nss(5) — Linux manual page


NSS(5)                    Linux Programmer's Manual                   NSS(5)

NAME         top

       nss - Name Service Switch configuration file

DESCRIPTION         top

       Each call to a function which retrieves data from a system database
       like the password or group database is handled by the Name Service
       Switch implementation in the GNU C library.  The various services
       provided are implemented by independent modules, each of which
       naturally varies widely from the other.

       The default implementations coming with the GNU C library are by
       default conservative and do not use unsafe data.  This might be very
       costly in some situations, especially when the databases are large.
       Some modules allow the system administrator to request taking
       shortcuts if these are known to be safe.  It is then the system
       administrator's responsibility to ensure the assumption is correct.

       There are other modules where the implementation changed over time.
       If an implementation used to sacrifice speed for memory consumption,
       it might create problems if the preference is switched.

       The /etc/default/nss file contains a number of variable assignments.
       Each variable controls the behavior of one or more NSS modules.
       White spaces are ignored.  Lines beginning with '#' are treated as

       The variables currently recognized are:

              If set to TRUE, the NIS backend for the initgroups(3) function
              will accept the information from the netid.byname NIS map as
              authoritative.  This can speed up the function significantly
              if the group.byname map is large.  The content of the
              netid.byname map is used as is.  The system administrator has
              to make sure it is correctly generated.

              If set to TRUE, the NIS backend for the getservbyname(3) and
              getservbyname_r(3) functions will assume that the
              services.byservicename NIS map exists and is authoritative,
              particularly that it contains both keys with /proto and
              without /proto for both primary service names and service
              aliases.  The system administrator has to make sure it is
              correctly generated.

              If set to TRUE, the NIS backend for the setpwent(3) and
              setgrent(3) functions will read the entire database at once
              and then hand out the requests one by one from memory with
              every corresponding getpwent(3) or getgrent(3) call
              respectively.  Otherwise, each getpwent(3) or getgrent(3) call
              might result in a network communication with the server to get
              the next entry.

FILES         top


EXAMPLES         top

       The default configuration corresponds to the following configuration


SEE ALSO         top


COLOPHON         top

       This page is part of release 5.08 of the Linux man-pages project.  A
       description of the project, information about reporting bugs, and the
       latest version of this page, can be found at

Linux                            2020-06-09                           NSS(5)

Pages that refer to this page: nsswitch.conf(5)systemd-resolved(8)systemd-resolved.service(8)