01-NSSwitch

01-NSSwitch

nsswitch

The Name Service Switch (NSS) is a facility in Unix-like operating systems that provides a variety of sources for common configuration databases and name resolution mechanisms. These sources include local operating system files (such as /etc/passwd, /etc/group, and /etc/hosts), the Domain Name System (DNS), the Network Information Service (NIS), and LDAP.
简单说就是名称解析和数据库配置的一种机制，用于各类存储类型的进行交互的公共实现。更通俗的说，如果没有NSSwitch，那么每个需要和存储进行交互时都需要使用对象存储响应的“驱动”，这对于系统来说是很臃肿的，因此NSSwitch就是一个公共接口，适配不同的存储类型。

-

解析库

文件，关系型数据库，NIS，LDAP，DNS

通用模块

实现

/usr/lib64/libnss*,/lib64/libnss*

[root@husa ~]# ls /usr/lib64/libnss*
/usr/lib64/libnss3.so             /usr/lib64/libnss_dns-2.17.so      /usr/lib64/libnss_nis-2.17.so
/usr/lib64/libnssckbi.so          /usr/lib64/libnss_dns.so           /usr/lib64/libnss_nisplus-2.17.so
/usr/lib64/libnss_compat-2.17.so  /usr/lib64/libnss_dns.so.2         /usr/lib64/libnss_nisplus.so
/usr/lib64/libnss_compat.so       /usr/lib64/libnss_files-2.17.so    /usr/lib64/libnss_nisplus.so.2
/usr/lib64/libnss_compat.so.2     /usr/lib64/libnss_files.so         /usr/lib64/libnss_nis.so
/usr/lib64/libnss_db-2.17.so      /usr/lib64/libnss_files.so.2       /usr/lib64/libnss_nis.so.2
/usr/lib64/libnssdbm3.chk         /usr/lib64/libnss_hesiod-2.17.so   /usr/lib64/libnsspem.so
/usr/lib64/libnssdbm3.so          /usr/lib64/libnss_hesiod.so        /usr/lib64/libnss_sss.so.2
/usr/lib64/libnss_db.so           /usr/lib64/libnss_hesiod.so.2      /usr/lib64/libnsssysinit.so
/usr/lib64/libnss_db.so.2         /usr/lib64/libnss_myhostname.so.2  /usr/lib64/libnssutil3.so

-

[root@husa ~]# ls /lib64/libnss*
/lib64/libnss3.so             /lib64/libnss_db.so          /lib64/libnss_hesiod-2.17.so   /lib64/libnss_nis.so
/lib64/libnssckbi.so          /lib64/libnss_db.so.2        /lib64/libnss_hesiod.so        /lib64/libnss_nis.so.2
/lib64/libnss_compat-2.17.so  /lib64/libnss_dns-2.17.so    /lib64/libnss_hesiod.so.2      /lib64/libnsspem.so
/lib64/libnss_compat.so       /lib64/libnss_dns.so         /lib64/libnss_myhostname.so.2  /lib64/libnss_sss.so.2
/lib64/libnss_compat.so.2     /lib64/libnss_dns.so.2       /lib64/libnss_nis-2.17.so      /lib64/libnsssysinit.so
/lib64/libnss_db-2.17.so      /lib64/libnss_files-2.17.so  /lib64/libnss_nisplus-2.17.so  /lib64/libnssutil3.so
/lib64/libnssdbm3.chk         /lib64/libnss_files.so       /lib64/libnss_nisplus.so
/lib64/libnssdbm3.so          /lib64/libnss_files.so.2     /lib64/libnss_nisplus.so.2

nsswitch.conf

为每一种用到解析库的应用通过配置文件定义其需要用到的存储的位置
/etc/nsswitch.conf

#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
#   nisplus         Use NIS+ (NIS version 3)
#   nis         Use NIS (NIS version 2), also called YP
#   dns         Use DNS (Domain Name Service)
#   files           Use the local files
#   db          Use the local database (.db) files
#   compat          Use NIS on compat mode
#   hesiod          Use Hesiod for user lookups
#   [NOTFOUND=return]   Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis

passwd:     files sss
shadow:     files sss
group:      files sss
#initgroups: files

#hosts:     db files nisplus nis dns
hosts:      files dns

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files     

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files sss

netgroup:   files sss

publickey:  nisplus

automount:  files
aliases:    files nisplus

常见字段

automount       自动挂载（/etc/auto.master和/etc/auto.misc）
bootparams      无盘引导选项和其他引导选项（参见bootparam的手册页）
ethers          MAC地址
group           用户所在组（/etc/group）
hosts           主机名（/etc/hosts）gethostbyname()以及类似的函数使用该文件
networks        网络名及网络号（/etc/networks）getnetent()函数使用该文件
passwd          用户密码信息（/etc/passwd）
protocols       协议信息（/etc/protocols）网络协议（/etc/protocols），getprotoent()函数使用该文件
publickey       用于安全模式下运行的NFS
rpc             远程过程调用名及调用号（/etc/rpc），getrpcbyname()及类似函数使用该文件
services        网络服务（/etc/services），getservent()函数使用该文件
shadow          映射加密密码口令信息（/etc/shadow）getspnam()函数使用该文件
aiases          邮件别名，sendmail()函数使用该文件

一个例子

bootparams: nisplus [NOTFOUND=return] files

对于以上的这个条目，表示bootparams类型的程序首先从nisplus中查找，后面的[NOTFOUND=return]表示没有找到就直接返回而不会继续查找后面的files。

每种存储中的查找结果状态

STATUS=>success | notfound | unavail | tryagain

对应于每种状态结果的行为，默认为continue

return | continue

默认情况下：success状态就return，其他就continue

getent

getent database [key ...]

    get entries from Name Service Switch libraries
        从相应库中查找条目

例子

[root@husa ~]# getent passwd root
root:x:0:0:root:/root:/bin/bash

[root@husa ~]# getent shadow root 
root:$6$togxa7im$KsuqISEuPYJR1MgDLPxZxXASo2MLoUoag9r1a2o76mNc8/S2vLkunJK7gZ5gm8tGg9pzvifOAwU8k/xerPuSx0:16777:0:99999:7:::

[root@husa ~]# getent hosts localhost     
::1             localhost localhost.localdomain localhost6 localhost6.localdomain6

参考

一篇非常好的NSSwitch文章: https://github.com/google/nsscache/wiki/BackgroundOnNameServiceSwitch

如果上面的解释不好，这篇文章中深层的说明了：

当NSS函数被调用，NSS实现就会读取它的配置文件/etc/nsswitch.conf。配置文件中提供了NSS需要获取数据的library，NSS动态地载入library，在这个library中，相应的函数会被调用用于打开相应的存储，然后返回相应的数据。