01-NSSwitch
nsswitch
The Name Service Switch (NSS) is a facility in Unix-like operating systems that provides a variety of sources for common configuration databases and name resolution mechanisms. These sources include local operating system files (such as /etc/passwd, /etc/group, and /etc/hosts), the Domain Name System (DNS), the Network Information Service (NIS), and LDAP.
簡單說就是名稱解析和數據庫配置的一種機制,用於各類存儲類型的進行交互的公共實現。更通俗的說,如果沒有NSSwitch,那麼每個需要和存儲進行交互時都需要使用對象存儲響應的“驅動”,這對於系統來說是很臃腫的,因此NSSwitch就是一個公共接口,適配不同的存儲類型。
-
解析庫
文件,關係型數據庫,NIS,LDAP,DNS
通用模塊
實現
/usr/lib64/libnss*,/lib64/libnss*
[root@husa ~]# ls /usr/lib64/libnss*
/usr/lib64/libnss3.so /usr/lib64/libnss_dns-2.17.so /usr/lib64/libnss_nis-2.17.so
/usr/lib64/libnssckbi.so /usr/lib64/libnss_dns.so /usr/lib64/libnss_nisplus-2.17.so
/usr/lib64/libnss_compat-2.17.so /usr/lib64/libnss_dns.so.2 /usr/lib64/libnss_nisplus.so
/usr/lib64/libnss_compat.so /usr/lib64/libnss_files-2.17.so /usr/lib64/libnss_nisplus.so.2
/usr/lib64/libnss_compat.so.2 /usr/lib64/libnss_files.so /usr/lib64/libnss_nis.so
/usr/lib64/libnss_db-2.17.so /usr/lib64/libnss_files.so.2 /usr/lib64/libnss_nis.so.2
/usr/lib64/libnssdbm3.chk /usr/lib64/libnss_hesiod-2.17.so /usr/lib64/libnsspem.so
/usr/lib64/libnssdbm3.so /usr/lib64/libnss_hesiod.so /usr/lib64/libnss_sss.so.2
/usr/lib64/libnss_db.so /usr/lib64/libnss_hesiod.so.2 /usr/lib64/libnsssysinit.so
/usr/lib64/libnss_db.so.2 /usr/lib64/libnss_myhostname.so.2 /usr/lib64/libnssutil3.so
-
[root@husa ~]# ls /lib64/libnss*
/lib64/libnss3.so /lib64/libnss_db.so /lib64/libnss_hesiod-2.17.so /lib64/libnss_nis.so
/lib64/libnssckbi.so /lib64/libnss_db.so.2 /lib64/libnss_hesiod.so /lib64/libnss_nis.so.2
/lib64/libnss_compat-2.17.so /lib64/libnss_dns-2.17.so /lib64/libnss_hesiod.so.2 /lib64/libnsspem.so
/lib64/libnss_compat.so /lib64/libnss_dns.so /lib64/libnss_myhostname.so.2 /lib64/libnss_sss.so.2
/lib64/libnss_compat.so.2 /lib64/libnss_dns.so.2 /lib64/libnss_nis-2.17.so /lib64/libnsssysinit.so
/lib64/libnss_db-2.17.so /lib64/libnss_files-2.17.so /lib64/libnss_nisplus-2.17.so /lib64/libnssutil3.so
/lib64/libnssdbm3.chk /lib64/libnss_files.so /lib64/libnss_nisplus.so
/lib64/libnssdbm3.so /lib64/libnss_files.so.2 /lib64/libnss_nisplus.so.2
nsswitch.conf
爲每一種用到解析庫的應用通過配置文件定義其需要用到的存儲的位置
/etc/nsswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files sss
shadow: files sss
group: files sss
#initgroups: files
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files sss
netgroup: files sss
publickey: nisplus
automount: files
aliases: files nisplus
常見字段
automount 自動掛載(/etc/auto.master和/etc/auto.misc)
bootparams 無盤引導選項和其他引導選項(參見bootparam的手冊頁)
ethers MAC地址
group 用戶所在組(/etc/group)
hosts 主機名(/etc/hosts)gethostbyname()以及類似的函數使用該文件
networks 網絡名及網絡號(/etc/networks)getnetent()函數使用該文件
passwd 用戶密碼信息(/etc/passwd)
protocols 協議信息(/etc/protocols)網絡協議(/etc/protocols),getprotoent()函數使用該文件
publickey 用於安全模式下運行的NFS
rpc 遠程過程調用名及調用號(/etc/rpc),getrpcbyname()及類似函數使用該文件
services 網絡服務(/etc/services),getservent()函數使用該文件
shadow 映射加密密碼口令信息(/etc/shadow)getspnam()函數使用該文件
aiases 郵件別名,sendmail()函數使用該文件
一個例子
bootparams: nisplus [NOTFOUND=return] files
對於以上的這個條目,表示bootparams類型的程序首先從nisplus中查找,後面的[NOTFOUND=return]表示沒有找到就直接返回而不會繼續查找後面的files。
每種存儲中的查找結果狀態
STATUS=>success | notfound | unavail | tryagain
對應於每種狀態結果的行爲,默認爲continue
return | continue
默認情況下:success狀態就return,其他就continue
getent
getent database [key ...]
get entries from Name Service Switch libraries
從相應庫中查找條目
例子
[root@husa ~]# getent passwd root
root:x:0:0:root:/root:/bin/bash
[root@husa ~]# getent shadow root
root:$6$togxa7im$KsuqISEuPYJR1MgDLPxZxXASo2MLoUoag9r1a2o76mNc8/S2vLkunJK7gZ5gm8tGg9pzvifOAwU8k/xerPuSx0:16777:0:99999:7:::
[root@husa ~]# getent hosts localhost
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
參考
一篇非常好的NSSwitch文章: https://github.com/google/nsscache/wiki/BackgroundOnNameServiceSwitch
如果上面的解釋不好,這篇文章中深層的說明了:
當NSS函數被調用,NSS實現就會讀取它的配置文件/etc/nsswitch.conf。配置文件中提供了NSS需要獲取數據的library,NSS動態地載入library,在這個library中,相應的函數會被調用用於打開相應的存儲,然後返回相應的數據。