Linux Naming Service Switch(linux 名称解析服务)

Linux Naming Service Switch(linux 名称解析服务)

• 配置文件/etc/nsswitch.conf,这个配置文件可以为众多的名称解析机制提供名称解析库。

配置文件/etc/nsswitch.conf说明

• 第一种写法
  passwd: files sss 这的意思是。获取用户信息先去file中寻找，没有找到的话去sss中去寻找
• 第二种写法
  hosts: dns [!UNAVAIL=return] files 如果dns不可用。直接返回（当然，既然不可用直接返回的数据就是空）
  [!UNAVAIL=return]条语句有俩个定义
  1. status
     STATUS的取值如下。
     l NOTFOUND——方法已经执行，但是并没有找到待搜索的值。默认的动作是continue。
     l SUCCESS——方法已经执行，并且已经找到待搜索的值，没有返回错误。默认动作是return。
     l UNAVAIL——方法失败，原因是永久不可用。举例来说，所需的文件不可访问或者所需的服务器可能停机。默认的动作是continue。
     l TRYAGAIN——方法失败，原因是临时不可用。举例来说，某个文件被锁定，或者某台服务器超载。默认动作是continue。
  2. action
     action的取值如下：
     l return——返回到调用例程，带有返回值，或者不带返回值。
     l continue——继续执行下一个方法。任何返回值都会被下一个方法找到的值覆盖。

#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
#	nisplus			Use NIS+ (NIS version 3)
#	nis			Use NIS (NIS version 2), also called YP
#	dns			Use DNS (Domain Name Service)
#	files			Use the local files
#	db			Use the local database (.db) files
#	compat			Use NIS on compat mode
#	hesiod			Use Hesiod for user lookups
#	[NOTFOUND=return]	Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis

passwd:     files sss
shadow:     files sss
group:      files sss
#initgroups: files sss

#hosts:     db files nisplus nis dns
hosts:      files dns myhostname

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files sss

netgroup:   nisplus sss

publickey:  nisplus

automount:  files nisplus sss
aliases:    files nisplus

linux中的名称解析机制有哪些

总结说明：总结一下就是下边这一大坨的在linux中的数据库文件都是通过名称解析服务调用的，并且只要符合名称解析服务的定义就可以通过其他方式实现。

• aliases
  Mail aliases, used by getaliasent(3) and related functions.
  邮件别名：/etc/aliases

• ethers
  Ethernet numbers.
  网络号

• group
  Groups of users, used by getgrent(3) and related functions.
  用户组： /etc/group

• hosts
  Host names and numbers, used by gethostbyname(3) and related functions.
  /etc/host.conf
  resolver configuration file
  /etc/hosts
  host database file

• initgroups
  Supplementary group access list, used by getgrouplist(3) function.
  获取用户所属的组列表，就是扫描组数据的一个功能

• netgroup
  Network-wide list of hosts and users, used for access rules. C libraries before glibc 2.1 supported netgroups only over NIS.
  /etc/networks
  networks database file

• networks

Network names and numbers, used by getnetent - Linux Man Pages (3) and related functions.

• passwd
  User passwords, used by getpwent: get password file entry - Linux Man Pages (3) and related functions.
  /etc/passwd
  local password database file

• protocols
  Network protocols, used by getprotoent: get protocol entry - Linux Man Pages (3) and related functions.
  /etc/protocols
  protocol database file

• publickey
  Public and secret keys for Secure_RPC used by NFS and NIS+.

• rpc
  Remote procedure call names and numbers, used getrpcbyname: get - Linux Man Pages (3) and related functions.
  /etc/rpc
  RPC program number database.

• services
  Network services, used by getservent - Linux Man Pages (3) and related functions.
  /etc/services
  services database file

• shadow
  Shadow user passwords, used by getspnam: get shadow password file entry - Linux Man Pages (3) and related functions.
  /etc/shadow
  local shadow password database file
  /etc/.pwd.lock
  lock file

名称解析服务可以使用的数据库

说明：libnss_dns.so.2 如果存在这个文件就说明nss可以使用dns这个库文件进行解析。

cd /usr/lib64/ && ll libnss_*
-rwxr-xr-x. 1 root root  46824 Apr 10  2018 libnss_compat-2.17.so
lrwxrwxrwx. 1 root root     21 Sep  6  2018 libnss_compat.so.2 -> libnss_compat-2.17.so
-rwxr-xr-x. 1 root root  38472 Apr 10  2018 libnss_db-2.17.so
lrwxrwxrwx. 1 root root     17 Sep  6  2018 libnss_db.so.2 -> libnss_db-2.17.so
-rwxr-xr-x. 1 root root  31824 Apr 10  2018 libnss_dns-2.17.so
lrwxrwxrwx. 1 root root     18 Sep  6  2018 libnss_dns.so.2 -> libnss_dns-2.17.so
-rwxr-xr-x. 1 root root  62184 Apr 10  2018 libnss_files-2.17.so
lrwxrwxrwx. 1 root root     20 Sep  6  2018 libnss_files.so.2 -> libnss_files-2.17.so
-rwxr-xr-x. 1 root root  24048 Apr 10  2018 libnss_hesiod-2.17.so
lrwxrwxrwx. 1 root root     21 Sep  6  2018 libnss_hesiod.so.2 -> libnss_hesiod-2.17.so
-rwxr-xr-x. 1 root root  86544 Sep 27  2018 libnss_myhostname.so.2
-rwxr-xr-x. 1 root root 305208 Sep 27  2018 libnss_mymachines.so.2
-rwxr-xr-x. 1 root root  57056 Apr 10  2018 libnss_nis-2.17.so
-rwxr-xr-x. 1 root root  70096 Apr 10  2018 libnss_nisplus-2.17.so
lrwxrwxrwx. 1 root root     22 Sep  6  2018 libnss_nisplus.so.2 -> libnss_nisplus-2.17.so
lrwxrwxrwx. 1 root root     18 Sep  6  2018 libnss_nis.so.2 -> libnss_nis-2.17.so