Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
NSSWITCH.CONF(5)	    BSD	File Formats Manual	      NSSWITCH.CONF(5)

     nsswitch.conf -- name-service switch configuration	file

     The nsswitch.conf file specifies how the nsdispatch(3) (name-service
     switch dispatcher)	routines in the	C library should operate.

     The configuration file controls how a process looks up various databases
     containing	information regarding hosts, users (passwords),	groups,	net-
     groups, etc.  Each	database comes from a source (such as local files,
     DNS, and NIS), and	the order to look up the sources is specified in

     Each entry	in nsswitch.conf consists of a database	name, and a space sep-
     arated list of sources.  Each source can have an optional trailing	crite-
     rion that determines whether the next listed source is used, or the
     search terminates at the current source.  Each criterion consists of one
     or	more status codes, and actions to take if that status code occurs.

     The following sources are implemented:
	   Source	    Description
	   files	    Local files, such as /etc/hosts, and /etc/passwd.
	   dns		    Internet Domain Name System. "hosts" and
			    "networks" use IN class entries, all other data-
			    bases use HS class (Hesiod)	entries.
	   mdnsd	    Use	mdnsd(8) for "hosts" lookups, acting as	both a
			    system-wide	cache for normal unicast DNS as	well
			    as providing multicast DNS ("zeroconf") lookups.
	   multicast_dns    Use	mdnsd(8) only for multicast DNS	"hosts"
			    lookups.  This would normally be used in conjunc-
			    tion with "dns", which would then provide unicast
			    DNS	resolver functions.
	   nis		    NIS	(formerly YP)
	   compat	    support `+/-' in the "passwd" and "group" data-
			    bases.  If this is present,	it must	be the only
			    source for that entry.

     The following databases are used by the following C library functions:
	   Database    Used by
	   group       getgrent(3)
	   hosts       gethostbyname(3)
	   netgroup    getnetgrent(3)
	   networks    getnetbyname(3)
	   passwd      getpwent(3)
	   shells      getusershell(3)

   Status codes
     The following status codes	are available:
	   Status      Description
	   success     The requested entry was found.
	   notfound    The entry is not	present	at this	source.
	   tryagain    The source is busy, and may respond to retries.
	   unavail     The source is not responding, or	entry is corrupt.

     For each of the status codes, one of two actions is possible:
	   Action      Description
	   continue    Try the next source
	   return      Return with the current result

   Format of file
     A BNF description of the syntax of	nsswitch.conf is:

	   <entry>	  ::= <database> ":" [<source> [<criteria>]]*
	   <criteria>	  ::= "[" <criterion>+ "]"
	   <criterion>	  ::= <status> "=" <action>
	   <status>	  ::= "success"	| "notfound" | "unavail" | "tryagain"
	   <action>	  ::= "return" | "continue"

     Each entry	starts on a new	line in	the file.  A `#' delimits a comment to
     end of line.  Blank lines are ignored.  A `\' at the end of a line	es-
     capes the newline,	and causes the next line to be a continuation of the
     current line.  All	entries	are case-insensitive.

     The default criteria is to	return on "success", and continue on anything
     else (i.e,	[success=return	notfound=continue unavail=continue
     tryagain=continue]	).

   Compat mode:	+/- syntax
     In	historical multi-source	implementations, the `+' and `-' characters
     are used to specify the importing of user password	and group information
     from NIS.	Although nsswitch.conf provides	alternative methods of access-
     ing distributed sources such as NIS, specifying a sole source of "compat"
     will provide the historical behaviour.

     An	alternative source for the information accessed	via `+/-' can be used
     by	specifying "passwd_compat: source".  "source" in this case can be
     `dns', `nis', or any other	source except for `files' and `compat'.

     Historically, many	of the databases had enumeration functions, often of
     the form getXXXent().  These made sense when the databases	were in	local
     files, but	don't make sense or have lesser	relevance when there are pos-
     sibly multiple sources, each of an	unknown	size.  The interfaces are
     still provided for	compatibility, but the source may not be able to pro-
     vide complete entries, or duplicate entries may be	retrieved if multiple
     sources that contain similar information are specified.

     To	ensure compatibility with previous and current implementations,	the
     "compat" source must appear alone for a given database.

   Default source lists
     If, for any reason, nsswitch.conf doesn't exist, or it has	missing	or
     corrupt entries, nsdispatch(3) will default to an entry of	"files"	for
     the requested database.  Exceptions are:

	   Database	    Default source list
	   group	    compat
	   group_compat	    nis
	   hosts	    files dns
	   netgroup	    files [notfound=return] nis
	   passwd	    compat
	   passwd_compat    nis

     /etc/nsswitch.conf	 The file nsswitch.conf	resides	in /etc.

     To	lookup hosts in	/etc/hosts and then from the DNS, and lookup user in-
     formation from NIS	then files, use:

	   hosts:     files dns
	   passwd:    nis [notfound=return] files
	   group:     nis [notfound=return] files

     The criteria "[notfound=return]" sets a policy of "if the user is not-
     found in nis, don't try files."  This treats nis as the authoritative
     source of information, except when	the server is down.

     getent(1),	nsdispatch(3), resolv.conf(5), named(8), ypbind(8)

     The nsswitch.conf file format first appeared in NetBSD 1.4.

     Luke Mewburn <> wrote this	freely distributable name-ser-
     vice switch implementation, using ideas from the ULTRIX svc.conf(5) and
     Solaris nsswitch.conf(4) manual pages.

BSD			       October 25, 2009				   BSD


Want to link to this manual page? Use this URL:

home | help