itself in the domain's nsswitch.conf file. table (map) Set attributes in the /ns/DOMAIN/TABLE namespace by appending (attribute=value) to the name of the TABLE before the colon. protocol Set attributes for in the /ns/DOMAIN/TABLE/PROTOCOL namespace by appending (attribute=value) to the name of the PROTOCOL library. single key Set attributes in for /ns/DOMAIN/TABLE/[PROTOCOL/]/key by appending (attribute=value) to the name of the key when accessing the file via the libc interfaces or inside of the /ns filesystem. BUGS Most versions of sendmail do not use UNS to resolve aliases lookups. You may have to modify /etc/aliases or /etc/sendmail.cf to get sendmail to resolv aliases via NIS or nsd. FILES /etc/nsswitch.conf, /var/ns/domains/*/nsswitch.conf SEE ALSO nsd(1M), nsadmin(1M) nis(7P), nisserv(7P), dns(7P), files(7P), mdbm(7P), ldap(7P) IRIX Admin: Networking and Mail IRIX Admin: NFS and NIS Page 5