nss: Make nsswitch.conf more distribution friendly.

Message ID	9303fad2-66ee-89e4-7433-395be089494e@redhat.com
State	Superseded
Headers	Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk Sender: libc-alpha-owner@sourceware.org To: libc-alpha@sourceware.org, Aurelien Jarno <aurelien@aurel32.net>, Andreas Schwab <schwab@suse.de> From: Carlos O'Donell <codonell@redhat.com> Subject: [PATCH] nss: Make nsswitch.conf more distribution friendly. Message-ID: <9303fad2-66ee-89e4-7433-395be089494e@redhat.com> Date: Wed, 20 Mar 2019 12:48:48 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit

Message ID

9303fad2-66ee-89e4-7433-395be089494e@redhat.com

State

Superseded

Headers

Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
Sender: libc-alpha-owner@sourceware.org
To: libc-alpha@sourceware.org, Aurelien Jarno <aurelien@aurel32.net>,
	Andreas Schwab <schwab@suse.de>
From: Carlos O'Donell <codonell@redhat.com>
Subject: [PATCH] nss: Make nsswitch.conf more distribution friendly.
Message-ID: <9303fad2-66ee-89e4-7433-395be089494e@redhat.com>
Date: Wed, 20 Mar 2019 12:48:48 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
	Thunderbird/60.5.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit

Commit Message

Carlos O'Donell March 20, 2019, 4:48 p.m. UTC

  The current default nsswitch.conf file provided by glibc is not very
distribution friendly. The file contains some minimal directives that no
real distribution uses. This update aims to provide a rich set of
comments which are useful for all distributions, and a broader set of
service defines which should work for all distributions.

Tested defaults on x86_64 and they work. The nsswitch.conf file more
closely matches what we have in Fedora now, and I'll adjust Fedora to
use this version with minor changes to enable Fedora-specific service
providers.
---
  ChangeLog         |  4 +++
  nss/nsswitch.conf | 76 +++++++++++++++++++++++++++++++++++++----------
  2 files changed, 65 insertions(+), 15 deletions(-)

Comments

Florian Weimer March 20, 2019, 4:58 p.m. UTC | #1

* Carlos O'Donell:

> +# An example Name Service Switch config file. This file should be
> +# sorted with the most-used services at the beginning.

The example file itself doesn't seem to follow this.

> +#	ldap			Use LDAP directory server

Is the module really called ldap these days?  I it's ldapd.  ldap was
the module that had an in-process LDAP client, which was kind of iffy.

diff mbox

Patch

diff --git a/ChangeLog b/ChangeLog
index 9889d21c85..c0ec01324e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@ 
+2019-03-20  Carlos O'Donell  <carlos@redhat.com>
+
+	* nss/nsswitch.conf: Expand comments, and simplify defaults.
+
  2019-03-19  Joseph Myers  <joseph@codesourcery.com>
  
  	* sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h (HWCAP_SB): New
diff --git a/nss/nsswitch.conf b/nss/nsswitch.conf
index 39ca88bf51..d5c62548f8 100644
--- a/nss/nsswitch.conf
+++ b/nss/nsswitch.conf
@@ -1,20 +1,66 @@ 
+#
  # /etc/nsswitch.conf
  #
-# Example configuration of GNU Name Service Switch functionality.
+# An example Name Service Switch config file. This file should be
+# sorted with the most-used services at the beginning.
  #
+# Valid service provider entries include (in alphabetical order):
+#
+#	compat			Use /etc files plus *_compat pseudo-db
+#	db			Use the pre-processed /var/db files
+#	dns			Use DNS (Domain Name Service)
+#	files			Use the local files in /etc
+#	hesiod			Use Hesiod (DNS) for user lookups
+#	nis			Use NIS (NIS version 2), also called YP
+#	nisplus			Use NIS+ (NIS version 3)
+#
+# Commonly used alternative service providers (may need installation):
+#
+#	ldap			Use LDAP directory server
+#	myhostname		Use systemd host names
+#	mymachines		Use systemd machine names
+#	mdns*, mdns*_minimal	Use Avahi mDNS/DNS-SD
+#	resolve			Use systemd resolved resolver
+#	sss			Use System Security Services Daemon (sssd)
+#	systemd			Use systemd for dynamic user option
+#	winbind			Use SAMBA winbind support
+#	wins			Use SAMBA wins support
+#	wrapper			Use wrapper module for testing
+#
+# Notes:
+#
+# 'sssd' performs its own 'files'-based caching, so it should generally
+# come before 'files'.
+#
+# WARNING: Running nscd with a secondary caching service like sssd may
+# 	   lead to unexpected behaviour, especially with how long
+# 	   entries are cached.
+#
+# Installation instructions:
+#
+# To use 'db', install the appropriate package(s) (provide 'makedb' and
+# libnss_db.so.*), and place the 'db' in front of 'files' for entries
+# you want to be looked up first in the databases, like this:
+#
+# passwd:    db files
+# shadow:    db files
+# group:     db files
  
-passwd:		db files
-group:		db files
-initgroups:	db [SUCCESS=continue] files
-shadow:		db files
-gshadow:	files
-
-hosts:		files dns
-networks:	files dns
-
-protocols:	db files
-services:	db files
-ethers:		db files
-rpc:		db files
+passwd:     files
+initgroups: files
+shadow:     files
+gshadow:    files
+group:      files
+hosts:      files dns
+bootparams: files
+ethers:     files
+netmasks:   files
+networks:   files dns
+protocols:  files
+rpc:        files
+services:   files
+netgroup:   files
+publickey:  files
+automount:  files
+aliases:    files
  
-netgroup:	db files