linux NSS

Posted 2020-10-05

名称

nss：nsswitch.conf：Name Service Switch

描述

配置文件：nsswitch.conf,使用GNU C库来确定从哪些类别中获取名称服务信息的源，以及按什么顺序排列。每一类信息都由数据库名标识。

该文件是纯ASCII文本，用空格或制表符分隔列。第一列指定数据库名。其余的列描述了查询源的顺序，以及可以通过查找结果执行的有限的操作集合。

以下数据库由GNU C库理解:

• aliases

• Mail aliases, used by getaliasent(3) and related functions.

• ethers

• Ethernet numbers.

• group

• Groups of users, used by getgrent(3) and related functions.

• hosts

• Host names and numbers, used by gethostbyname(3) and related functions.

• initgroups

• Supplementary group access list, used by getgrouplist(3) function.

• netgroup

• Network-wide list of hosts and users, used for access rules. C libraries before glibc 2.1 supported netgroups only over NIS.

• networks

• Network names and numbers, used by getnetent(3) and related functions.

• passwd

• User passwords, used by getpwent(3) and related functions.

• protocols

• Network protocols, used by getprotoent(3) and related functions.

• publickey

• Public and secret keys for Secure_RPC used by NFS and NIS+.

• rpc

• Remote procedure call names and numbers, used bygetrpcbyname(3) and related functions.

• services

• Network services, used by getservent(3) and related functions.

• shadow

• Shadow user passwords, used by getspnam(3) and related functions.

例子：

passwd:

compat

group:

compat

shadow:

compat

hosts:

dns [!UNAVAIL=return] files

networks:

nis [NOTFOUND=return] files

ethers:

nis [NOTFOUND=return] files

protocols:

nis [NOTFOUND=return] files

rpc:

nis [NOTFOUND=return] files

services:

nis [NOTFOUND=return] files

[STATUS=ACTION] 
[!STATUS=ACTION]

where

        STATUS => success | notfound | unavail | tryagain 
        ACTION => return | continue

• 
  

  • success

  • No error occurred and the requested entry is returned. The default action for this condition is "return".

  • notfound

  • The lookup succeeded, but the requested entry was not found. The default action for this condition is "continue".

  • unavail

  • The service is permanently unavailable. This can mean either that the required file cannot be read, or, for network services, that the server is not available or does not allow queries. The default action for this condition is "continue".

  • tryagain

  • The service is temporarily unavailable. This could mean a file is locked or a server currently cannot accept more connections. The default action for this condition is "continue".

The ACTION value can be one of:

• 
  

  • return

  • Return a result now. Do not call any further lookup functions. However, for compatibility reasons, if this is the selected action for the group database and the notfoundstatus, and the configuration file does not contain theinitgroups line, the next lookup function is always called, without affecting the search result.

  • continue

  • Call the next lookup function.

Compatibility mode (compat)

• +user

• Include the specified user from the NIS passwd map.

• [email protected]netgroup

• Include all users in the given netgroup.

• -user

• Exclude the specified user from the NIS passwd map.

• [email protected]netgroup

• Exclude all users in the given netgroup.

• +

• Include every user, except previously excluded ones, from the NIS passwd map.

文件

/etc/nsswitch.conf NSS configuration file.

/lib/libnss_compat.so.X

    implements "compat" source.

/lib/libnss_db.so.X

    implements "db" source.

/lib/libnss_dns.so.X

    implements "dns" source.

/lib/libnss_files.so.X

    implements "files" source.

/lib/libnss_hesiod.so.X

    implements "hesiod" source.

/lib/libnss_nis.so.X

    implements "nis" source.

/lib/libnss_nisplus.so.X

    implements "nisplus" source.

本文出自 “勤能补拙” 博客，请务必保留此出处http://echoroot.blog.51cto.com/11804540/1962064