[patch] nsswitch.conf.5: Update NSS compatibility mode description

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>From the current description of NSS compatibility mode it seems
that /etc/passwd is the only file where special entries are permitted.
But "compat" service can also be specified for group and shadow
databases, so this needs to be changed.

The list of special entries is for passwd database only, group
and shadow databases are not mentioned.
Because group database does not support netgroup special entries and
it deals with groups, not users, it is better to make a separate list
of entries for it.

It is true that the default source for the compat pseudo-databases
is "nis", but it can be overridden by any NSS service, not just
"nisplus". Even "compat" itself can be specified as the source for
the pseudo-databases, but doing that of course leads to infinite
recursion, so it makes sense to disallow that.

The information was obtained from glibc source code, namely from
the following files:
nis/nss_compat/compat-pwd.c
nis/nss_compat/compat-grp.c
nis/nss_compat/compat-spwd.c

Signed-off-by: Nikola Forró <nforro@xxxxxxxxxx>
---
 man5/nsswitch.conf.5 | 40 ++++++++++++++++++++++++++++++++++------
 1 file changed, 34 insertions(+), 6 deletions(-)

diff --git a/man5/nsswitch.conf.5 b/man5/nsswitch.conf.5
index 40ca9dc..f78bf85 100644
--- a/man5/nsswitch.conf.5
+++ b/man5/nsswitch.conf.5
@@ -260,16 +260,22 @@ Call the next lookup function.
 .RE
 .SS Compatibility mode (compat)
 The NSS "compat" service is similar to "files" except that it
-additionally permits special entries in
-.I /etc/passwd
+additionally permits special entries in corresponding files
 for granting users or members of netgroups access to the system.
 The following entries are valid in this mode:
 .RS 4
+.LP
+For
+.B passwd
+and
+.B shadow
+databases:
+.RS 4
 .TP 12
 .BI + user
 Include the specified
 .I user
-from the NIS passwd map.
+from the NIS passwd/shadow map.
 .TP
 .BI +@ netgroup
 Include all users in the given
@@ -278,7 +284,7 @@ Include all users in the given
 .BI \- user
 Exclude the specified
 .I user
-from the NIS passwd map.
+from the NIS passwd/shadow map.
 .TP
 .BI \-@ netgroup
 Exclude all users in the given
@@ -286,11 +292,33 @@ Exclude all users in the given
 .TP
 .B +
 Include every user, except previously excluded ones, from the
-NIS passwd map.
+NIS passwd/shadow map.
+.RE
+.LP
+For
+.B group
+database:
+.RS 4
+.TP 12
+.BI + group
+Include the specified
+.I group
+from the NIS group map.
+.TP
+.BI \- group
+Exclude the specified
+.I group
+from the NIS group map.
+.TP
+.B +
+Include every group, except previously excluded ones, from the
+NIS group map.
+.RE
 .RE
 .LP
 By default, the source is "nis", but this may be
-overridden by specifying "nisplus" as the source for the pseudo-databases
+overridden by specifying any NSS service except "compat" itself
+as the source for the pseudo-databases
 .BR passwd_compat ,
 .BR group_compat ,
 and
-- 
2.4.3


--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel Documentation]     [Netdev]     [Linux Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux