Command Section
NSSWITCH.CONF(5)          FreeBSD File Formats Manual         NSSWITCH.CONF(5)

     nsswitch.conf - name-service switch configuration file

     The nsswitch.conf file specifies how the nsdispatch(3) (name-service
     switch dispatcher) routines in the C library should operate.

     The configuration file controls how a process looks up various databases
     containing information regarding hosts, users (passwords), groups, etc.
     Each database comes from a source (such as local files, DNS, NIS, and
     cache), and the order to look up the sources is specified in

     Each entry in nsswitch.conf consists of a database name, and a space
     separated list of sources.  Each source can have an optional trailing
     criterion that determines whether the next listed source is used, or the
     search terminates at the current source.  Each criterion consists of one
     or more status codes, and actions to take if that status code occurs.

     The following sources are implemented:

     Source  Description
     files   Local files, such as /etc/hosts, and /etc/passwd.
     db      Local database.
     dns     Internet Domain Name System.  ``hosts'' and `networks' use IN
             class entries, all other databases use HS class (Hesiod) entries.
     nis     NIS (formerly YP)
     compat  support `+/-' in the ``passwd'' and ``group'' databases.  If this
             is present, it must be the only source for that entry.
     cache   makes use of the nscd(8) daemon.

     The following databases are used by the following C library functions:

     Database  Used by
     group     getgrent(3), getgrent_r(3), getgrgid_r(3), getgrnam_r(3),
               setgrent(3), endgrent(3)
     hosts     getaddrinfo(3), gethostbyaddr(3), gethostbyaddr_r(3),
               gethostbyname(3), gethostbyname2(3), gethostbyname_r(3),
               getipnodebyaddr(3), getipnodebyname(3)
     networks  getnetbyaddr(3), getnetbyaddr_r(3), getnetbyname(3),
     passwd    getpwent(3), getpwent_r(3), getpwnam_r(3), getpwuid_r(3),
               setpwent(3), endpwent(3)
     shells    getusershell(3)
     services  getservent(3)
     rpc       getrpcbyname(3), getrpcbynumber(3), getrpcent(3)
     proto     getprotobyname(3), getprotobynumber(3), getprotoent(3)
     netgroup  getnetgrent(3), getnetgrent_r(3), setnetgrent(3),
               endnetgrent(3), innetgr(3)

   Status codes
     The following status codes are available:

     Status    Description
     success   The requested entry was found.
     notfound  The entry is not present at this source.
     tryagain  The source is busy, and may respond to retries.
     unavail   The source is not responding, or entry is corrupt.

     For each of the status codes, one of two actions is possible:

     Action    Description
     continue  Try the next source
     return    Return with the current result

   Format of file
     A BNF description of the syntax of nsswitch.conf is:

     <entry>      ::= <database> ":" [<source> [<criteria>]]*
     <criteria>   ::= "[" <criterion>+ "]"
     <criterion>  ::= <status> "=" <action>
     <status>     ::= "success" | "notfound" | "unavail" | "tryagain"
     <action>     ::= "return" | "continue"

     Each entry starts on a new line in the file.  A `#' delimits a comment to
     end of line.  Blank lines are ignored.  A `\' at the end of a line
     escapes the newline, and causes the next line to be a continuation of the
     current line.  All entries are case-insensitive.

     The default criteria is to return on ``success'', and continue on
     anything else (i.e, [success=return notfound=continue unavail=continue

     You can enable caching for the particular database by specifying
     ``cache'' as the first source in the nsswitch.conf file.  You should also
     enable caching for this database in nscd.conf(5).  If for the particular
     query ``cache'' source returns success, no further sources are queried.
     On the other hand, if there are no previously cached data, the query
     result will be placed into the cache right after all other sources are
     processed.  Note, that ``cache'' requires nscd(8) daemon to be running.

   Compat mode: +/- syntax
     In historical multi-source implementations, the `+' and `-' characters
     are used to specify the importing of user password and group information
     from NIS.  Although nsswitch.conf provides alternative methods of
     accessing distributed sources such as NIS, specifying a sole source of
     ``compat'' will provide the historical behaviour.

     An alternative source for the information accessed via `+/-' can be used
     by specifying ``passwd_compat: source''.  ``source'' in this case can be
     `dns', `nis', or any other source except for `files' and `compat'.

     Historically, many of the databases had enumeration functions, often of
     the form getXXXent().  These made sense when the databases were in local
     files, but do not make sense or have lesser relevance when there are
     possibly multiple sources, each of an unknown size.  The interfaces are
     still provided for compatibility, but the source may not be able to
     provide complete entries, or duplicate entries may be retrieved if
     multiple sources that contain similar information are specified.

     To ensure compatibility with previous and current implementations, the
     ``compat'' source must appear alone for a given database.

   Default source lists
     If, for any reason, nsswitch.conf does not exist, or it has missing or
     corrupt entries, nsdispatch(3) will default to an entry of ``files'' for
     the requested database.  Exceptions are:

     Database         Default source list
     group            compat
     group_compat     nis
     hosts            files dns
     passwd           compat
     passwd_compat    nis
     services         compat
     services_compat  nis

     /etc/nsswitch.conf  The file nsswitch.conf resides in /etc.

     To lookup hosts in cache, then in /etc/hosts and then from the DNS, and
     lookup user information from NIS then files, use:

     hosts:   cache files dns
     passwd:  nis [notfound=return] files
     group:   nis [notfound=return] files

     The criteria ``[notfound=return]'' sets a policy of "if the user is
     notfound in nis, do not try files."  This treats nis as the authoritative
     source of information, except when the server is down.

     If system got compiled with WITHOUT_NIS you have to remove `nis' entries.

     FreeBSD's Standard C Library (libc, -lc) provides stubs for compatibility
     with NSS modules written for the GNU C Library nsswitch interface.
     However, these stubs only support the use of the ``passwd'' and ``group''

     nsdispatch(3), nscd.conf(5), resolv.conf(5), nscd(8), ypbind(8)

     The nsswitch.conf file format first appeared in FreeBSD 5.0.  It was
     imported from the NetBSD Project, where it appeared first in NetBSD 1.4.

     Luke Mewburn <[email protected]> wrote this freely distributable name-
     service switch implementation, using ideas from the ULTRIX svc.conf(5)
     and Solaris nsswitch.conf(4) manual pages.

FreeBSD 11.1-RELEASE-p4          June 6, 2016          FreeBSD 11.1-RELEASE-p4
Command Section