|
 |
5f7b84 |
commit 4b7c74179c8928d971d370e1137d202f891a4cf5
|
|
|
5f7b84 |
Author: Carlos O'Donell <carlos@redhat.com>
|
|
|
5f7b84 |
Date: Wed Mar 20 12:40:18 2019 -0400
|
|
|
5f7b84 |
|
|
|
5f7b84 |
nss: Make nsswitch.conf more distribution friendly.
|
|
|
5f7b84 |
|
|
|
5f7b84 |
The current default nsswitch.conf file provided by glibc is not very
|
|
|
5f7b84 |
distribution friendly. The file contains some minimal directives that no
|
|
|
5f7b84 |
real distribution uses. This update aims to provide a rich set of
|
|
|
5f7b84 |
comments which are useful for all distributions, and a broader set of
|
|
|
5f7b84 |
service defines which should work for all distributions.
|
|
|
5f7b84 |
|
|
|
5f7b84 |
Tested defaults on x86_64 and they work. The nsswitch.conf file more
|
|
|
5f7b84 |
closely matches what we have in Fedora now, and I'll adjust Fedora to
|
|
|
5f7b84 |
use this version with minor changes to enable Fedora-specific service
|
|
|
5f7b84 |
providers.
|
|
|
5f7b84 |
|
|
|
5f7b84 |
v2
|
|
|
5f7b84 |
- Add missing databases to manual.
|
|
|
5f7b84 |
- Add link to manual from default nsswitch.conf.
|
|
|
5f7b84 |
- Sort nsswitch.conf according to most used database first.
|
|
|
5f7b84 |
|
|
|
5f7b84 |
v3
|
|
|
5f7b84 |
- Only mention implemented services in 'NSS Basics.'
|
|
|
5f7b84 |
- Mention 'automount' in 'Services in the NSS configuration.'
|
|
|
5f7b84 |
- Sort services in alphabetical order.
|
|
|
5f7b84 |
|
|
|
5f7b84 |
v4
|
|
|
5f7b84 |
- Project name is 'Samba'.
|
|
|
5f7b84 |
|
|
|
5f7b84 |
v5
|
|
|
5f7b84 |
- Fix typo in manual/nss.texi.
|
|
|
5f7b84 |
|
|
|
5f7b84 |
v6
|
|
|
5f7b84 |
- Fix another typo in manual/nss.texi. Ran spell checker this time.
|
|
|
5f7b84 |
|
|
|
5f7b84 |
diff --git a/manual/nss.texi b/manual/nss.texi
|
|
|
5f7b84 |
index 164ae33246..821469a78a 100644
|
|
|
5f7b84 |
--- a/manual/nss.texi
|
|
|
5f7b84 |
+++ b/manual/nss.texi
|
|
|
5f7b84 |
@@ -56,13 +56,17 @@ functions to access the databases.
|
|
|
5f7b84 |
@noindent
|
|
|
5f7b84 |
The databases available in the NSS are
|
|
|
5f7b84 |
|
|
|
5f7b84 |
+@cindex aliases
|
|
|
5f7b84 |
@cindex ethers
|
|
|
5f7b84 |
@cindex group
|
|
|
5f7b84 |
+@cindex gshadow
|
|
|
5f7b84 |
@cindex hosts
|
|
|
5f7b84 |
+@cindex initgroups
|
|
|
5f7b84 |
@cindex netgroup
|
|
|
5f7b84 |
@cindex networks
|
|
|
5f7b84 |
-@cindex protocols
|
|
|
5f7b84 |
@cindex passwd
|
|
|
5f7b84 |
+@cindex protocols
|
|
|
5f7b84 |
+@cindex publickey
|
|
|
5f7b84 |
@cindex rpc
|
|
|
5f7b84 |
@cindex services
|
|
|
5f7b84 |
@cindex shadow
|
|
|
5f7b84 |
@@ -75,16 +79,22 @@ Ethernet numbers,
|
|
|
5f7b84 |
@comment @pxref{Ethernet Numbers}.
|
|
|
5f7b84 |
@item group
|
|
|
5f7b84 |
Groups of users, @pxref{Group Database}.
|
|
|
5f7b84 |
+@item gshadow
|
|
|
5f7b84 |
+Group passphrase hashes and related information.
|
|
|
5f7b84 |
@item hosts
|
|
|
5f7b84 |
Host names and numbers, @pxref{Host Names}.
|
|
|
5f7b84 |
+@item initgroups
|
|
|
5f7b84 |
+Supplementary group access list.
|
|
|
5f7b84 |
@item netgroup
|
|
|
5f7b84 |
Network wide list of host and users, @pxref{Netgroup Database}.
|
|
|
5f7b84 |
@item networks
|
|
|
5f7b84 |
Network names and numbers, @pxref{Networks Database}.
|
|
|
5f7b84 |
-@item protocols
|
|
|
5f7b84 |
-Network protocols, @pxref{Protocols Database}.
|
|
|
5f7b84 |
@item passwd
|
|
|
5f7b84 |
User identities, @pxref{User Database}.
|
|
|
5f7b84 |
+@item protocols
|
|
|
5f7b84 |
+Network protocols, @pxref{Protocols Database}.
|
|
|
5f7b84 |
+@item publickey
|
|
|
5f7b84 |
+Public keys for Secure RPC.
|
|
|
5f7b84 |
@item rpc
|
|
|
5f7b84 |
Remote procedure call names and numbers.
|
|
|
5f7b84 |
@comment @pxref{RPC Database}.
|
|
|
5f7b84 |
@@ -96,8 +106,8 @@ User passphrase hashes and related information.
|
|
|
5f7b84 |
@end table
|
|
|
5f7b84 |
|
|
|
5f7b84 |
@noindent
|
|
|
5f7b84 |
-There will be some more added later (@code{automount}, @code{bootparams},
|
|
|
5f7b84 |
-@code{netmasks}, and @code{publickey}).
|
|
|
5f7b84 |
+@c We currently don't implement automount, netmasks, or bootparams.
|
|
|
5f7b84 |
+More databases may be added later.
|
|
|
5f7b84 |
|
|
|
5f7b84 |
@node NSS Configuration File, NSS Module Internals, NSS Basics, Name Service Switch
|
|
|
5f7b84 |
@section The NSS Configuration File
|
|
|
5f7b84 |
@@ -159,6 +169,10 @@ these files since they should be placed in a directory where they are
|
|
|
5f7b84 |
found automatically. Only the names of all available services are
|
|
|
5f7b84 |
important.
|
|
|
5f7b84 |
|
|
|
5f7b84 |
+Lastly, some system software may make use of the NSS configuration file
|
|
|
5f7b84 |
+to store their own configuration for similar purposes. Examples of this
|
|
|
5f7b84 |
+include the @code{automount} service which is used by @code{autofs}.
|
|
|
5f7b84 |
+
|
|
|
5f7b84 |
@node Actions in the NSS configuration, Notes on NSS Configuration File, Services in the NSS configuration, NSS Configuration File
|
|
|
5f7b84 |
@subsection Actions in the NSS configuration
|
|
|
5f7b84 |
|
|
|
5f7b84 |
diff --git a/nss/nsswitch.conf b/nss/nsswitch.conf
|
|
|
5f7b84 |
index 39ca88bf51..f553588114 100644
|
|
|
5f7b84 |
--- a/nss/nsswitch.conf
|
|
|
5f7b84 |
+++ b/nss/nsswitch.conf
|
|
|
5f7b84 |
@@ -1,20 +1,69 @@
|
|
|
5f7b84 |
+#
|
|
|
5f7b84 |
# /etc/nsswitch.conf
|
|
|
5f7b84 |
#
|
|
|
5f7b84 |
-# Example configuration of GNU Name Service Switch functionality.
|
|
|
5f7b84 |
+# An example Name Service Switch config file. This file should be
|
|
|
5f7b84 |
+# sorted with the most-used services at the beginning.
|
|
|
5f7b84 |
#
|
|
|
5f7b84 |
+# Valid databases are: aliases, ethers, group, gshadow, hosts,
|
|
|
5f7b84 |
+# initgroups, netgroup, networks, passwd, protocols, publickey,
|
|
|
5f7b84 |
+# rpc, services, and shadow.
|
|
|
5f7b84 |
+#
|
|
|
5f7b84 |
+# Valid service provider entries include (in alphabetical order):
|
|
|
5f7b84 |
+#
|
|
|
5f7b84 |
+# compat Use /etc files plus *_compat pseudo-db
|
|
|
5f7b84 |
+# db Use the pre-processed /var/db files
|
|
|
5f7b84 |
+# dns Use DNS (Domain Name Service)
|
|
|
5f7b84 |
+# files Use the local files in /etc
|
|
|
5f7b84 |
+# hesiod Use Hesiod (DNS) for user lookups
|
|
|
5f7b84 |
+# nis Use NIS (NIS version 2), also called YP
|
|
|
5f7b84 |
+# nisplus Use NIS+ (NIS version 3)
|
|
|
5f7b84 |
+#
|
|
|
5f7b84 |
+# See `info libc 'NSS Basics'` for more information.
|
|
|
5f7b84 |
+#
|
|
|
5f7b84 |
+# Commonly used alternative service providers (may need installation):
|
|
|
5f7b84 |
+#
|
|
|
5f7b84 |
+# ldap Use LDAP directory server
|
|
|
5f7b84 |
+# myhostname Use systemd host names
|
|
|
5f7b84 |
+# mymachines Use systemd machine names
|
|
|
5f7b84 |
+# mdns*, mdns*_minimal Use Avahi mDNS/DNS-SD
|
|
|
5f7b84 |
+# resolve Use systemd resolved resolver
|
|
|
5f7b84 |
+# sss Use System Security Services Daemon (sssd)
|
|
|
5f7b84 |
+# systemd Use systemd for dynamic user option
|
|
|
5f7b84 |
+# winbind Use Samba winbind support
|
|
|
5f7b84 |
+# wins Use Samba wins support
|
|
|
5f7b84 |
+# wrapper Use wrapper module for testing
|
|
|
5f7b84 |
+#
|
|
|
5f7b84 |
+# Notes:
|
|
|
5f7b84 |
+#
|
|
|
5f7b84 |
+# 'sssd' performs its own 'files'-based caching, so it should generally
|
|
|
5f7b84 |
+# come before 'files'.
|
|
|
5f7b84 |
+#
|
|
|
5f7b84 |
+# WARNING: Running nscd with a secondary caching service like sssd may
|
|
|
5f7b84 |
+# lead to unexpected behaviour, especially with how long
|
|
|
5f7b84 |
+# entries are cached.
|
|
|
5f7b84 |
+#
|
|
|
5f7b84 |
+# Installation instructions:
|
|
|
5f7b84 |
+#
|
|
|
5f7b84 |
+# To use 'db', install the appropriate package(s) (provide 'makedb' and
|
|
|
5f7b84 |
+# libnss_db.so.*), and place the 'db' in front of 'files' for entries
|
|
|
5f7b84 |
+# you want to be looked up first in the databases, like this:
|
|
|
5f7b84 |
+#
|
|
|
5f7b84 |
+# passwd: db files
|
|
|
5f7b84 |
+# shadow: db files
|
|
|
5f7b84 |
+# group: db files
|
|
|
5f7b84 |
|
|
|
5f7b84 |
-passwd: db files
|
|
|
5f7b84 |
-group: db files
|
|
|
5f7b84 |
-initgroups: db [SUCCESS=continue] files
|
|
|
5f7b84 |
-shadow: db files
|
|
|
5f7b84 |
-gshadow: files
|
|
|
5f7b84 |
-
|
|
|
5f7b84 |
-hosts: files dns
|
|
|
5f7b84 |
-networks: files dns
|
|
|
5f7b84 |
-
|
|
|
5f7b84 |
-protocols: db files
|
|
|
5f7b84 |
-services: db files
|
|
|
5f7b84 |
-ethers: db files
|
|
|
5f7b84 |
-rpc: db files
|
|
|
5f7b84 |
-
|
|
|
5f7b84 |
-netgroup: db files
|
|
|
5f7b84 |
+# In alphabetical order. Re-order as required to optimize peformance.
|
|
|
5f7b84 |
+aliases: files
|
|
|
5f7b84 |
+ethers: files
|
|
|
5f7b84 |
+group: files
|
|
|
5f7b84 |
+gshadow: files
|
|
|
5f7b84 |
+hosts: files dns
|
|
|
5f7b84 |
+initgroups: files
|
|
|
5f7b84 |
+netgroup: files
|
|
|
5f7b84 |
+networks: files dns
|
|
|
5f7b84 |
+passwd: files
|
|
|
5f7b84 |
+protocols: files
|
|
|
5f7b84 |
+publickey: files
|
|
|
5f7b84 |
+rpc: files
|
|
|
5f7b84 |
+shadow: files
|
|
|
5f7b84 |
+services: files
|