nss(5) — Linux manual page


NSS(5)                  Linux Programmer's Manual                 NSS(5)

NAME         top

       nss - Name Service Switch configuration file

DESCRIPTION         top

       Each call to a function which retrieves data from a system
       database like the password or group database is handled by the
       Name Service Switch implementation in the GNU C library.  The
       various services provided are implemented by independent modules,
       each of which naturally varies widely from the other.

       The default implementations coming with the GNU C library are by
       default conservative and do not use unsafe data.  This might be
       very costly in some situations, especially when the databases are
       large.  Some modules allow the system administrator to request
       taking shortcuts if these are known to be safe.  It is then the
       system administrator's responsibility to ensure the assumption is

       There are other modules where the implementation changed over
       time.  If an implementation used to sacrifice speed for memory
       consumption, it might create problems if the preference is

       The /etc/default/nss file contains a number of variable
       assignments.  Each variable controls the behavior of one or more
       NSS modules.  White spaces are ignored.  Lines beginning with '#'
       are treated as comments.

       The variables currently recognized are:

              If set to TRUE, the NIS backend for the initgroups(3)
              function will accept the information from the netid.byname
              NIS map as authoritative.  This can speed up the function
              significantly if the group.byname map is large.  The
              content of the netid.byname map is used as is.  The system
              administrator has to make sure it is correctly generated.

              If set to TRUE, the NIS backend for the getservbyname(3)
              and getservbyname_r(3) functions will assume that the
              services.byservicename NIS map exists and is
              authoritative, particularly that it contains both keys
              with /proto and without /proto for both primary service
              names and service aliases.  The system administrator has
              to make sure it is correctly generated.

              If set to TRUE, the NIS backend for the setpwent(3) and
              setgrent(3) functions will read the entire database at
              once and then hand out the requests one by one from memory
              with every corresponding getpwent(3) or getgrent(3) call
              respectively.  Otherwise, each getpwent(3) or getgrent(3)
              call might result in a network communication with the
              server to get the next entry.

FILES         top


EXAMPLES         top

       The default configuration corresponds to the following
       configuration file:


SEE ALSO         top


COLOPHON         top

       This page is part of release 5.13 of the Linux man-pages project.
       A description of the project, information about reporting bugs,
       and the latest version of this page, can be found at

Linux                          2020-06-09                         NSS(5)

Pages that refer to this page: nsswitch.conf(5)systemd-resolved.service(8)