nsswitch.conf: How does one use netgroups/over-ride passwd fields?

Tillman Hodgson tillman at seekingfire.com
Mon Sep 27 10:48:45 PDT 2004

On Mon, Sep 27, 2004 at 12:06:41PM -0500, Dan Nelson wrote:
> In the last episode (Sep 27), Tillman Hodgson said:
> > I've been poking through the nsswitch.conf manpage in preparation for
> > moving some machiens to 5.3 (from 4.10). This machines participate in
> > an NIS domain which uses netgroups. It also over-rides passwd fields
> > (like the shell field) in certain cases.
> > 
> > How does one do that with nsswitch.conf if I want to avoid compat mode?
> I don't think you can.  netgroups (and +/- records and field
> overriding) only make sense in compat mode.  passwd and group both
> default to "compat", and passwd_compat and group_compat both default to
> "nis", so you shouldn't have to make any changes to nsswitch.conf.

I know that nsswitch.conf defaults to traditional behaviour (compat
mode). The non-compat modes are intriguing, though, and I don't know
much about them. So I thought I'd see if I can get traditional behaviour
through the newer mechanisms. This might make migrations (for example) a
bit easier.

The field over-riding makes sense (and I can work around it easily
enough). Netgroups seems important though, especially since NIS doesn't
do multiple domains.

Something like this is what I was hoping could be made to work:

passwd:   nis [notfound=return,netgroup=dept1,dept2,admins] files

Possibly I'm missing a point somewhere :-) What is it about netgroups
that don't make sense in an nsswitch.conf world?


It used to be said [...] that AIX looks like one space alien discovered Unix,
and described it to another different space alien who then implemented
AIX. But their universal translators were broken and they'd had to gesture
a lot.
    - A.S.R. quote (Paul Tomblin)

More information about the freebsd-questions mailing list