nsswitch.conf: How does one use netgroups/over-ride passwd
fields?
Dan Nelson
dnelson at allantgroup.com
Mon Sep 27 11:06:34 PDT 2004
In the last episode (Sep 27), Tillman Hodgson said:
> I know that nsswitch.conf defaults to traditional behaviour (compat
> mode). The non-compat modes are intriguing, though, and I don't know
> much about them. So I thought I'd see if I can get traditional
> behaviour through the newer mechanisms. This might make migrations
> (for example) a bit easier.
They are basically serial lookups; if a user isn't found in the first
source, try the next, etc. [notfound] allows for quick termination if
later sources are just fallback ones in case the primary doesn't
respond.
> passwd: nis [notfound=return,netgroup=dept1,dept2,admins] files
>
> Possibly I'm missing a point somewhere :-) What is it about netgroups
> that don't make sense in an nsswitch.conf world?
I have only known them to be useful as part of +/- records; for example
to only allow matching users in the "access" netgroup log into a
machine:
+ at access::0:0:::
+::0:0:::/usr/local/bin/nologin
It may be that netgroup's real purpose is something else that I have
not yet discovered :)
--
Dan Nelson
dnelson at allantgroup.com
More information about the freebsd-questions
mailing list