01-NSSwitch

01-NSSwitch

nsswitch

The Name Service Switch (NSS) is a facility in Unix-like operating systems that provides a variety of sources for common configuration databases and name resolution mechanisms. These sources include local operating system files (such as /etc/passwd, /etc/group, and /etc/hosts), the Domain Name System (DNS), the Network Information Service (NIS), and LDAP.
簡單說就是名稱解析和數據庫配置的一種機制，用於各類存儲類型的進行交互的公共實現。更通俗的說，如果沒有NSSwitch，那麼每個需要和存儲進行交互時都需要使用對象存儲響應的“驅動”，這對於系統來說是很臃腫的，因此NSSwitch就是一個公共接口，適配不同的存儲類型。

-

解析庫

文件，關係型數據庫，NIS，LDAP，DNS

通用模塊

實現

/usr/lib64/libnss*,/lib64/libnss*

[root@husa ~]# ls /usr/lib64/libnss*
/usr/lib64/libnss3.so             /usr/lib64/libnss_dns-2.17.so      /usr/lib64/libnss_nis-2.17.so
/usr/lib64/libnssckbi.so          /usr/lib64/libnss_dns.so           /usr/lib64/libnss_nisplus-2.17.so
/usr/lib64/libnss_compat-2.17.so  /usr/lib64/libnss_dns.so.2         /usr/lib64/libnss_nisplus.so
/usr/lib64/libnss_compat.so       /usr/lib64/libnss_files-2.17.so    /usr/lib64/libnss_nisplus.so.2
/usr/lib64/libnss_compat.so.2     /usr/lib64/libnss_files.so         /usr/lib64/libnss_nis.so
/usr/lib64/libnss_db-2.17.so      /usr/lib64/libnss_files.so.2       /usr/lib64/libnss_nis.so.2
/usr/lib64/libnssdbm3.chk         /usr/lib64/libnss_hesiod-2.17.so   /usr/lib64/libnsspem.so
/usr/lib64/libnssdbm3.so          /usr/lib64/libnss_hesiod.so        /usr/lib64/libnss_sss.so.2
/usr/lib64/libnss_db.so           /usr/lib64/libnss_hesiod.so.2      /usr/lib64/libnsssysinit.so
/usr/lib64/libnss_db.so.2         /usr/lib64/libnss_myhostname.so.2  /usr/lib64/libnssutil3.so

-

[root@husa ~]# ls /lib64/libnss*
/lib64/libnss3.so             /lib64/libnss_db.so          /lib64/libnss_hesiod-2.17.so   /lib64/libnss_nis.so
/lib64/libnssckbi.so          /lib64/libnss_db.so.2        /lib64/libnss_hesiod.so        /lib64/libnss_nis.so.2
/lib64/libnss_compat-2.17.so  /lib64/libnss_dns-2.17.so    /lib64/libnss_hesiod.so.2      /lib64/libnsspem.so
/lib64/libnss_compat.so       /lib64/libnss_dns.so         /lib64/libnss_myhostname.so.2  /lib64/libnss_sss.so.2
/lib64/libnss_compat.so.2     /lib64/libnss_dns.so.2       /lib64/libnss_nis-2.17.so      /lib64/libnsssysinit.so
/lib64/libnss_db-2.17.so      /lib64/libnss_files-2.17.so  /lib64/libnss_nisplus-2.17.so  /lib64/libnssutil3.so
/lib64/libnssdbm3.chk         /lib64/libnss_files.so       /lib64/libnss_nisplus.so
/lib64/libnssdbm3.so          /lib64/libnss_files.so.2     /lib64/libnss_nisplus.so.2

nsswitch.conf

爲每一種用到解析庫的應用通過配置文件定義其需要用到的存儲的位置
/etc/nsswitch.conf

#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
#   nisplus         Use NIS+ (NIS version 3)
#   nis         Use NIS (NIS version 2), also called YP
#   dns         Use DNS (Domain Name Service)
#   files           Use the local files
#   db          Use the local database (.db) files
#   compat          Use NIS on compat mode
#   hesiod          Use Hesiod for user lookups
#   [NOTFOUND=return]   Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis

passwd:     files sss
shadow:     files sss
group:      files sss
#initgroups: files

#hosts:     db files nisplus nis dns
hosts:      files dns

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files     

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files sss

netgroup:   files sss

publickey:  nisplus

automount:  files
aliases:    files nisplus

常見字段

automount       自動掛載（/etc/auto.master和/etc/auto.misc）
bootparams      無盤引導選項和其他引導選項（參見bootparam的手冊頁）
ethers          MAC地址
group           用戶所在組（/etc/group）
hosts           主機名（/etc/hosts）gethostbyname()以及類似的函數使用該文件
networks        網絡名及網絡號（/etc/networks）getnetent()函數使用該文件
passwd          用戶密碼信息（/etc/passwd）
protocols       協議信息（/etc/protocols）網絡協議（/etc/protocols），getprotoent()函數使用該文件
publickey       用於安全模式下運行的NFS
rpc             遠程過程調用名及調用號（/etc/rpc），getrpcbyname()及類似函數使用該文件
services        網絡服務（/etc/services），getservent()函數使用該文件
shadow          映射加密密碼口令信息（/etc/shadow）getspnam()函數使用該文件
aiases          郵件別名，sendmail()函數使用該文件

一個例子

bootparams: nisplus [NOTFOUND=return] files

對於以上的這個條目，表示bootparams類型的程序首先從nisplus中查找，後面的[NOTFOUND=return]表示沒有找到就直接返回而不會繼續查找後面的files。

每種存儲中的查找結果狀態

STATUS=>success | notfound | unavail | tryagain

對應於每種狀態結果的行爲，默認爲continue

return | continue

默認情況下：success狀態就return，其他就continue

getent

getent database [key ...]

    get entries from Name Service Switch libraries
        從相應庫中查找條目

例子

[root@husa ~]# getent passwd root
root:x:0:0:root:/root:/bin/bash

[root@husa ~]# getent shadow root 
root:$6$togxa7im$KsuqISEuPYJR1MgDLPxZxXASo2MLoUoag9r1a2o76mNc8/S2vLkunJK7gZ5gm8tGg9pzvifOAwU8k/xerPuSx0:16777:0:99999:7:::

[root@husa ~]# getent hosts localhost     
::1             localhost localhost.localdomain localhost6 localhost6.localdomain6

參考

一篇非常好的NSSwitch文章: https://github.com/google/nsscache/wiki/BackgroundOnNameServiceSwitch

如果上面的解釋不好，這篇文章中深層的說明了：

當NSS函數被調用，NSS實現就會讀取它的配置文件/etc/nsswitch.conf。配置文件中提供了NSS需要獲取數據的library，NSS動態地載入library，在這個library中，相應的函數會被調用用於打開相應的存儲，然後返回相應的數據。