From patchwork Fri Aug 16 20:59:39 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Carlos O'Donell <codonell@redhat.com>
X-Patchwork-Id: 34157
Received: (qmail 55899 invoked by alias); 16 Aug 2019 20:59:44 -0000
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Unsubscribe: <mailto:libc-alpha-unsubscribe-##L=##H@sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>,
	<http://sourceware.org/ml/#faqs>
Sender: libc-alpha-owner@sourceware.org
Delivered-To: mailing list libc-alpha@sourceware.org
Received: (qmail 55891 invoked by uid 89); 16 Aug 2019 20:59:44 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-16.6 required=5.0 tests=AWL, BAYES_00,
	GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 spammy=
X-HELO: mail-qt1-f178.google.com
Return-Path: <codonell@redhat.com>
Subject: Re: [PATCH v4] nss: Make nsswitch.conf more distribution friendly.
To: Florian Weimer <fweimer@redhat.com>
Cc: Joseph Myers <joseph@codesourcery.com>, Andreas Schwab <schwab@suse.de>,
	libc-alpha@sourceware.org, Aurelien Jarno <aurelien@aurel32.net>
References: <9303fad2-66ee-89e4-7433-395be089494e@redhat.com>
	<87h8bxv5wy.fsf@mid.deneb.enyo.de>
	<f716a992-1fd8-5c32-4231-f034f7a8459f@redhat.com>
	<87ef70sj1k.fsf@mid.deneb.enyo.de>
	<b79f8ef0-461a-f07a-1d3a-ac2af6997464@redhat.com>
	<877ec3laqo.fsf@oldenburg2.str.redhat.com>
	<a865a3e9-edeb-25e5-c532-1444162a7879@redhat.com>
	<87zhko9d1z.fsf@oldenburg2.str.redhat.com> <mvm36ig54tj.fsf@suse.de>
	<alpine.DEB.2.21.1908051925500.25360@digraph.polyomino.org.uk>
	<a754dad1-03ee-34ad-7dff-a793d897b684@redhat.com>
	<87lfvtytlx.fsf@oldenburg2.str.redhat.com>
	<47f23add-c4d2-c957-75b9-ad1ea5f3c125@redhat.com>
	<87lfvsygqn.fsf@oldenburg2.str.redhat.com>
From: Carlos O'Donell <codonell@redhat.com>
Message-ID: <4698551d-38b2-f59a-3b13-20735ca9b000@redhat.com>
Date: Fri, 16 Aug 2019 16:59:39 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
	Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <87lfvsygqn.fsf@oldenburg2.str.redhat.com>

On 8/16/19 4:53 PM, Florian Weimer wrote:
> * Carlos O'Donell:
> 
>> +More databasess may be added later.
> 
> Another typo: databasess
> 
> Rest looks good to me.

Hrm, I ran spell check, maybe I need to delete my defaults :-)
Re-ran aspell, all clean.

v6.

OK?

diff --git a/ChangeLog b/ChangeLog
index 47a3fa04ae..23df9a3545 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2019-08-16  Carlos O'Donell  <carlos@redhat.com>
+
+	* nss/nsswitch.conf: Expand comments, and simplify defaults.
+	* manual/nss.texi (NSS Basics): List all known databases.
+	(Services in the NSS configuration): Mention automount.
+
 2019-08-15  Florian Weimer  <fweimer@redhat.com>
 
 	nptl: Move pthread_attr_init implementation into libc.
diff --git a/manual/nss.texi b/manual/nss.texi
index 164ae33246..821469a78a 100644
--- a/manual/nss.texi
+++ b/manual/nss.texi
@@ -56,13 +56,17 @@ functions to access the databases.
 @noindent
 The databases available in the NSS are
 
+@cindex aliases
 @cindex ethers
 @cindex group
+@cindex gshadow
 @cindex hosts
+@cindex initgroups
 @cindex netgroup
 @cindex networks
-@cindex protocols
 @cindex passwd
+@cindex protocols
+@cindex publickey
 @cindex rpc
 @cindex services
 @cindex shadow
@@ -75,16 +79,22 @@ Ethernet numbers,
 @comment @pxref{Ethernet Numbers}.
 @item group
 Groups of users, @pxref{Group Database}.
+@item gshadow
+Group passphrase hashes and related information.
 @item hosts
 Host names and numbers, @pxref{Host Names}.
+@item initgroups
+Supplementary group access list.
 @item netgroup
 Network wide list of host and users, @pxref{Netgroup Database}.
 @item networks
 Network names and numbers, @pxref{Networks Database}.
-@item protocols
-Network protocols, @pxref{Protocols Database}.
 @item passwd
 User identities, @pxref{User Database}.
+@item protocols
+Network protocols, @pxref{Protocols Database}.
+@item publickey
+Public keys for Secure RPC.
 @item rpc
 Remote procedure call names and numbers.
 @comment @pxref{RPC Database}.
@@ -96,8 +106,8 @@ User passphrase hashes and related information.
 @end table
 
 @noindent
-There will be some more added later (@code{automount}, @code{bootparams},
-@code{netmasks}, and @code{publickey}).
+@c We currently don't implement automount, netmasks, or bootparams.
+More databases may be added later.
 
 @node NSS Configuration File, NSS Module Internals, NSS Basics, Name Service Switch
 @section The NSS Configuration File
@@ -159,6 +169,10 @@ these files since they should be placed in a directory where they are
 found automatically.  Only the names of all available services are
 important.
 
+Lastly, some system software may make use of the NSS configuration file
+to store their own configuration for similar purposes.  Examples of this
+include the @code{automount} service which is used by @code{autofs}.
+
 @node Actions in the NSS configuration, Notes on NSS Configuration File, Services in the NSS configuration, NSS Configuration File
 @subsection Actions in the NSS configuration
 
diff --git a/nss/nsswitch.conf b/nss/nsswitch.conf
index 39ca88bf51..f553588114 100644
--- a/nss/nsswitch.conf
+++ b/nss/nsswitch.conf
@@ -1,20 +1,69 @@
+#
 # /etc/nsswitch.conf
 #
-# Example configuration of GNU Name Service Switch functionality.
+# An example Name Service Switch config file. This file should be
+# sorted with the most-used services at the beginning.
 #
+# Valid databases are: aliases, ethers, group, gshadow, hosts,
+# initgroups, netgroup, networks, passwd, protocols, publickey,
+# rpc, services, and shadow.
+#
+# Valid service provider entries include (in alphabetical order):
+#
+#	compat			Use /etc files plus *_compat pseudo-db
+#	db			Use the pre-processed /var/db files
+#	dns			Use DNS (Domain Name Service)
+#	files			Use the local files in /etc
+#	hesiod			Use Hesiod (DNS) for user lookups
+#	nis			Use NIS (NIS version 2), also called YP
+#	nisplus			Use NIS+ (NIS version 3)
+#
+# See `info libc 'NSS Basics'` for more information.
+#
+# Commonly used alternative service providers (may need installation):
+#
+#	ldap			Use LDAP directory server
+#	myhostname		Use systemd host names
+#	mymachines		Use systemd machine names
+#	mdns*, mdns*_minimal	Use Avahi mDNS/DNS-SD
+#	resolve			Use systemd resolved resolver
+#	sss			Use System Security Services Daemon (sssd)
+#	systemd			Use systemd for dynamic user option
+#	winbind			Use Samba winbind support
+#	wins			Use Samba wins support
+#	wrapper			Use wrapper module for testing
+#
+# Notes:
+#
+# 'sssd' performs its own 'files'-based caching, so it should generally
+# come before 'files'.
+#
+# WARNING: Running nscd with a secondary caching service like sssd may
+# 	   lead to unexpected behaviour, especially with how long
+# 	   entries are cached.
+#
+# Installation instructions:
+#
+# To use 'db', install the appropriate package(s) (provide 'makedb' and
+# libnss_db.so.*), and place the 'db' in front of 'files' for entries
+# you want to be looked up first in the databases, like this:
+#
+# passwd:    db files
+# shadow:    db files
+# group:     db files
 
-passwd:		db files
-group:		db files
-initgroups:	db [SUCCESS=continue] files
-shadow:		db files
-gshadow:	files
-
-hosts:		files dns
-networks:	files dns
-
-protocols:	db files
-services:	db files
-ethers:		db files
-rpc:		db files
-
-netgroup:	db files
+# In alphabetical order. Re-order as required to optimize peformance.
+aliases:    files
+ethers:     files
+group:      files
+gshadow:    files
+hosts:      files dns
+initgroups: files
+netgroup:   files
+networks:   files dns
+passwd:     files
+protocols:  files
+publickey:  files
+rpc:        files
+shadow:     files
+services:   files