Updated: 2022/Sep/29
Please read Privacy Policy. It's for your privacy.
NSSWITCH.CONF(5) File Formats Manual NSSWITCH.CONF(5)
NAME
nsswitch.conf - name-service switch configuration file
DESCRIPTION
The nsswitch.conf file specifies how the nsdispatch(3) (name-service
switch dispatcher) routines in the C library should operate.
The configuration file controls how a process looks up various databases
containing information regarding hosts, users (passwords), groups,
netgroups, etc. Each database comes from a source (such as local files,
DNS, and NIS), and the order to look up the sources is specified in
nsswitch.conf.
Each entry in nsswitch.conf consists of a database name, and a space
separated list of sources. Each source can have an optional trailing
criterion that determines whether the next listed source is used, or the
search terminates at the current source. Each criterion consists of one
or more status codes, and actions to take if that status code occurs.
Sources
The following sources are implemented:
Source Description
files Local files, such as /etc/hosts, and /etc/passwd.
dns Internet Domain Name System. "hosts" and
"networks" use IN class entries, all other
databases use HS class (Hesiod) entries.
mdnsd Use mdnsd(8) for "hosts" lookups, acting as both a
system-wide cache for normal unicast DNS as well
as providing multicast DNS ("zeroconf") lookups.
multicast_dns Use mdnsd(8) only for multicast DNS "hosts"
lookups. This would normally be used in
conjunction with "dns", which would then provide
unicast DNS resolver functions.
nis NIS (formerly YP)
compat support `+/-' in the "passwd" and "group"
databases. If this is present, it must be the
only source for that entry.
Databases
The following databases are used by the following C library functions:
Database Used by
group getgrent(3)
hosts gethostbyname(3)
netgroup getnetgrent(3)
networks getnetbyname(3)
passwd getpwent(3)
shells getusershell(3)
Status codes
The following status codes are available:
Status Description
success The requested entry was found.
notfound The entry is not present at this source.
tryagain The source is busy, and may respond to retries.
unavail The source is not responding, or entry is corrupt.
Actions
For each of the status codes, one of two actions is possible:
Action Description
continue Try the next source
return Return with the current result
Format of file
A BNF description of the syntax of nsswitch.conf is:
<entry> ::= <database> ":" [<source> [<criteria>]]*
<criteria> ::= "[" <criterion>+ "]"
<criterion> ::= <status> "=" <action>
<status> ::= "success" | "notfound" | "unavail" | "tryagain"
<action> ::= "return" | "continue"
Each entry starts on a new line in the file. A `#' delimits a comment to
end of line. Blank lines are ignored. A `\' at the end of a line
escapes the newline, and causes the next line to be a continuation of the
current line. All entries are case-insensitive.
The default criteria is to return on "success", and continue on anything
else (i.e, [success=return notfound=continue unavail=continue
tryagain=continue] ).
Compat mode: +/- syntax
In historical multi-source implementations, the `+' and `-' characters
are used to specify the importing of user password and group information
from NIS. Although nsswitch.conf provides alternative methods of
accessing distributed sources such as NIS, specifying a sole source of
"compat" will provide the historical behaviour.
An alternative source for the information accessed via `+/-' can be used
by specifying "passwd_compat: source". "source" in this case can be
`dns', `nis', or any other source except for `files' and `compat'.
Notes
Historically, many of the databases had enumeration functions, often of
the form getXXXent(). These made sense when the databases were in local
files, but don't make sense or have lesser relevance when there are
possibly multiple sources, each of an unknown size. The interfaces are
still provided for compatibility, but the source may not be able to
provide complete entries, or duplicate entries may be retrieved if
multiple sources that contain similar information are specified.
To ensure compatibility with previous and current implementations, the
"compat" source must appear alone for a given database.
Default source lists
If, for any reason, nsswitch.conf doesn't exist, or it has missing or
corrupt entries, nsdispatch(3) will default to an entry of "files" for
the requested database. Exceptions are:
Database Default source list
group compat
group_compat nis
hosts files dns
netgroup files [notfound=return] nis
passwd compat
passwd_compat nis
FILES
/etc/nsswitch.conf The file nsswitch.conf resides in /etc.
EXAMPLES
To lookup hosts in /etc/hosts and then from the DNS, and lookup user
information from NIS then files, use:
hosts: files dns
passwd: nis [notfound=return] files
group: nis [notfound=return] files
The criteria "[notfound=return]" sets a policy of "if the user is
notfound in nis, don't try files." This treats nis as the authoritative
source of information, except when the server is down.
SEE ALSO
getent(1), nsdispatch(3), resolv.conf(5), named(8), ypbind(8)
HISTORY
The nsswitch.conf file format first appeared in NetBSD 1.4.
AUTHORS
Luke Mewburn <lukem@NetBSD.org> wrote this freely distributable name-
service switch implementation, using ideas from the ULTRIX svc.conf(5)
and Solaris nsswitch.conf(4) manual pages.
NetBSD 10.99 October 25, 2009 NetBSD 10.99