bionic (5) nss.5.gz

Provided by: manpages_4.15-1_all bug

NAME

       nss - Name Service Switch configuration file

DESCRIPTION

       Each  call  to a function which retrieves data from a system database like the password or group database
       is handled by the Name Service Switch implementation in the GNU C library.  The various services provided
       are implemented by independent modules, each of which naturally varies widely from the other.

       The  default  implementations  coming  with  the GNU C library are by default conservative and do not use
       unsafe data.  This might be very costly in some situations, especially  when  the  databases  are  large.
       Some  modules  allow  the system administrator to request taking shortcuts if these are known to be safe.
       It is then the system administrator's responsibility to ensure the assumption is correct.

       There are other modules where the implementation  changed  over  time.   If  an  implementation  used  to
       sacrifice speed for memory consumption, it might create problems if the preference is switched.

       The /etc/default/nss file contains a number of variable assignments.  Each variable controls the behavior
       of one or more NSS modules.  White spaces are ignored.  Lines beginning with '#' are treated as comments.

       The variables currently recognized are:

       NETID_AUTHORITATIVE = TRUE|FALSE
              If set to TRUE, the NIS backend for the initgroups(3) function will accept  the  information  from
              the  netid.byname  NIS  map as authoritative.  This can speed up the function significantly if the
              group.byname map is large.  The content of the  netid.byname  map  is  used  as  is.   The  system
              administrator has to make sure it is correctly generated.

       SERVICES_AUTHORITATIVE = TRUE|FALSE
              If  set  to  TRUE,  the NIS backend for the getservbyname(3) and getservbyname_r(3) functions will
              assume that the services.byservicename NIS map exists and is authoritative, particularly  that  it
              contains  both  keys  with  /proto  and  without /proto for both primary service names and service
              aliases.  The system administrator has to make sure it is correctly generated.

       SETENT_BATCH_READ = TRUE|FALSE
              If set to TRUE, the NIS backend for the setpwent(3) and setgrent(3) functions will read the entire
              database  at  once  and then hand out the requests one by one from memory with every corresponding
              getpwent(3) or getgrent(3) call respectively.  Otherwise, each  getpwent(3)  or  getgrent(3)  call
              might result in a network communication with the server to get the next entry.

FILES

       /etc/default/nss

EXAMPLE

       The default configuration corresponds to the following configuration file:

           NETID_AUTHORITATIVE=FALSE
           SERVICES_AUTHORITATIVE=FALSE
           SETENT_BATCH_READ=FALSE

SEE ALSO

       nsswitch.conf

COLOPHON

       This  page  is  part  of  release  4.15  of  the  Linux man-pages project.  A description of the project,
       information  about  reporting  bugs,  and  the  latest  version  of  this   page,   can   be   found   at
       https://www.kernel.org/doc/man-pages/.