[v4] nss: Make nsswitch.conf more distribution friendly.
diff mbox series

Message ID a865a3e9-edeb-25e5-c532-1444162a7879@redhat.com
State New
Headers show
Series
  • [v4] nss: Make nsswitch.conf more distribution friendly.
Related show

Commit Message

Carlos O'Donell Aug. 2, 2019, 9:58 p.m. UTC
On 4/9/19 6:43 AM, Florian Weimer wrote:
> * Carlos O'Donell:
> 
>> +#	winbind			Use SAMBA winbind support
>> +#	wins			Use SAMBA wins support
> 
> Typo: The project calls itself “Samba”.  Rest looks okay to me.
> 
> Thanks,
> Florian
> 

Reviving this patch now that glibc 2.31 is open.

v4 here for review, and I think we're probably ready to commit.

8< --- 8< ---- 8<
 From b92d9e196036b296197490679d65623434a3e108 Mon Sep 17 00:00:00 2001
From: Carlos O'Donell <carlos@redhat.com>
Date: Wed, 20 Mar 2019 12:40:18 -0400
Subject: [PATCH 1/2] nss: Make nsswitch.conf more distribution friendly.

The current default nsswitch.conf file provided by glibc is not very
distribution friendly. The file contains some minimal directives that no
real distribution uses. This update aims to provide a rich set of
comments which are useful for all distributions, and a broader set of
service defines which should work for all distributions.

Tested defaults on x86_64 and they work. The nsswitch.conf file more
closely matches what we have in Fedora now, and I'll adjust Fedora to
use this version with minor changes to enable Fedora-specific service
providers.

v2
- Add missing databases to manual.
- Add link to manual from default nsswitch.conf.
- Sort nsswitch.conf according to most used database first.

v3
- Only mention implemented services in 'NSS Basics.'
- Mention 'automount' in 'Services in the NSS configuration.'
- Sort services in alphabetical order.

v4
- Project name is 'Samba'.
---
  ChangeLog         |  6 ++++
  manual/nss.texi   | 24 +++++++++++---
  nss/nsswitch.conf | 81 +++++++++++++++++++++++++++++++++++++----------
  3 files changed, 90 insertions(+), 21 deletions(-)

Comments

Florian Weimer Aug. 5, 2019, 9:28 a.m. UTC | #1
The patch has again some corruption:

> diff --git a/nss/nsswitch.conf b/nss/nsswitch.conf
> index 39ca88bf51..f553588114 100644
> --- a/nss/nsswitch.conf
> +++ b/nss/nsswitch.conf
> @@ -1,20 +1,69 @@
> +#
>   # /etc/nsswitch.conf
>   #
> -# Example configuration of GNU Name Service Switch functionality.
> +# An example Name Service Switch config file. This file should be
> +# sorted with the most-used services at the beginning.
>   #

It is also visible in the list archives:

<https://sourceware.org/cgi-bin/get-raw-msg?listname=libc-alpha&date=2019-08&msgid=a865a3e9-edeb-25e5-c532-1444162a7879%40redhat.com>

So I don't think it's Red Hat's self-hosted mail infrastructure.

Thanks,
Florian
Andreas Schwab Aug. 5, 2019, 9:39 a.m. UTC | #2
On Aug 05 2019, Florian Weimer <fweimer@redhat.com> wrote:

> The patch has again some corruption:

No, it's a correctly formatted format=flowed.

Andreas.
Joseph Myers Aug. 5, 2019, 7:26 p.m. UTC | #3
On Mon, 5 Aug 2019, Andreas Schwab wrote:

> On Aug 05 2019, Florian Weimer <fweimer@redhat.com> wrote:
> 
> > The patch has again some corruption:
> 
> No, it's a correctly formatted format=flowed.

format=flowed is not suitable for including patches directly in the body 
of an email.
Andreas Schwab Aug. 6, 2019, 6:49 a.m. UTC | #4
On Aug 05 2019, Joseph Myers <joseph@codesourcery.com> wrote:

> On Mon, 5 Aug 2019, Andreas Schwab wrote:
>
>> On Aug 05 2019, Florian Weimer <fweimer@redhat.com> wrote:
>> 
>> > The patch has again some corruption:
>> 
>> No, it's a correctly formatted format=flowed.
>
> format=flowed is not suitable for including patches directly in the body 
> of an email.

Worksforme.

Andreas.
Carlos O'Donell Aug. 16, 2019, 3:18 p.m. UTC | #5
On 8/5/19 3:26 PM, Joseph Myers wrote:
> On Mon, 5 Aug 2019, Andreas Schwab wrote:
> 
>> On Aug 05 2019, Florian Weimer <fweimer@redhat.com> wrote:
>>
>>> The patch has again some corruption:
>>
>> No, it's a correctly formatted format=flowed.
> 
> format=flowed is not suitable for including patches directly in the body 
> of an email.
 
This was a mistake on my end when I reset my MUA options.

v4 here for review again without format=flowed.

8< --- 8< ---- 8<
From 36358cc98ab232ab4789038c5e660e8fbd65bff0 Mon Sep 17 00:00:00 2001
From: Carlos O'Donell <carlos@redhat.com>
Date: Wed, 20 Mar 2019 12:40:18 -0400
Subject: [PATCH v4] nss: Make nsswitch.conf more distribution friendly.

The current default nsswitch.conf file provided by glibc is not very
distribution friendly. The file contains some minimal directives that no
real distribution uses. This update aims to provide a rich set of
comments which are useful for all distributions, and a broader set of
service defines which should work for all distributions.

Tested defaults on x86_64 and they work. The nsswitch.conf file more
closely matches what we have in Fedora now, and I'll adjust Fedora to
use this version with minor changes to enable Fedora-specific service
providers.

v2
- Add missing databases to manual.
- Add link to manual from default nsswitch.conf.
- Sort nsswitch.conf according to most used database first.

v3
- Only mention implemented services in 'NSS Basics.'
- Mention 'automount' in 'Services in the NSS configuration.'
- Sort services in alphabetical order.

v4
- Project name is 'Samba'.
---
 ChangeLog         |  6 ++++
 manual/nss.texi   | 24 +++++++++++---
 nss/nsswitch.conf | 81 +++++++++++++++++++++++++++++++++++++----------
 3 files changed, 90 insertions(+), 21 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 47a3fa04ae..23df9a3545 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2019-08-16  Carlos O'Donell  <carlos@redhat.com>
+
+	* nss/nsswitch.conf: Expand comments, and simplify defaults.
+	* manual/nss.texi (NSS Basics): List all known databases.
+	(Services in the NSS configuration): Mention automount.
+
 2019-08-15  Florian Weimer  <fweimer@redhat.com>
 
 	nptl: Move pthread_attr_init implementation into libc.
diff --git a/manual/nss.texi b/manual/nss.texi
index 164ae33246..2d5aecd487 100644
--- a/manual/nss.texi
+++ b/manual/nss.texi
@@ -56,13 +56,17 @@ functions to access the databases.
 @noindent
 The databases available in the NSS are
 
+@cindex aliases
 @cindex ethers
 @cindex group
+@cindex gshadow
 @cindex hosts
+@cindex initgroups
 @cindex netgroup
 @cindex networks
-@cindex protocols
 @cindex passwd
+@cindex protocols
+@cindex publickey
 @cindex rpc
 @cindex services
 @cindex shadow
@@ -75,16 +79,22 @@ Ethernet numbers,
 @comment @pxref{Ethernet Numbers}.
 @item group
 Groups of users, @pxref{Group Database}.
+@item gshadow
+Group passphrase hashes and related information.
 @item hosts
 Host names and numbers, @pxref{Host Names}.
+@item initgroups
+Supplementary group access list.
 @item netgroup
 Network wide list of host and users, @pxref{Netgroup Database}.
 @item networks
 Network names and numbers, @pxref{Networks Database}.
-@item protocols
-Network protocols, @pxref{Protocols Database}.
 @item passwd
 User identities, @pxref{User Database}.
+@item protocols
+Network protocols, @pxref{Protocols Database}.
+@item publickey
+Public keys for Secure RPC.
 @item rpc
 Remote procedure call names and numbers.
 @comment @pxref{RPC Database}.
@@ -96,8 +106,8 @@ User passphrase hashes and related information.
 @end table
 
 @noindent
-There will be some more added later (@code{automount}, @code{bootparams},
-@code{netmasks}, and @code{publickey}).
+@c We currently don't implement automount, netmasks, or bootparams.
+More databasess may be added later.
 
 @node NSS Configuration File, NSS Module Internals, NSS Basics, Name Service Switch
 @section The NSS Configuration File
@@ -159,6 +169,10 @@ these files since they should be placed in a directory where they are
 found automatically.  Only the names of all available services are
 important.
 
+Lastly, some system software may make use of the NSS configuration file
+to store it's own configuration for similar purposes.  Examples of this
+include the @code{automount} service which is used by @code{autofs}.
+
 @node Actions in the NSS configuration, Notes on NSS Configuration File, Services in the NSS configuration, NSS Configuration File
 @subsection Actions in the NSS configuration
 
diff --git a/nss/nsswitch.conf b/nss/nsswitch.conf
index 39ca88bf51..f553588114 100644
--- a/nss/nsswitch.conf
+++ b/nss/nsswitch.conf
@@ -1,20 +1,69 @@
+#
 # /etc/nsswitch.conf
 #
-# Example configuration of GNU Name Service Switch functionality.
+# An example Name Service Switch config file. This file should be
+# sorted with the most-used services at the beginning.
 #
+# Valid databases are: aliases, ethers, group, gshadow, hosts,
+# initgroups, netgroup, networks, passwd, protocols, publickey,
+# rpc, services, and shadow.
+#
+# Valid service provider entries include (in alphabetical order):
+#
+#	compat			Use /etc files plus *_compat pseudo-db
+#	db			Use the pre-processed /var/db files
+#	dns			Use DNS (Domain Name Service)
+#	files			Use the local files in /etc
+#	hesiod			Use Hesiod (DNS) for user lookups
+#	nis			Use NIS (NIS version 2), also called YP
+#	nisplus			Use NIS+ (NIS version 3)
+#
+# See `info libc 'NSS Basics'` for more information.
+#
+# Commonly used alternative service providers (may need installation):
+#
+#	ldap			Use LDAP directory server
+#	myhostname		Use systemd host names
+#	mymachines		Use systemd machine names
+#	mdns*, mdns*_minimal	Use Avahi mDNS/DNS-SD
+#	resolve			Use systemd resolved resolver
+#	sss			Use System Security Services Daemon (sssd)
+#	systemd			Use systemd for dynamic user option
+#	winbind			Use Samba winbind support
+#	wins			Use Samba wins support
+#	wrapper			Use wrapper module for testing
+#
+# Notes:
+#
+# 'sssd' performs its own 'files'-based caching, so it should generally
+# come before 'files'.
+#
+# WARNING: Running nscd with a secondary caching service like sssd may
+# 	   lead to unexpected behaviour, especially with how long
+# 	   entries are cached.
+#
+# Installation instructions:
+#
+# To use 'db', install the appropriate package(s) (provide 'makedb' and
+# libnss_db.so.*), and place the 'db' in front of 'files' for entries
+# you want to be looked up first in the databases, like this:
+#
+# passwd:    db files
+# shadow:    db files
+# group:     db files
 
-passwd:		db files
-group:		db files
-initgroups:	db [SUCCESS=continue] files
-shadow:		db files
-gshadow:	files
-
-hosts:		files dns
-networks:	files dns
-
-protocols:	db files
-services:	db files
-ethers:		db files
-rpc:		db files
-
-netgroup:	db files
+# In alphabetical order. Re-order as required to optimize peformance.
+aliases:    files
+ethers:     files
+group:      files
+gshadow:    files
+hosts:      files dns
+initgroups: files
+netgroup:   files
+networks:   files dns
+passwd:     files
+protocols:  files
+publickey:  files
+rpc:        files
+shadow:     files
+services:   files
Florian Weimer Aug. 16, 2019, 4:15 p.m. UTC | #6
* Carlos O'Donell:

> +Lastly, some system software may make use of the NSS configuration file
> +to store it's own configuration for similar purposes.  Examples of this
> +include the @code{automount} service which is used by @code{autofs}.

Typo: it's

Rest looks good to me.

Thanks,
Florian
Carlos O'Donell Aug. 16, 2019, 8:29 p.m. UTC | #7
On 8/16/19 12:15 PM, Florian Weimer wrote:
> * Carlos O'Donell:
> 
>> +Lastly, some system software may make use of the NSS configuration file
>> +to store it's own configuration for similar purposes.  Examples of this
>> +include the @code{automount} service which is used by @code{autofs}.
> 
> Typo: it's
> 
> Rest looks good to me.

v5 with typo fixed attached.

Could you please provide reviewed-by if you're happy with this version?
Florian Weimer Aug. 16, 2019, 8:53 p.m. UTC | #8
* Carlos O'Donell:

> +More databasess may be added later.

Another typo: databasess

Rest looks good to me.

Thanks,
Florian
Carlos O'Donell Aug. 16, 2019, 8:59 p.m. UTC | #9
On 8/16/19 4:53 PM, Florian Weimer wrote:
> * Carlos O'Donell:
> 
>> +More databasess may be added later.
> 
> Another typo: databasess
> 
> Rest looks good to me.

Hrm, I ran spell check, maybe I need to delete my defaults :-)
Re-ran aspell, all clean.

v6.

OK?
Florian Weimer Aug. 16, 2019, 9:11 p.m. UTC | #10
* Carlos O'Donell:

> On 8/16/19 4:53 PM, Florian Weimer wrote:
>> * Carlos O'Donell:
>> 
>>> +More databasess may be added later.
>> 
>> Another typo: databasess
>> 
>> Rest looks good to me.
>
> Hrm, I ran spell check, maybe I need to delete my defaults :-)
> Re-ran aspell, all clean.
>
> v6.
>
> OK?

Yes, looks good now.

Thanks,
Florian
Carlos O'Donell Aug. 19, 2019, 7:48 p.m. UTC | #11
On 8/16/19 5:11 PM, Florian Weimer wrote:
> * Carlos O'Donell:
> 
>> On 8/16/19 4:53 PM, Florian Weimer wrote:
>>> * Carlos O'Donell:
>>>
>>>> +More databasess may be added later.
>>>
>>> Another typo: databasess
>>>
>>> Rest looks good to me.
>>
>> Hrm, I ran spell check, maybe I need to delete my defaults :-)
>> Re-ran aspell, all clean.
>>
>> v6.
>>
>> OK?
> 
> Yes, looks good now.

Pushed.

I'm rebasing Fedora right now against these changes.

I look forward to reviewing any other changes from downstream
distributions to improve these files.

Patch
diff mbox series

diff --git a/ChangeLog b/ChangeLog
index 55e964bac2..4041862064 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@ 
+2019-08-02  Carlos O'Donell  <carlos@redhat.com>
+
+	* nss/nsswitch.conf: Expand comments, and simplify defaults.
+	* manual/nss.texi (NSS Basics): List all known databases.
+	(Services in the NSS configuration): Mention automount.
+
  2019-08-02  Joseph Myers  <joseph@codesourcery.com>
  
  	* sysdeps/unix/sysv/linux/syscall-names.list: Update comment.
diff --git a/manual/nss.texi b/manual/nss.texi
index 164ae33246..2d5aecd487 100644
--- a/manual/nss.texi
+++ b/manual/nss.texi
@@ -56,13 +56,17 @@  functions to access the databases.
  @noindent
  The databases available in the NSS are
  
+@cindex aliases
  @cindex ethers
  @cindex group
+@cindex gshadow
  @cindex hosts
+@cindex initgroups
  @cindex netgroup
  @cindex networks
-@cindex protocols
  @cindex passwd
+@cindex protocols
+@cindex publickey
  @cindex rpc
  @cindex services
  @cindex shadow
@@ -75,16 +79,22 @@  Ethernet numbers,
  @comment @pxref{Ethernet Numbers}.
  @item group
  Groups of users, @pxref{Group Database}.
+@item gshadow
+Group passphrase hashes and related information.
  @item hosts
  Host names and numbers, @pxref{Host Names}.
+@item initgroups
+Supplementary group access list.
  @item netgroup
  Network wide list of host and users, @pxref{Netgroup Database}.
  @item networks
  Network names and numbers, @pxref{Networks Database}.
-@item protocols
-Network protocols, @pxref{Protocols Database}.
  @item passwd
  User identities, @pxref{User Database}.
+@item protocols
+Network protocols, @pxref{Protocols Database}.
+@item publickey
+Public keys for Secure RPC.
  @item rpc
  Remote procedure call names and numbers.
  @comment @pxref{RPC Database}.
@@ -96,8 +106,8 @@  User passphrase hashes and related information.
  @end table
  
  @noindent
-There will be some more added later (@code{automount}, @code{bootparams},
-@code{netmasks}, and @code{publickey}).
+@c We currently don't implement automount, netmasks, or bootparams.
+More databasess may be added later.
  
  @node NSS Configuration File, NSS Module Internals, NSS Basics, Name Service Switch
  @section The NSS Configuration File
@@ -159,6 +169,10 @@  these files since they should be placed in a directory where they are
  found automatically.  Only the names of all available services are
  important.
  
+Lastly, some system software may make use of the NSS configuration file
+to store it's own configuration for similar purposes.  Examples of this
+include the @code{automount} service which is used by @code{autofs}.
+
  @node Actions in the NSS configuration, Notes on NSS Configuration File, Services in the NSS configuration, NSS Configuration File
  @subsection Actions in the NSS configuration
  
diff --git a/nss/nsswitch.conf b/nss/nsswitch.conf
index 39ca88bf51..f553588114 100644
--- a/nss/nsswitch.conf
+++ b/nss/nsswitch.conf
@@ -1,20 +1,69 @@ 
+#
  # /etc/nsswitch.conf
  #
-# Example configuration of GNU Name Service Switch functionality.
+# An example Name Service Switch config file. This file should be
+# sorted with the most-used services at the beginning.
  #
+# Valid databases are: aliases, ethers, group, gshadow, hosts,
+# initgroups, netgroup, networks, passwd, protocols, publickey,
+# rpc, services, and shadow.
+#
+# Valid service provider entries include (in alphabetical order):
+#
+#	compat			Use /etc files plus *_compat pseudo-db
+#	db			Use the pre-processed /var/db files
+#	dns			Use DNS (Domain Name Service)
+#	files			Use the local files in /etc
+#	hesiod			Use Hesiod (DNS) for user lookups
+#	nis			Use NIS (NIS version 2), also called YP
+#	nisplus			Use NIS+ (NIS version 3)
+#
+# See `info libc 'NSS Basics'` for more information.
+#
+# Commonly used alternative service providers (may need installation):
+#
+#	ldap			Use LDAP directory server
+#	myhostname		Use systemd host names
+#	mymachines		Use systemd machine names
+#	mdns*, mdns*_minimal	Use Avahi mDNS/DNS-SD
+#	resolve			Use systemd resolved resolver
+#	sss			Use System Security Services Daemon (sssd)
+#	systemd			Use systemd for dynamic user option
+#	winbind			Use Samba winbind support
+#	wins			Use Samba wins support
+#	wrapper			Use wrapper module for testing
+#
+# Notes:
+#
+# 'sssd' performs its own 'files'-based caching, so it should generally
+# come before 'files'.
+#
+# WARNING: Running nscd with a secondary caching service like sssd may
+# 	   lead to unexpected behaviour, especially with how long
+# 	   entries are cached.
+#
+# Installation instructions:
+#
+# To use 'db', install the appropriate package(s) (provide 'makedb' and
+# libnss_db.so.*), and place the 'db' in front of 'files' for entries
+# you want to be looked up first in the databases, like this:
+#
+# passwd:    db files
+# shadow:    db files
+# group:     db files
  
-passwd:		db files
-group:		db files
-initgroups:	db [SUCCESS=continue] files
-shadow:		db files
-gshadow:	files
-
-hosts:		files dns
-networks:	files dns
-
-protocols:	db files
-services:	db files
-ethers:		db files
-rpc:		db files
-
-netgroup:	db files
+# In alphabetical order. Re-order as required to optimize peformance.
+aliases:    files
+ethers:     files
+group:      files
+gshadow:    files
+hosts:      files dns
+initgroups: files
+netgroup:   files
+networks:   files dns
+passwd:     files
+protocols:  files
+publickey:  files
+rpc:        files
+shadow:     files
+services:   files