Previous: Actions in the NSS configuration, Up: NSS Configuration File


28.2.3 Notes on the NSS Configuration File

Finally a few more hints. The NSS implementation is not completely helpless if /etc/nsswitch.conf does not exist. For all supported databases there is a default value so it should normally be possible to get the system running even if the file is corrupted or missing.

For the hosts and networks databases the default value is dns [!UNAVAIL=return] files. I.e., the system is prepared for the DNS service not to be available but if it is available the answer it returns is definitive.

The passwd, group, and shadow databases are traditionally handled in a special way. The appropriate files in the /etc directory are read but if an entry with a name starting with a + character is found NIS is used. This kind of lookup remains possible by using the special lookup service compat and the default value for the three databases above is compat [NOTFOUND=return] files.

For all other databases the default value is nis [NOTFOUND=return] files. This solution give the best chance to be correct since NIS and file based lookup is used.

A second point is that the user should try to optimize the lookup process. The different service have different response times. A simple file look up on a local file could be fast, but if the file is long and the needed entry is near the end of the file this may take quite some time. In this case it might be better to use the db service which allows fast local access to large data sets.

Often the situation is that some global information like NIS must be used. So it is unavoidable to use service entries like nis etc. But one should avoid slow services like this if possible.