NAME

       nss - Name Service Switch configuration file

DESCRIPTION

       Each  call  to a function which retrieves data from a system database like the password or group database
       is handled by the Name Service Switch implementation in the GNU C library.  The various services provided
       are implemented by independent modules, each of which naturally varies widely from the other.

       The default implementations coming with the GNU C library are by default  conservative  and  do  not  use
       unsafe  data.   This  might  be  very costly in some situations, especially when the databases are large.
       Some modules allow the system administrator to request taking shortcuts if these are known  to  be  safe.
       It is then the system administrator's responsibility to ensure the assumption is correct.

       There  are  other  modules  where  the  implementation  changed  over time.  If an implementation used to
       sacrifice speed for memory consumption, it might create problems if the preference is switched.

       The /etc/default/nss file contains a number of variable assignments.  Each variable controls the behavior
       of one or more NSS modules.  White spaces are ignored.  Lines beginning with '#' are treated as comments.

       The variables currently recognized are:

       NETID_AUTHORITATIVE = TRUE|FALSE
              If set to TRUE, the NIS backend for the initgroups(3) function will accept  the  information  from
              the  netid.byname  NIS  map as authoritative.  This can speed up the function significantly if the
              group.byname map is large.  The content of the  netid.byname  map  is  used  as  is.   The  system
              administrator has to make sure it is correctly generated.

       SERVICES_AUTHORITATIVE = TRUE|FALSE
              If  set  to  TRUE,  the NIS backend for the getservbyname(3) and getservbyname_r(3) functions will
              assume that the services.byservicename NIS map exists and is authoritative, particularly  that  it
              contains  both  keys  with  /proto  and  without /proto for both primary service names and service
              aliases.  The system administrator has to make sure it is correctly generated.

       SETENT_BATCH_READ = TRUE|FALSE
              If set to TRUE, the NIS backend for the setpwent(3) and setgrent(3) functions will read the entire
              database at once and then hand out the requests one by one from memory  with  every  corresponding
              getpwent(3)  or  getgrent(3)  call  respectively.  Otherwise, each getpwent(3) or getgrent(3) call
              might result in a network communication with the server to get the next entry.

FILES

       /etc/default/nss

EXAMPLES

       The default configuration corresponds to the following configuration file:

           NETID_AUTHORITATIVE=FALSE
           SERVICES_AUTHORITATIVE=FALSE
           SETENT_BATCH_READ=FALSE

SEE ALSO

       nsswitch.conf

COLOPHON

       This page is part of release 5.10 of  the  Linux  man-pages  project.   A  description  of  the  project,
       information   about   reporting   bugs,   and   the  latest  version  of  this  page,  can  be  found  at
       https://www.kernel.org/doc/man-pages/.

Linux                                              2020-06-09                                             NSS(5)