From patchwork Wed Mar 20 16:48:48 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Carlos O'Donell <codonell@redhat.com>
X-Patchwork-Id: 31919
Received: (qmail 108874 invoked by alias); 20 Mar 2019 16:48:55 -0000
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Unsubscribe: <mailto:libc-alpha-unsubscribe-##L=##H@sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>,
	<http://sourceware.org/ml/#faqs>
Sender: libc-alpha-owner@sourceware.org
Delivered-To: mailing list libc-alpha@sourceware.org
Received: (qmail 108860 invoked by uid 89); 20 Mar 2019 16:48:55 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-14.4 required=5.0 tests=AWL, BAYES_00,
	GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 spammy=providers,
	nis, H*MI:66ee, H*M:66ee
X-HELO: mail-qt1-f178.google.com
Return-Path: <codonell@redhat.com>
To: libc-alpha@sourceware.org, Aurelien Jarno <aurelien@aurel32.net>,
	Andreas Schwab <schwab@suse.de>
From: Carlos O'Donell <codonell@redhat.com>
Subject: [PATCH] nss: Make nsswitch.conf more distribution friendly.
Message-ID: <9303fad2-66ee-89e4-7433-395be089494e@redhat.com>
Date: Wed, 20 Mar 2019 12:48:48 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
	Thunderbird/60.5.1
MIME-Version: 1.0

The current default nsswitch.conf file provided by glibc is not very
distribution friendly. The file contains some minimal directives that no
real distribution uses. This update aims to provide a rich set of
comments which are useful for all distributions, and a broader set of
service defines which should work for all distributions.

Tested defaults on x86_64 and they work. The nsswitch.conf file more
closely matches what we have in Fedora now, and I'll adjust Fedora to
use this version with minor changes to enable Fedora-specific service
providers.
---
  ChangeLog         |  4 +++
  nss/nsswitch.conf | 76 +++++++++++++++++++++++++++++++++++++----------
  2 files changed, 65 insertions(+), 15 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 9889d21c85..c0ec01324e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2019-03-20  Carlos O'Donell  <carlos@redhat.com>
+
+	* nss/nsswitch.conf: Expand comments, and simplify defaults.
+
  2019-03-19  Joseph Myers  <joseph@codesourcery.com>
  
  	* sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h (HWCAP_SB): New
diff --git a/nss/nsswitch.conf b/nss/nsswitch.conf
index 39ca88bf51..d5c62548f8 100644
--- a/nss/nsswitch.conf
+++ b/nss/nsswitch.conf
@@ -1,20 +1,66 @@
+#
  # /etc/nsswitch.conf
  #
-# Example configuration of GNU Name Service Switch functionality.
+# An example Name Service Switch config file. This file should be
+# sorted with the most-used services at the beginning.
  #
+# Valid service provider entries include (in alphabetical order):
+#
+#	compat			Use /etc files plus *_compat pseudo-db
+#	db			Use the pre-processed /var/db files
+#	dns			Use DNS (Domain Name Service)
+#	files			Use the local files in /etc
+#	hesiod			Use Hesiod (DNS) for user lookups
+#	nis			Use NIS (NIS version 2), also called YP
+#	nisplus			Use NIS+ (NIS version 3)
+#
+# Commonly used alternative service providers (may need installation):
+#
+#	ldap			Use LDAP directory server
+#	myhostname		Use systemd host names
+#	mymachines		Use systemd machine names
+#	mdns*, mdns*_minimal	Use Avahi mDNS/DNS-SD
+#	resolve			Use systemd resolved resolver
+#	sss			Use System Security Services Daemon (sssd)
+#	systemd			Use systemd for dynamic user option
+#	winbind			Use SAMBA winbind support
+#	wins			Use SAMBA wins support
+#	wrapper			Use wrapper module for testing
+#
+# Notes:
+#
+# 'sssd' performs its own 'files'-based caching, so it should generally
+# come before 'files'.
+#
+# WARNING: Running nscd with a secondary caching service like sssd may
+# 	   lead to unexpected behaviour, especially with how long
+# 	   entries are cached.
+#
+# Installation instructions:
+#
+# To use 'db', install the appropriate package(s) (provide 'makedb' and
+# libnss_db.so.*), and place the 'db' in front of 'files' for entries
+# you want to be looked up first in the databases, like this:
+#
+# passwd:    db files
+# shadow:    db files
+# group:     db files
  
-passwd:		db files
-group:		db files
-initgroups:	db [SUCCESS=continue] files
-shadow:		db files
-gshadow:	files
-
-hosts:		files dns
-networks:	files dns
-
-protocols:	db files
-services:	db files
-ethers:		db files
-rpc:		db files
+passwd:     files
+initgroups: files
+shadow:     files
+gshadow:    files
+group:      files
+hosts:      files dns
+bootparams: files
+ethers:     files
+netmasks:   files
+networks:   files dns
+protocols:  files
+rpc:        files
+services:   files
+netgroup:   files
+publickey:  files
+automount:  files
+aliases:    files
  
-netgroup:	db files