[PATCH] nss: Make nsswitch.conf more distribution friendly.

classic Classic list List threaded Threaded
21 messages Options
12
Reply | Threaded
Open this post in threaded view
|

[PATCH] nss: Make nsswitch.conf more distribution friendly.

Carlos O'Donell-5
The current default nsswitch.conf file provided by glibc is not very
distribution friendly. The file contains some minimal directives that no
real distribution uses. This update aims to provide a rich set of
comments which are useful for all distributions, and a broader set of
service defines which should work for all distributions.

Tested defaults on x86_64 and they work. The nsswitch.conf file more
closely matches what we have in Fedora now, and I'll adjust Fedora to
use this version with minor changes to enable Fedora-specific service
providers.
---
  ChangeLog         |  4 +++
  nss/nsswitch.conf | 76 +++++++++++++++++++++++++++++++++++++----------
  2 files changed, 65 insertions(+), 15 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 9889d21c85..c0ec01324e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2019-03-20  Carlos O'Donell  <[hidden email]>
+
+ * nss/nsswitch.conf: Expand comments, and simplify defaults.
+
  2019-03-19  Joseph Myers  <[hidden email]>
 
  * sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h (HWCAP_SB): New
diff --git a/nss/nsswitch.conf b/nss/nsswitch.conf
index 39ca88bf51..d5c62548f8 100644
--- a/nss/nsswitch.conf
+++ b/nss/nsswitch.conf
@@ -1,20 +1,66 @@
+#
  # /etc/nsswitch.conf
  #
-# Example configuration of GNU Name Service Switch functionality.
+# An example Name Service Switch config file. This file should be
+# sorted with the most-used services at the beginning.
  #
+# Valid service provider entries include (in alphabetical order):
+#
+# compat Use /etc files plus *_compat pseudo-db
+# db Use the pre-processed /var/db files
+# dns Use DNS (Domain Name Service)
+# files Use the local files in /etc
+# hesiod Use Hesiod (DNS) for user lookups
+# nis Use NIS (NIS version 2), also called YP
+# nisplus Use NIS+ (NIS version 3)
+#
+# Commonly used alternative service providers (may need installation):
+#
+# ldap Use LDAP directory server
+# myhostname Use systemd host names
+# mymachines Use systemd machine names
+# mdns*, mdns*_minimal Use Avahi mDNS/DNS-SD
+# resolve Use systemd resolved resolver
+# sss Use System Security Services Daemon (sssd)
+# systemd Use systemd for dynamic user option
+# winbind Use SAMBA winbind support
+# wins Use SAMBA wins support
+# wrapper Use wrapper module for testing
+#
+# Notes:
+#
+# 'sssd' performs its own 'files'-based caching, so it should generally
+# come before 'files'.
+#
+# WARNING: Running nscd with a secondary caching service like sssd may
+#   lead to unexpected behaviour, especially with how long
+#   entries are cached.
+#
+# Installation instructions:
+#
+# To use 'db', install the appropriate package(s) (provide 'makedb' and
+# libnss_db.so.*), and place the 'db' in front of 'files' for entries
+# you want to be looked up first in the databases, like this:
+#
+# passwd:    db files
+# shadow:    db files
+# group:     db files
 
-passwd: db files
-group: db files
-initgroups: db [SUCCESS=continue] files
-shadow: db files
-gshadow: files
-
-hosts: files dns
-networks: files dns
-
-protocols: db files
-services: db files
-ethers: db files
-rpc: db files
+passwd:     files
+initgroups: files
+shadow:     files
+gshadow:    files
+group:      files
+hosts:      files dns
+bootparams: files
+ethers:     files
+netmasks:   files
+networks:   files dns
+protocols:  files
+rpc:        files
+services:   files
+netgroup:   files
+publickey:  files
+automount:  files
+aliases:    files
 
-netgroup: db files
--
2.20.1

Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] nss: Make nsswitch.conf more distribution friendly.

Florian Weimer
* Carlos O'Donell:

> +# An example Name Service Switch config file. This file should be
> +# sorted with the most-used services at the beginning.

The example file itself doesn't seem to follow this.

> +# ldap Use LDAP directory server

Is the module really called ldap these days?  I it's ldapd.  ldap was
the module that had an in-process LDAP client, which was kind of iffy.
Reply | Threaded
Open this post in threaded view
|

[PATCH v2] nss: Make nsswitch.conf more distribution friendly.

Carlos O'Donell-5
On 3/20/19 12:58 PM, Florian Weimer wrote:
> * Carlos O'Donell:
>
>> +# An example Name Service Switch config file. This file should be
>> +# sorted with the most-used services at the beginning.
>
> The example file itself doesn't seem to follow this.

I noticed that netmasks, automount, and bootparams are not handled by
glibc, but listed in the nsswitch.conf. Are these handled by some other
application which parses /etc/nsswitch.conf? I'm not aware of any that
do so, and so I've removed them.

We never got around to implementing the accessor functions for them,
and only added publickey. I cleaned up the docs and referenced the info
docs from the default nsswitch.conf.

>> +# ldap Use LDAP directory server
>
> Is the module really called ldap these days?  I it's ldapd.  ldap was
> the module that had an in-process LDAP client, which was kind of iffy.

Yes, this is the ldap module using nslcd.

rpm -qf /lib64/libnss_ldap.so
nss-pam-ldapd-0.9.9-4.fc29.x86_64

Description :
The nss-pam-ldapd daemon, nslcd, uses a directory server to look up name
service information (users, groups, etc.) on behalf of a lightweight
nsswitch module.

It's the same name (unfortunately).

v2 follows.

8< --- 8< --- 8<

The current default nsswitch.conf file provided by glibc is not very
distribution friendly. The file contains some minimal directives that no
real distribution uses. This update aims to provide a rich set of
comments which are useful for all distributions, and a broader set of
service defines which should work for all distributions.

Tested defaults on x86_64 and they work. The nsswitch.conf file more
closely matches what we have in Fedora now, and I'll adjust Fedora to
use this version with minor changes to enable Fedora-specific service
providers.

v2
- Add missing databases to manual.
- Add link to manual from default nsswitch.conf.
- Sort nsswitch.conf according to most used database first.
---
  ChangeLog         |  5 +++
  manual/nss.texi   | 20 +++++++++---
  nss/nsswitch.conf | 81 +++++++++++++++++++++++++++++++++++++----------
  3 files changed, 85 insertions(+), 21 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 9889d21c85..9765ae0160 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2019-03-20  Carlos O'Donell  <[hidden email]>
+
+ * nss/nsswitch.conf: Expand comments, and simplify defaults.
+ * manual/nss.texi (NSS Basics): List all known databases.
+
  2019-03-19  Joseph Myers  <[hidden email]>
 
  * sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h (HWCAP_SB): New
diff --git a/manual/nss.texi b/manual/nss.texi
index 164ae33246..5df2f6254a 100644
--- a/manual/nss.texi
+++ b/manual/nss.texi
@@ -56,13 +56,17 @@ functions to access the databases.
  @noindent
  The databases available in the NSS are
 
+@cindex aliases
  @cindex ethers
  @cindex group
+@cindex gshadow
  @cindex hosts
+@cindex initgroups
  @cindex netgroup
  @cindex networks
-@cindex protocols
  @cindex passwd
+@cindex protocols
+@cindex publickey
  @cindex rpc
  @cindex services
  @cindex shadow
@@ -75,16 +79,22 @@ Ethernet numbers,
  @comment @pxref{Ethernet Numbers}.
  @item group
  Groups of users, @pxref{Group Database}.
+@item gshadow
+Group passphrase hashes and related information.
  @item hosts
  Host names and numbers, @pxref{Host Names}.
+@item initgroups
+Supplementary group access list.
  @item netgroup
  Network wide list of host and users, @pxref{Netgroup Database}.
  @item networks
  Network names and numbers, @pxref{Networks Database}.
-@item protocols
-Network protocols, @pxref{Protocols Database}.
  @item passwd
  User identities, @pxref{User Database}.
+@item protocols
+Network protocols, @pxref{Protocols Database}.
+@item publickey
+Public keys for Secure RPC.
  @item rpc
  Remote procedure call names and numbers.
  @comment @pxref{RPC Database}.
@@ -96,8 +106,8 @@ User passphrase hashes and related information.
  @end table
 
  @noindent
-There will be some more added later (@code{automount}, @code{bootparams},
-@code{netmasks}, and @code{publickey}).
+More may be added later (@code{automount}, @code{bootparams},
+and @code{netmasks}).
 
  @node NSS Configuration File, NSS Module Internals, NSS Basics, Name Service Switch
  @section The NSS Configuration File
diff --git a/nss/nsswitch.conf b/nss/nsswitch.conf
index 39ca88bf51..dc4de262dd 100644
--- a/nss/nsswitch.conf
+++ b/nss/nsswitch.conf
@@ -1,20 +1,69 @@
+#
  # /etc/nsswitch.conf
  #
-# Example configuration of GNU Name Service Switch functionality.
+# An example Name Service Switch config file. This file should be
+# sorted with the most-used services at the beginning.
  #
+# Valid databases are: aliases, ethers, group, gshadow, hosts,
+# initgroups, netgroup, networks, passwd, protocols, publickey,
+# rpc, services, and shadow.
+#
+# Valid service provider entries include (in alphabetical order):
+#
+# compat Use /etc files plus *_compat pseudo-db
+# db Use the pre-processed /var/db files
+# dns Use DNS (Domain Name Service)
+# files Use the local files in /etc
+# hesiod Use Hesiod (DNS) for user lookups
+# nis Use NIS (NIS version 2), also called YP
+# nisplus Use NIS+ (NIS version 3)
+#
+# See `info libc 'NSS Basics'` for more information.
+#
+# Commonly used alternative service providers (may need installation):
+#
+# ldap Use LDAP directory server
+# myhostname Use systemd host names
+# mymachines Use systemd machine names
+# mdns*, mdns*_minimal Use Avahi mDNS/DNS-SD
+# resolve Use systemd resolved resolver
+# sss Use System Security Services Daemon (sssd)
+# systemd Use systemd for dynamic user option
+# winbind Use SAMBA winbind support
+# wins Use SAMBA wins support
+# wrapper Use wrapper module for testing
+#
+# Notes:
+#
+# 'sssd' performs its own 'files'-based caching, so it should generally
+# come before 'files'.
+#
+# WARNING: Running nscd with a secondary caching service like sssd may
+#   lead to unexpected behaviour, especially with how long
+#   entries are cached.
+#
+# Installation instructions:
+#
+# To use 'db', install the appropriate package(s) (provide 'makedb' and
+# libnss_db.so.*), and place the 'db' in front of 'files' for entries
+# you want to be looked up first in the databases, like this:
+#
+# passwd:    db files
+# shadow:    db files
+# group:     db files
 
-passwd: db files
-group: db files
-initgroups: db [SUCCESS=continue] files
-shadow: db files
-gshadow: files
-
-hosts: files dns
-networks: files dns
-
-protocols: db files
-services: db files
-ethers: db files
-rpc: db files
-
-netgroup: db files
+# In order of most-used services first.
+passwd:     files
+group:      files
+hosts:      files dns
+networks:   files dns
+initgroups: files
+shadow:     files
+gshadow:    files
+netgroup:   files
+services:   files
+protocols:  files
+ethers:     files
+aliases:    files
+rpc:        files
+publickey:  files
--
2.20.1

Reply | Threaded
Open this post in threaded view
|

Re: [PATCH v2] nss: Make nsswitch.conf more distribution friendly.

Florian Weimer
* Carlos O'Donell:

> On 3/20/19 12:58 PM, Florian Weimer wrote:
>> * Carlos O'Donell:
>>
>>> +# An example Name Service Switch config file. This file should be
>>> +# sorted with the most-used services at the beginning.
>>
>> The example file itself doesn't seem to follow this.
>
> I noticed that netmasks, automount, and bootparams are not handled by
> glibc, but listed in the nsswitch.conf. Are these handled by some other
> application which parses /etc/nsswitch.conf? I'm not aware of any that
> do so, and so I've removed them.
>
> We never got around to implementing the accessor functions for them,
> and only added publickey. I cleaned up the docs and referenced the info
> docs from the default nsswitch.conf.

I think we should only list what is actually implemented in glibc.

sudo uses /etc/nsswitch.conf for a custom database, too, if I recall
correctly.

This is possible because the glibc parser simply ignores unknown
entries.

> +# In order of most-used services first.
> +passwd:     files
> +group:      files
> +hosts:      files dns
> +networks:   files dns
> +initgroups: files
> +shadow:     files
> +gshadow:    files
> +netgroup:   files
> +services:   files
> +protocols:  files
> +ethers:     files
> +aliases:    files
> +rpc:        files
> +publickey:  files

I fear we can discuss this to death.  I would suggest alphabetic order
to avoid that.

I have no further comments on the patch.
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH v2] nss: Make nsswitch.conf more distribution friendly.

Andreas Schwab
In reply to this post by Carlos O'Donell-5
On Mär 20 2019, Carlos O'Donell <[hidden email]> wrote:

> I noticed that netmasks, automount, and bootparams are not handled by
> glibc, but listed in the nsswitch.conf. Are these handled by some other
> application which parses /etc/nsswitch.conf? I'm not aware of any that
> do so, and so I've removed them.

automount is used by autofs.

Andreas.

--
Andreas Schwab, SUSE Labs, [hidden email]
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH v2] nss: Make nsswitch.conf more distribution friendly.

Carlos O'Donell-5
On 3/21/19 5:16 AM, Andreas Schwab wrote:
> On Mär 20 2019, Carlos O'Donell <[hidden email]> wrote:
>
>> I noticed that netmasks, automount, and bootparams are not handled by
>> glibc, but listed in the nsswitch.conf. Are these handled by some other
>> application which parses /etc/nsswitch.conf? I'm not aware of any that
>> do so, and so I've removed them.
>
> automount is used by autofs.

OK, good to know.

Are you OK with the removal of the automount reference in the manual?

--
Cheers,
Carlos.
Reply | Threaded
Open this post in threaded view
|

[PATCH v3] nss: Make nsswitch.conf more distribution friendly.

Carlos O'Donell-5
In reply to this post by Florian Weimer
This version incorporates all the feedback we've had so far, and
looks to be the most complete version we've ever had upstream.
I listed the autofs example that Andreas gave in the manual, since
it was relevant to point out to readers that the configuration actually
gets used by non-glibc system software.

v3 here for review.

8< --- 8< ---- 8<

The current default nsswitch.conf file provided by glibc is not very
distribution friendly. The file contains some minimal directives that no
real distribution uses. This update aims to provide a rich set of
comments which are useful for all distributions, and a broader set of
service defines which should work for all distributions.

Tested defaults on x86_64 and they work. The nsswitch.conf file more
closely matches what we have in Fedora now, and I'll adjust Fedora to
use this version with minor changes to enable Fedora-specific service
providers.

v2
- Add missing databases to manual.
- Add link to manual from default nsswitch.conf.
- Sort nsswitch.conf according to most used database first.

v3
- Only mention implemented services in 'NSS Basics.'
- Mention 'automount' in 'Services in the NSS configuration.'
- Sort services in alphabetical order.
---
  ChangeLog         |  6 ++++
  manual/nss.texi   | 24 +++++++++++---
  nss/nsswitch.conf | 81 +++++++++++++++++++++++++++++++++++++----------
  3 files changed, 90 insertions(+), 21 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 82e03e8d05..270b87f7d8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2019-03-25  Carlos O'Donell  <[hidden email]>
+
+ * nss/nsswitch.conf: Expand comments, and simplify defaults.
+ * manual/nss.texi (NSS Basics): List all known databases.
+ (Services in the NSS configuration): Mention automount.
+
  2019-03-25  Adhemerval Zanella  <[hidden email]>
 
  * sysdeps/powerpc/fpu/s_float_bitwise.h: Remove file.
diff --git a/manual/nss.texi b/manual/nss.texi
index 164ae33246..2d5aecd487 100644
--- a/manual/nss.texi
+++ b/manual/nss.texi
@@ -56,13 +56,17 @@ functions to access the databases.
  @noindent
  The databases available in the NSS are
 
+@cindex aliases
  @cindex ethers
  @cindex group
+@cindex gshadow
  @cindex hosts
+@cindex initgroups
  @cindex netgroup
  @cindex networks
-@cindex protocols
  @cindex passwd
+@cindex protocols
+@cindex publickey
  @cindex rpc
  @cindex services
  @cindex shadow
@@ -75,16 +79,22 @@ Ethernet numbers,
  @comment @pxref{Ethernet Numbers}.
  @item group
  Groups of users, @pxref{Group Database}.
+@item gshadow
+Group passphrase hashes and related information.
  @item hosts
  Host names and numbers, @pxref{Host Names}.
+@item initgroups
+Supplementary group access list.
  @item netgroup
  Network wide list of host and users, @pxref{Netgroup Database}.
  @item networks
  Network names and numbers, @pxref{Networks Database}.
-@item protocols
-Network protocols, @pxref{Protocols Database}.
  @item passwd
  User identities, @pxref{User Database}.
+@item protocols
+Network protocols, @pxref{Protocols Database}.
+@item publickey
+Public keys for Secure RPC.
  @item rpc
  Remote procedure call names and numbers.
  @comment @pxref{RPC Database}.
@@ -96,8 +106,8 @@ User passphrase hashes and related information.
  @end table
 
  @noindent
-There will be some more added later (@code{automount}, @code{bootparams},
-@code{netmasks}, and @code{publickey}).
+@c We currently don't implement automount, netmasks, or bootparams.
+More databasess may be added later.
 
  @node NSS Configuration File, NSS Module Internals, NSS Basics, Name Service Switch
  @section The NSS Configuration File
@@ -159,6 +169,10 @@ these files since they should be placed in a directory where they are
  found automatically.  Only the names of all available services are
  important.
 
+Lastly, some system software may make use of the NSS configuration file
+to store it's own configuration for similar purposes.  Examples of this
+include the @code{automount} service which is used by @code{autofs}.
+
  @node Actions in the NSS configuration, Notes on NSS Configuration File, Services in the NSS configuration, NSS Configuration File
  @subsection Actions in the NSS configuration
 
diff --git a/nss/nsswitch.conf b/nss/nsswitch.conf
index 39ca88bf51..4919201483 100644
--- a/nss/nsswitch.conf
+++ b/nss/nsswitch.conf
@@ -1,20 +1,69 @@
+#
  # /etc/nsswitch.conf
  #
-# Example configuration of GNU Name Service Switch functionality.
+# An example Name Service Switch config file. This file should be
+# sorted with the most-used services at the beginning.
  #
+# Valid databases are: aliases, ethers, group, gshadow, hosts,
+# initgroups, netgroup, networks, passwd, protocols, publickey,
+# rpc, services, and shadow.
+#
+# Valid service provider entries include (in alphabetical order):
+#
+# compat Use /etc files plus *_compat pseudo-db
+# db Use the pre-processed /var/db files
+# dns Use DNS (Domain Name Service)
+# files Use the local files in /etc
+# hesiod Use Hesiod (DNS) for user lookups
+# nis Use NIS (NIS version 2), also called YP
+# nisplus Use NIS+ (NIS version 3)
+#
+# See `info libc 'NSS Basics'` for more information.
+#
+# Commonly used alternative service providers (may need installation):
+#
+# ldap Use LDAP directory server
+# myhostname Use systemd host names
+# mymachines Use systemd machine names
+# mdns*, mdns*_minimal Use Avahi mDNS/DNS-SD
+# resolve Use systemd resolved resolver
+# sss Use System Security Services Daemon (sssd)
+# systemd Use systemd for dynamic user option
+# winbind Use SAMBA winbind support
+# wins Use SAMBA wins support
+# wrapper Use wrapper module for testing
+#
+# Notes:
+#
+# 'sssd' performs its own 'files'-based caching, so it should generally
+# come before 'files'.
+#
+# WARNING: Running nscd with a secondary caching service like sssd may
+#   lead to unexpected behaviour, especially with how long
+#   entries are cached.
+#
+# Installation instructions:
+#
+# To use 'db', install the appropriate package(s) (provide 'makedb' and
+# libnss_db.so.*), and place the 'db' in front of 'files' for entries
+# you want to be looked up first in the databases, like this:
+#
+# passwd:    db files
+# shadow:    db files
+# group:     db files
 
-passwd: db files
-group: db files
-initgroups: db [SUCCESS=continue] files
-shadow: db files
-gshadow: files
-
-hosts: files dns
-networks: files dns
-
-protocols: db files
-services: db files
-ethers: db files
-rpc: db files
-
-netgroup: db files
+# In alphabetical order. Re-order as required to optimize peformance.
+aliases:    files
+ethers:     files
+group:      files
+gshadow:    files
+hosts:      files dns
+initgroups: files
+netgroup:   files
+networks:   files dns
+passwd:     files
+protocols:  files
+publickey:  files
+rpc:        files
+shadow:     files
+services:   files
--
2.20.1


--
Cheers,
Carlos.
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH v3] nss: Make nsswitch.conf more distribution friendly.

Carlos O'Donell-5
On 3/25/19 4:49 PM, Carlos O'Donell wrote:
> This version incorporates all the feedback we've had so far, and
> looks to be the most complete version we've ever had upstream.
> I listed the autofs example that Andreas gave in the manual, since
> it was relevant to point out to readers that the configuration actually
> gets used by non-glibc system software.
>
> v3 here for review.

Ping.

https://www.sourceware.org/ml/libc-alpha/2019-03/msg00550.html

--
Cheers,
Carlos.
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH v3] nss: Make nsswitch.conf more distribution friendly.

Florian Weimer-5
In reply to this post by Carlos O'Donell-5
* Carlos O'Donell:

> +# winbind Use SAMBA winbind support
> +# wins Use SAMBA wins support

Typo: The project calls itself “Samba”.  Rest looks okay to me.

Thanks,
Florian
Reply | Threaded
Open this post in threaded view
|

[PATCH v4] nss: Make nsswitch.conf more distribution friendly.

Carlos O'Donell-5
On 4/9/19 6:43 AM, Florian Weimer wrote:

> * Carlos O'Donell:
>
>> +# winbind Use SAMBA winbind support
>> +# wins Use SAMBA wins support
>
> Typo: The project calls itself “Samba”.  Rest looks okay to me.
>
> Thanks,
> Florian
>

Reviving this patch now that glibc 2.31 is open.

v4 here for review, and I think we're probably ready to commit.

8< --- 8< ---- 8<
 From b92d9e196036b296197490679d65623434a3e108 Mon Sep 17 00:00:00 2001
From: Carlos O'Donell <[hidden email]>
Date: Wed, 20 Mar 2019 12:40:18 -0400
Subject: [PATCH 1/2] nss: Make nsswitch.conf more distribution friendly.

The current default nsswitch.conf file provided by glibc is not very
distribution friendly. The file contains some minimal directives that no
real distribution uses. This update aims to provide a rich set of
comments which are useful for all distributions, and a broader set of
service defines which should work for all distributions.

Tested defaults on x86_64 and they work. The nsswitch.conf file more
closely matches what we have in Fedora now, and I'll adjust Fedora to
use this version with minor changes to enable Fedora-specific service
providers.

v2
- Add missing databases to manual.
- Add link to manual from default nsswitch.conf.
- Sort nsswitch.conf according to most used database first.

v3
- Only mention implemented services in 'NSS Basics.'
- Mention 'automount' in 'Services in the NSS configuration.'
- Sort services in alphabetical order.

v4
- Project name is 'Samba'.
---
  ChangeLog         |  6 ++++
  manual/nss.texi   | 24 +++++++++++---
  nss/nsswitch.conf | 81 +++++++++++++++++++++++++++++++++++++----------
  3 files changed, 90 insertions(+), 21 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 55e964bac2..4041862064 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2019-08-02  Carlos O'Donell  <[hidden email]>
+
+ * nss/nsswitch.conf: Expand comments, and simplify defaults.
+ * manual/nss.texi (NSS Basics): List all known databases.
+ (Services in the NSS configuration): Mention automount.
+
  2019-08-02  Joseph Myers  <[hidden email]>
 
  * sysdeps/unix/sysv/linux/syscall-names.list: Update comment.
diff --git a/manual/nss.texi b/manual/nss.texi
index 164ae33246..2d5aecd487 100644
--- a/manual/nss.texi
+++ b/manual/nss.texi
@@ -56,13 +56,17 @@ functions to access the databases.
  @noindent
  The databases available in the NSS are
 
+@cindex aliases
  @cindex ethers
  @cindex group
+@cindex gshadow
  @cindex hosts
+@cindex initgroups
  @cindex netgroup
  @cindex networks
-@cindex protocols
  @cindex passwd
+@cindex protocols
+@cindex publickey
  @cindex rpc
  @cindex services
  @cindex shadow
@@ -75,16 +79,22 @@ Ethernet numbers,
  @comment @pxref{Ethernet Numbers}.
  @item group
  Groups of users, @pxref{Group Database}.
+@item gshadow
+Group passphrase hashes and related information.
  @item hosts
  Host names and numbers, @pxref{Host Names}.
+@item initgroups
+Supplementary group access list.
  @item netgroup
  Network wide list of host and users, @pxref{Netgroup Database}.
  @item networks
  Network names and numbers, @pxref{Networks Database}.
-@item protocols
-Network protocols, @pxref{Protocols Database}.
  @item passwd
  User identities, @pxref{User Database}.
+@item protocols
+Network protocols, @pxref{Protocols Database}.
+@item publickey
+Public keys for Secure RPC.
  @item rpc
  Remote procedure call names and numbers.
  @comment @pxref{RPC Database}.
@@ -96,8 +106,8 @@ User passphrase hashes and related information.
  @end table
 
  @noindent
-There will be some more added later (@code{automount}, @code{bootparams},
-@code{netmasks}, and @code{publickey}).
+@c We currently don't implement automount, netmasks, or bootparams.
+More databasess may be added later.
 
  @node NSS Configuration File, NSS Module Internals, NSS Basics, Name Service Switch
  @section The NSS Configuration File
@@ -159,6 +169,10 @@ these files since they should be placed in a directory where they are
  found automatically.  Only the names of all available services are
  important.
 
+Lastly, some system software may make use of the NSS configuration file
+to store it's own configuration for similar purposes.  Examples of this
+include the @code{automount} service which is used by @code{autofs}.
+
  @node Actions in the NSS configuration, Notes on NSS Configuration File, Services in the NSS configuration, NSS Configuration File
  @subsection Actions in the NSS configuration
 
diff --git a/nss/nsswitch.conf b/nss/nsswitch.conf
index 39ca88bf51..f553588114 100644
--- a/nss/nsswitch.conf
+++ b/nss/nsswitch.conf
@@ -1,20 +1,69 @@
+#
  # /etc/nsswitch.conf
  #
-# Example configuration of GNU Name Service Switch functionality.
+# An example Name Service Switch config file. This file should be
+# sorted with the most-used services at the beginning.
  #
+# Valid databases are: aliases, ethers, group, gshadow, hosts,
+# initgroups, netgroup, networks, passwd, protocols, publickey,
+# rpc, services, and shadow.
+#
+# Valid service provider entries include (in alphabetical order):
+#
+# compat Use /etc files plus *_compat pseudo-db
+# db Use the pre-processed /var/db files
+# dns Use DNS (Domain Name Service)
+# files Use the local files in /etc
+# hesiod Use Hesiod (DNS) for user lookups
+# nis Use NIS (NIS version 2), also called YP
+# nisplus Use NIS+ (NIS version 3)
+#
+# See `info libc 'NSS Basics'` for more information.
+#
+# Commonly used alternative service providers (may need installation):
+#
+# ldap Use LDAP directory server
+# myhostname Use systemd host names
+# mymachines Use systemd machine names
+# mdns*, mdns*_minimal Use Avahi mDNS/DNS-SD
+# resolve Use systemd resolved resolver
+# sss Use System Security Services Daemon (sssd)
+# systemd Use systemd for dynamic user option
+# winbind Use Samba winbind support
+# wins Use Samba wins support
+# wrapper Use wrapper module for testing
+#
+# Notes:
+#
+# 'sssd' performs its own 'files'-based caching, so it should generally
+# come before 'files'.
+#
+# WARNING: Running nscd with a secondary caching service like sssd may
+#   lead to unexpected behaviour, especially with how long
+#   entries are cached.
+#
+# Installation instructions:
+#
+# To use 'db', install the appropriate package(s) (provide 'makedb' and
+# libnss_db.so.*), and place the 'db' in front of 'files' for entries
+# you want to be looked up first in the databases, like this:
+#
+# passwd:    db files
+# shadow:    db files
+# group:     db files
 
-passwd: db files
-group: db files
-initgroups: db [SUCCESS=continue] files
-shadow: db files
-gshadow: files
-
-hosts: files dns
-networks: files dns
-
-protocols: db files
-services: db files
-ethers: db files
-rpc: db files
-
-netgroup: db files
+# In alphabetical order. Re-order as required to optimize peformance.
+aliases:    files
+ethers:     files
+group:      files
+gshadow:    files
+hosts:      files dns
+initgroups: files
+netgroup:   files
+networks:   files dns
+passwd:     files
+protocols:  files
+publickey:  files
+rpc:        files
+shadow:     files
+services:   files
--
2.21.0

--
Cheers,
Carlos.
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH v4] nss: Make nsswitch.conf more distribution friendly.

Florian Weimer-5
The patch has again some corruption:

> diff --git a/nss/nsswitch.conf b/nss/nsswitch.conf
> index 39ca88bf51..f553588114 100644
> --- a/nss/nsswitch.conf
> +++ b/nss/nsswitch.conf
> @@ -1,20 +1,69 @@
> +#
>   # /etc/nsswitch.conf
>   #
> -# Example configuration of GNU Name Service Switch functionality.
> +# An example Name Service Switch config file. This file should be
> +# sorted with the most-used services at the beginning.
>   #

It is also visible in the list archives:

<https://sourceware.org/cgi-bin/get-raw-msg?listname=libc-alpha&date=2019-08&msgid=a865a3e9-edeb-25e5-c532-1444162a7879%40redhat.com>

So I don't think it's Red Hat's self-hosted mail infrastructure.

Thanks,
Florian
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH v4] nss: Make nsswitch.conf more distribution friendly.

Andreas Schwab
On Aug 05 2019, Florian Weimer <[hidden email]> wrote:

> The patch has again some corruption:

No, it's a correctly formatted format=flowed.

Andreas.

--
Andreas Schwab, SUSE Labs, [hidden email]
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH v4] nss: Make nsswitch.conf more distribution friendly.

Joseph Myers
On Mon, 5 Aug 2019, Andreas Schwab wrote:

> On Aug 05 2019, Florian Weimer <[hidden email]> wrote:
>
> > The patch has again some corruption:
>
> No, it's a correctly formatted format=flowed.

format=flowed is not suitable for including patches directly in the body
of an email.

--
Joseph S. Myers
[hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH v4] nss: Make nsswitch.conf more distribution friendly.

Andreas Schwab
On Aug 05 2019, Joseph Myers <[hidden email]> wrote:

> On Mon, 5 Aug 2019, Andreas Schwab wrote:
>
>> On Aug 05 2019, Florian Weimer <[hidden email]> wrote:
>>
>> > The patch has again some corruption:
>>
>> No, it's a correctly formatted format=flowed.
>
> format=flowed is not suitable for including patches directly in the body
> of an email.

Worksforme.

Andreas.

--
Andreas Schwab, SUSE Labs, [hidden email]
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH v4] nss: Make nsswitch.conf more distribution friendly.

Carlos O'Donell-5
In reply to this post by Joseph Myers
On 8/5/19 3:26 PM, Joseph Myers wrote:

> On Mon, 5 Aug 2019, Andreas Schwab wrote:
>
>> On Aug 05 2019, Florian Weimer <[hidden email]> wrote:
>>
>>> The patch has again some corruption:
>>
>> No, it's a correctly formatted format=flowed.
>
> format=flowed is not suitable for including patches directly in the body
> of an email.
 
This was a mistake on my end when I reset my MUA options.

v4 here for review again without format=flowed.

8< --- 8< ---- 8<
From 36358cc98ab232ab4789038c5e660e8fbd65bff0 Mon Sep 17 00:00:00 2001
From: Carlos O'Donell <[hidden email]>
Date: Wed, 20 Mar 2019 12:40:18 -0400
Subject: [PATCH v4] nss: Make nsswitch.conf more distribution friendly.

The current default nsswitch.conf file provided by glibc is not very
distribution friendly. The file contains some minimal directives that no
real distribution uses. This update aims to provide a rich set of
comments which are useful for all distributions, and a broader set of
service defines which should work for all distributions.

Tested defaults on x86_64 and they work. The nsswitch.conf file more
closely matches what we have in Fedora now, and I'll adjust Fedora to
use this version with minor changes to enable Fedora-specific service
providers.

v2
- Add missing databases to manual.
- Add link to manual from default nsswitch.conf.
- Sort nsswitch.conf according to most used database first.

v3
- Only mention implemented services in 'NSS Basics.'
- Mention 'automount' in 'Services in the NSS configuration.'
- Sort services in alphabetical order.

v4
- Project name is 'Samba'.
---
 ChangeLog         |  6 ++++
 manual/nss.texi   | 24 +++++++++++---
 nss/nsswitch.conf | 81 +++++++++++++++++++++++++++++++++++++----------
 3 files changed, 90 insertions(+), 21 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 47a3fa04ae..23df9a3545 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2019-08-16  Carlos O'Donell  <[hidden email]>
+
+ * nss/nsswitch.conf: Expand comments, and simplify defaults.
+ * manual/nss.texi (NSS Basics): List all known databases.
+ (Services in the NSS configuration): Mention automount.
+
 2019-08-15  Florian Weimer  <[hidden email]>
 
  nptl: Move pthread_attr_init implementation into libc.
diff --git a/manual/nss.texi b/manual/nss.texi
index 164ae33246..2d5aecd487 100644
--- a/manual/nss.texi
+++ b/manual/nss.texi
@@ -56,13 +56,17 @@ functions to access the databases.
 @noindent
 The databases available in the NSS are
 
+@cindex aliases
 @cindex ethers
 @cindex group
+@cindex gshadow
 @cindex hosts
+@cindex initgroups
 @cindex netgroup
 @cindex networks
-@cindex protocols
 @cindex passwd
+@cindex protocols
+@cindex publickey
 @cindex rpc
 @cindex services
 @cindex shadow
@@ -75,16 +79,22 @@ Ethernet numbers,
 @comment @pxref{Ethernet Numbers}.
 @item group
 Groups of users, @pxref{Group Database}.
+@item gshadow
+Group passphrase hashes and related information.
 @item hosts
 Host names and numbers, @pxref{Host Names}.
+@item initgroups
+Supplementary group access list.
 @item netgroup
 Network wide list of host and users, @pxref{Netgroup Database}.
 @item networks
 Network names and numbers, @pxref{Networks Database}.
-@item protocols
-Network protocols, @pxref{Protocols Database}.
 @item passwd
 User identities, @pxref{User Database}.
+@item protocols
+Network protocols, @pxref{Protocols Database}.
+@item publickey
+Public keys for Secure RPC.
 @item rpc
 Remote procedure call names and numbers.
 @comment @pxref{RPC Database}.
@@ -96,8 +106,8 @@ User passphrase hashes and related information.
 @end table
 
 @noindent
-There will be some more added later (@code{automount}, @code{bootparams},
-@code{netmasks}, and @code{publickey}).
+@c We currently don't implement automount, netmasks, or bootparams.
+More databasess may be added later.
 
 @node NSS Configuration File, NSS Module Internals, NSS Basics, Name Service Switch
 @section The NSS Configuration File
@@ -159,6 +169,10 @@ these files since they should be placed in a directory where they are
 found automatically.  Only the names of all available services are
 important.
 
+Lastly, some system software may make use of the NSS configuration file
+to store it's own configuration for similar purposes.  Examples of this
+include the @code{automount} service which is used by @code{autofs}.
+
 @node Actions in the NSS configuration, Notes on NSS Configuration File, Services in the NSS configuration, NSS Configuration File
 @subsection Actions in the NSS configuration
 
diff --git a/nss/nsswitch.conf b/nss/nsswitch.conf
index 39ca88bf51..f553588114 100644
--- a/nss/nsswitch.conf
+++ b/nss/nsswitch.conf
@@ -1,20 +1,69 @@
+#
 # /etc/nsswitch.conf
 #
-# Example configuration of GNU Name Service Switch functionality.
+# An example Name Service Switch config file. This file should be
+# sorted with the most-used services at the beginning.
 #
+# Valid databases are: aliases, ethers, group, gshadow, hosts,
+# initgroups, netgroup, networks, passwd, protocols, publickey,
+# rpc, services, and shadow.
+#
+# Valid service provider entries include (in alphabetical order):
+#
+# compat Use /etc files plus *_compat pseudo-db
+# db Use the pre-processed /var/db files
+# dns Use DNS (Domain Name Service)
+# files Use the local files in /etc
+# hesiod Use Hesiod (DNS) for user lookups
+# nis Use NIS (NIS version 2), also called YP
+# nisplus Use NIS+ (NIS version 3)
+#
+# See `info libc 'NSS Basics'` for more information.
+#
+# Commonly used alternative service providers (may need installation):
+#
+# ldap Use LDAP directory server
+# myhostname Use systemd host names
+# mymachines Use systemd machine names
+# mdns*, mdns*_minimal Use Avahi mDNS/DNS-SD
+# resolve Use systemd resolved resolver
+# sss Use System Security Services Daemon (sssd)
+# systemd Use systemd for dynamic user option
+# winbind Use Samba winbind support
+# wins Use Samba wins support
+# wrapper Use wrapper module for testing
+#
+# Notes:
+#
+# 'sssd' performs its own 'files'-based caching, so it should generally
+# come before 'files'.
+#
+# WARNING: Running nscd with a secondary caching service like sssd may
+#   lead to unexpected behaviour, especially with how long
+#   entries are cached.
+#
+# Installation instructions:
+#
+# To use 'db', install the appropriate package(s) (provide 'makedb' and
+# libnss_db.so.*), and place the 'db' in front of 'files' for entries
+# you want to be looked up first in the databases, like this:
+#
+# passwd:    db files
+# shadow:    db files
+# group:     db files
 
-passwd: db files
-group: db files
-initgroups: db [SUCCESS=continue] files
-shadow: db files
-gshadow: files
-
-hosts: files dns
-networks: files dns
-
-protocols: db files
-services: db files
-ethers: db files
-rpc: db files
-
-netgroup: db files
+# In alphabetical order. Re-order as required to optimize peformance.
+aliases:    files
+ethers:     files
+group:      files
+gshadow:    files
+hosts:      files dns
+initgroups: files
+netgroup:   files
+networks:   files dns
+passwd:     files
+protocols:  files
+publickey:  files
+rpc:        files
+shadow:     files
+services:   files
--
2.21.0
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH v4] nss: Make nsswitch.conf more distribution friendly.

Florian Weimer-5
* Carlos O'Donell:

> +Lastly, some system software may make use of the NSS configuration file
> +to store it's own configuration for similar purposes.  Examples of this
> +include the @code{automount} service which is used by @code{autofs}.

Typo: it's

Rest looks good to me.

Thanks,
Florian
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH v4] nss: Make nsswitch.conf more distribution friendly.

Carlos O'Donell-5
On 8/16/19 12:15 PM, Florian Weimer wrote:
> * Carlos O'Donell:
>
>> +Lastly, some system software may make use of the NSS configuration file
>> +to store it's own configuration for similar purposes.  Examples of this
>> +include the @code{automount} service which is used by @code{autofs}.
>
> Typo: it's
>
> Rest looks good to me.

v5 with typo fixed attached.

Could you please provide reviewed-by if you're happy with this version?

--
Cheers,
Carlos.


From 3b22db4196ad4d889a14d32a51582d265b469ce1 Mon Sep 17 00:00:00 2001
From: Carlos O'Donell <[hidden email]>
Date: Wed, 20 Mar 2019 12:40:18 -0400
Subject: [PATCH v5] nss: Make nsswitch.conf more distribution friendly.

The current default nsswitch.conf file provided by glibc is not very
distribution friendly. The file contains some minimal directives that no
real distribution uses. This update aims to provide a rich set of
comments which are useful for all distributions, and a broader set of
service defines which should work for all distributions.

Tested defaults on x86_64 and they work. The nsswitch.conf file more
closely matches what we have in Fedora now, and I'll adjust Fedora to
use this version with minor changes to enable Fedora-specific service
providers.

v2
- Add missing databases to manual.
- Add link to manual from default nsswitch.conf.
- Sort nsswitch.conf according to most used database first.

v3
- Only mention implemented services in 'NSS Basics.'
- Mention 'automount' in 'Services in the NSS configuration.'
- Sort services in alphabetical order.

v4
- Project name is 'Samba'.

v5
- Fix typo in manual/nss.texi.
---
 ChangeLog         |  6 ++++
 manual/nss.texi   | 24 +++++++++++---
 nss/nsswitch.conf | 81 +++++++++++++++++++++++++++++++++++++----------
 3 files changed, 90 insertions(+), 21 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 47a3fa04ae..23df9a3545 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2019-08-16  Carlos O'Donell  <[hidden email]>
+
+ * nss/nsswitch.conf: Expand comments, and simplify defaults.
+ * manual/nss.texi (NSS Basics): List all known databases.
+ (Services in the NSS configuration): Mention automount.
+
 2019-08-15  Florian Weimer  <[hidden email]>
 
  nptl: Move pthread_attr_init implementation into libc.
diff --git a/manual/nss.texi b/manual/nss.texi
index 164ae33246..3fc000ce22 100644
--- a/manual/nss.texi
+++ b/manual/nss.texi
@@ -56,13 +56,17 @@ functions to access the databases.
 @noindent
 The databases available in the NSS are
 
+@cindex aliases
 @cindex ethers
 @cindex group
+@cindex gshadow
 @cindex hosts
+@cindex initgroups
 @cindex netgroup
 @cindex networks
-@cindex protocols
 @cindex passwd
+@cindex protocols
+@cindex publickey
 @cindex rpc
 @cindex services
 @cindex shadow
@@ -75,16 +79,22 @@ Ethernet numbers,
 @comment @pxref{Ethernet Numbers}.
 @item group
 Groups of users, @pxref{Group Database}.
+@item gshadow
+Group passphrase hashes and related information.
 @item hosts
 Host names and numbers, @pxref{Host Names}.
+@item initgroups
+Supplementary group access list.
 @item netgroup
 Network wide list of host and users, @pxref{Netgroup Database}.
 @item networks
 Network names and numbers, @pxref{Networks Database}.
-@item protocols
-Network protocols, @pxref{Protocols Database}.
 @item passwd
 User identities, @pxref{User Database}.
+@item protocols
+Network protocols, @pxref{Protocols Database}.
+@item publickey
+Public keys for Secure RPC.
 @item rpc
 Remote procedure call names and numbers.
 @comment @pxref{RPC Database}.
@@ -96,8 +106,8 @@ User passphrase hashes and related information.
 @end table
 
 @noindent
-There will be some more added later (@code{automount}, @code{bootparams},
-@code{netmasks}, and @code{publickey}).
+@c We currently don't implement automount, netmasks, or bootparams.
+More databasess may be added later.
 
 @node NSS Configuration File, NSS Module Internals, NSS Basics, Name Service Switch
 @section The NSS Configuration File
@@ -159,6 +169,10 @@ these files since they should be placed in a directory where they are
 found automatically.  Only the names of all available services are
 important.
 
+Lastly, some system software may make use of the NSS configuration file
+to store their own configuration for similar purposes.  Examples of this
+include the @code{automount} service which is used by @code{autofs}.
+
 @node Actions in the NSS configuration, Notes on NSS Configuration File, Services in the NSS configuration, NSS Configuration File
 @subsection Actions in the NSS configuration
 
diff --git a/nss/nsswitch.conf b/nss/nsswitch.conf
index 39ca88bf51..f553588114 100644
--- a/nss/nsswitch.conf
+++ b/nss/nsswitch.conf
@@ -1,20 +1,69 @@
+#
 # /etc/nsswitch.conf
 #
-# Example configuration of GNU Name Service Switch functionality.
+# An example Name Service Switch config file. This file should be
+# sorted with the most-used services at the beginning.
 #
+# Valid databases are: aliases, ethers, group, gshadow, hosts,
+# initgroups, netgroup, networks, passwd, protocols, publickey,
+# rpc, services, and shadow.
+#
+# Valid service provider entries include (in alphabetical order):
+#
+# compat Use /etc files plus *_compat pseudo-db
+# db Use the pre-processed /var/db files
+# dns Use DNS (Domain Name Service)
+# files Use the local files in /etc
+# hesiod Use Hesiod (DNS) for user lookups
+# nis Use NIS (NIS version 2), also called YP
+# nisplus Use NIS+ (NIS version 3)
+#
+# See `info libc 'NSS Basics'` for more information.
+#
+# Commonly used alternative service providers (may need installation):
+#
+# ldap Use LDAP directory server
+# myhostname Use systemd host names
+# mymachines Use systemd machine names
+# mdns*, mdns*_minimal Use Avahi mDNS/DNS-SD
+# resolve Use systemd resolved resolver
+# sss Use System Security Services Daemon (sssd)
+# systemd Use systemd for dynamic user option
+# winbind Use Samba winbind support
+# wins Use Samba wins support
+# wrapper Use wrapper module for testing
+#
+# Notes:
+#
+# 'sssd' performs its own 'files'-based caching, so it should generally
+# come before 'files'.
+#
+# WARNING: Running nscd with a secondary caching service like sssd may
+#   lead to unexpected behaviour, especially with how long
+#   entries are cached.
+#
+# Installation instructions:
+#
+# To use 'db', install the appropriate package(s) (provide 'makedb' and
+# libnss_db.so.*), and place the 'db' in front of 'files' for entries
+# you want to be looked up first in the databases, like this:
+#
+# passwd:    db files
+# shadow:    db files
+# group:     db files
 
-passwd: db files
-group: db files
-initgroups: db [SUCCESS=continue] files
-shadow: db files
-gshadow: files
-
-hosts: files dns
-networks: files dns
-
-protocols: db files
-services: db files
-ethers: db files
-rpc: db files
-
-netgroup: db files
+# In alphabetical order. Re-order as required to optimize peformance.
+aliases:    files
+ethers:     files
+group:      files
+gshadow:    files
+hosts:      files dns
+initgroups: files
+netgroup:   files
+networks:   files dns
+passwd:     files
+protocols:  files
+publickey:  files
+rpc:        files
+shadow:     files
+services:   files
--
2.21.0

Reply | Threaded
Open this post in threaded view
|

Re: [PATCH v4] nss: Make nsswitch.conf more distribution friendly.

Florian Weimer-5
* Carlos O'Donell:

> +More databasess may be added later.

Another typo: databasess

Rest looks good to me.

Thanks,
Florian
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH v4] nss: Make nsswitch.conf more distribution friendly.

Carlos O'Donell-5
On 8/16/19 4:53 PM, Florian Weimer wrote:
> * Carlos O'Donell:
>
>> +More databasess may be added later.
>
> Another typo: databasess
>
> Rest looks good to me.

Hrm, I ran spell check, maybe I need to delete my defaults :-)
Re-ran aspell, all clean.

v6.

OK?

--
Cheers,
Carlos.

8< --- 8< --- 8<
From 67b1a878784960f8afd5facecde08b72e99beb21 Mon Sep 17 00:00:00 2001
From: Carlos O'Donell <[hidden email]>
Date: Wed, 20 Mar 2019 12:40:18 -0400
Subject: [PATCH v6] nss: Make nsswitch.conf more distribution friendly.

The current default nsswitch.conf file provided by glibc is not very
distribution friendly. The file contains some minimal directives that no
real distribution uses. This update aims to provide a rich set of
comments which are useful for all distributions, and a broader set of
service defines which should work for all distributions.

Tested defaults on x86_64 and they work. The nsswitch.conf file more
closely matches what we have in Fedora now, and I'll adjust Fedora to
use this version with minor changes to enable Fedora-specific service
providers.

v2
- Add missing databases to manual.
- Add link to manual from default nsswitch.conf.
- Sort nsswitch.conf according to most used database first.

v3
- Only mention implemented services in 'NSS Basics.'
- Mention 'automount' in 'Services in the NSS configuration.'
- Sort services in alphabetical order.

v4
- Project name is 'Samba'.

v5
- Fix typo in manual/nss.texi.

v6
- Fix another typo in manual/nss.texi. Ran spell checker this time.
---
 ChangeLog         |  6 ++++
 manual/nss.texi   | 24 +++++++++++---
 nss/nsswitch.conf | 81 +++++++++++++++++++++++++++++++++++++----------
 3 files changed, 90 insertions(+), 21 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 47a3fa04ae..23df9a3545 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2019-08-16  Carlos O'Donell  <[hidden email]>
+
+ * nss/nsswitch.conf: Expand comments, and simplify defaults.
+ * manual/nss.texi (NSS Basics): List all known databases.
+ (Services in the NSS configuration): Mention automount.
+
 2019-08-15  Florian Weimer  <[hidden email]>
 
  nptl: Move pthread_attr_init implementation into libc.
diff --git a/manual/nss.texi b/manual/nss.texi
index 164ae33246..821469a78a 100644
--- a/manual/nss.texi
+++ b/manual/nss.texi
@@ -56,13 +56,17 @@ functions to access the databases.
 @noindent
 The databases available in the NSS are
 
+@cindex aliases
 @cindex ethers
 @cindex group
+@cindex gshadow
 @cindex hosts
+@cindex initgroups
 @cindex netgroup
 @cindex networks
-@cindex protocols
 @cindex passwd
+@cindex protocols
+@cindex publickey
 @cindex rpc
 @cindex services
 @cindex shadow
@@ -75,16 +79,22 @@ Ethernet numbers,
 @comment @pxref{Ethernet Numbers}.
 @item group
 Groups of users, @pxref{Group Database}.
+@item gshadow
+Group passphrase hashes and related information.
 @item hosts
 Host names and numbers, @pxref{Host Names}.
+@item initgroups
+Supplementary group access list.
 @item netgroup
 Network wide list of host and users, @pxref{Netgroup Database}.
 @item networks
 Network names and numbers, @pxref{Networks Database}.
-@item protocols
-Network protocols, @pxref{Protocols Database}.
 @item passwd
 User identities, @pxref{User Database}.
+@item protocols
+Network protocols, @pxref{Protocols Database}.
+@item publickey
+Public keys for Secure RPC.
 @item rpc
 Remote procedure call names and numbers.
 @comment @pxref{RPC Database}.
@@ -96,8 +106,8 @@ User passphrase hashes and related information.
 @end table
 
 @noindent
-There will be some more added later (@code{automount}, @code{bootparams},
-@code{netmasks}, and @code{publickey}).
+@c We currently don't implement automount, netmasks, or bootparams.
+More databases may be added later.
 
 @node NSS Configuration File, NSS Module Internals, NSS Basics, Name Service Switch
 @section The NSS Configuration File
@@ -159,6 +169,10 @@ these files since they should be placed in a directory where they are
 found automatically.  Only the names of all available services are
 important.
 
+Lastly, some system software may make use of the NSS configuration file
+to store their own configuration for similar purposes.  Examples of this
+include the @code{automount} service which is used by @code{autofs}.
+
 @node Actions in the NSS configuration, Notes on NSS Configuration File, Services in the NSS configuration, NSS Configuration File
 @subsection Actions in the NSS configuration
 
diff --git a/nss/nsswitch.conf b/nss/nsswitch.conf
index 39ca88bf51..f553588114 100644
--- a/nss/nsswitch.conf
+++ b/nss/nsswitch.conf
@@ -1,20 +1,69 @@
+#
 # /etc/nsswitch.conf
 #
-# Example configuration of GNU Name Service Switch functionality.
+# An example Name Service Switch config file. This file should be
+# sorted with the most-used services at the beginning.
 #
+# Valid databases are: aliases, ethers, group, gshadow, hosts,
+# initgroups, netgroup, networks, passwd, protocols, publickey,
+# rpc, services, and shadow.
+#
+# Valid service provider entries include (in alphabetical order):
+#
+# compat Use /etc files plus *_compat pseudo-db
+# db Use the pre-processed /var/db files
+# dns Use DNS (Domain Name Service)
+# files Use the local files in /etc
+# hesiod Use Hesiod (DNS) for user lookups
+# nis Use NIS (NIS version 2), also called YP
+# nisplus Use NIS+ (NIS version 3)
+#
+# See `info libc 'NSS Basics'` for more information.
+#
+# Commonly used alternative service providers (may need installation):
+#
+# ldap Use LDAP directory server
+# myhostname Use systemd host names
+# mymachines Use systemd machine names
+# mdns*, mdns*_minimal Use Avahi mDNS/DNS-SD
+# resolve Use systemd resolved resolver
+# sss Use System Security Services Daemon (sssd)
+# systemd Use systemd for dynamic user option
+# winbind Use Samba winbind support
+# wins Use Samba wins support
+# wrapper Use wrapper module for testing
+#
+# Notes:
+#
+# 'sssd' performs its own 'files'-based caching, so it should generally
+# come before 'files'.
+#
+# WARNING: Running nscd with a secondary caching service like sssd may
+#   lead to unexpected behaviour, especially with how long
+#   entries are cached.
+#
+# Installation instructions:
+#
+# To use 'db', install the appropriate package(s) (provide 'makedb' and
+# libnss_db.so.*), and place the 'db' in front of 'files' for entries
+# you want to be looked up first in the databases, like this:
+#
+# passwd:    db files
+# shadow:    db files
+# group:     db files
 
-passwd: db files
-group: db files
-initgroups: db [SUCCESS=continue] files
-shadow: db files
-gshadow: files
-
-hosts: files dns
-networks: files dns
-
-protocols: db files
-services: db files
-ethers: db files
-rpc: db files
-
-netgroup: db files
+# In alphabetical order. Re-order as required to optimize peformance.
+aliases:    files
+ethers:     files
+group:      files
+gshadow:    files
+hosts:      files dns
+initgroups: files
+netgroup:   files
+networks:   files dns
+passwd:     files
+protocols:  files
+publickey:  files
+rpc:        files
+shadow:     files
+services:   files
--
2.21.0

Reply | Threaded
Open this post in threaded view
|

Re: [PATCH v4] nss: Make nsswitch.conf more distribution friendly.

Florian Weimer-5
* Carlos O'Donell:

> On 8/16/19 4:53 PM, Florian Weimer wrote:
>> * Carlos O'Donell:
>>
>>> +More databasess may be added later.
>>
>> Another typo: databasess
>>
>> Rest looks good to me.
>
> Hrm, I ran spell check, maybe I need to delete my defaults :-)
> Re-ran aspell, all clean.
>
> v6.
>
> OK?

Yes, looks good now.

Thanks,
Florian
12