NSS(5)                    (2020-06-09)                     NSS(5)

          nss - Name Service Switch configuration file

          Each call to a function which retrieves data from a system
          database like the password or group database is handled by
          the Name Service Switch implementation in the GNU C library.
          The various services provided are implemented by independent
          modules, each of which naturally varies widely from the

          The default implementations coming with the GNU C library
          are by default conservative and do not use unsafe data.
          This might be very costly in some situations, especially
          when the databases are large.  Some modules allow the system
          administrator to request taking shortcuts if these are known
          to be safe.  It is then the system administrator's
          responsibility to ensure the assumption is correct.

          There are other modules where the implementation changed
          over time.  If an implementation used to sacrifice speed for
          memory consumption, it might create problems if the
          preference is switched.

          The /etc/default/nss file contains a number of variable
          assignments.  Each variable controls the behavior of one or
          more NSS modules.  White spaces are ignored.  Lines begin-
          ning with aq#aq are treated as comments.

          The variables currently recognized are:

               If set to TRUE, the NIS backend for the initgroups(3)
               function will accept the information from the
               netid.byname NIS map as authoritative.  This can speed
               up the function significantly if the group.byname map
               is large.  The content of the netid.byname map is used
               as is.  The system administrator has to make sure it is
               correctly generated.

               If set to TRUE, the NIS backend for the
               getservbyname(3) and getservbyname_r(3) functions will
               assume that the services.byservicename NIS map exists
               and is authoritative, particularly that it contains
               both keys with /proto and without /proto for both pri-
               mary service names and service aliases.  The system
               administrator has to make sure it is correctly gener-

     Page 1                        Linux             (printed 5/26/22)

     NSS(5)                    (2020-06-09)                     NSS(5)

               If set to TRUE, the NIS backend for the setpwent(3) and
               setgrent(3) functions will read the entire database at
               once and then hand out the requests one by one from
               memory with every corresponding getpwent(3) or
               getgrent(3) call respectively.  Otherwise, each
               getpwent(3) or getgrent(3) call might result in a net-
               work communication with the server to get the next


          The default configuration corresponds to the following con-
          figuration file:



          This page is part of release 5.10 of the Linux man-pages
          project.  A description of the project, information about
          reporting bugs, and the latest version of this page, can be
          found at https://www.kernel.org/doc/man-pages/.

     Page 2                        Linux             (printed 5/26/22)