From owner-svn-src-all@freebsd.org Sat Sep 19 19:48:16 2020 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7A1863ECEF5; Sat, 19 Sep 2020 19:48:16 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Bv1TX2dQ0z4P4D; Sat, 19 Sep 2020 19:48:16 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3CF9F115B9; Sat, 19 Sep 2020 19:48:16 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 08JJmGA0041893; Sat, 19 Sep 2020 19:48:16 GMT (envelope-from asomers@FreeBSD.org) Received: (from asomers@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 08JJmGY4041892; Sat, 19 Sep 2020 19:48:16 GMT (envelope-from asomers@FreeBSD.org) Message-Id: <202009191948.08JJmGY4041892@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: asomers set sender to asomers@FreeBSD.org using -f From: Alan Somers Date: Sat, 19 Sep 2020 19:48:16 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r365911 - stable/12/share/man/man5 X-SVN-Group: stable-12 X-SVN-Commit-Author: asomers X-SVN-Commit-Paths: stable/12/share/man/man5 X-SVN-Commit-Revision: 365911 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Sep 2020 19:48:16 -0000 Author: asomers Date: Sat Sep 19 19:48:15 2020 New Revision: 365911 URL: https://svnweb.freebsd.org/changeset/base/365911 Log: MFC r365391, r365415 r365391: nsswitch.conf(5): recommend placing cache after files When cache precedes files, and nscd is configured to allow negative caching, commands like "pw groupadd" can fail. The sequence of events looks like: 1. A command like pkg(8) looks up the group, and finds it absent. 2. pkg invokes pw(8) to add the group 3. pkg queries the group, but nscd says it doesn't exist, since it has a negative cache entry for that group. See also: https://lists.freebsd.org/pipermail/freebsd-current/2012-January/031595.html Reviewed by: bcr (manpages) Sponsored by: Axcient Differential Revision: https://reviews.freebsd.org/D26184 r365415: nsswitch.conf.5: style fixes Fix some whitespace, and remove the .Tn macro Reported by: mandoc, igor Reviewed by: bcr (manpages) Differential Revision: https://reviews.freebsd.org/D26345 Modified: stable/12/share/man/man5/nsswitch.conf.5 Directory Properties: stable/12/ (props changed) Modified: stable/12/share/man/man5/nsswitch.conf.5 ============================================================================== --- stable/12/share/man/man5/nsswitch.conf.5 Sat Sep 19 19:08:27 2020 (r365910) +++ stable/12/share/man/man5/nsswitch.conf.5 Sat Sep 19 19:48:15 2020 (r365911) @@ -1,4 +1,4 @@ -.\" $NetBSD: nsswitch.conf.5,v 1.14 1999/03/17 20:19:47 garbled Exp $ +.\" $NetBSD: nsswitch.conf.5,v 1.14 1999/03/17 20:19:47 garbled Exp $ .\" .\" Copyright (c) 1997, 1998, 1999 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -16,7 +16,7 @@ .\" documentation and/or other materials provided with the distribution. .\" 3. All advertising materials mentioning features or use of this software .\" must display the following acknowledgement: -.\" This product includes software developed by Luke Mewburn. +.\" This product includes software developed by Luke Mewburn. .\" 4. The name of the author may not be used to endorse or promote products .\" derived from this software without specific prior written permission. .\" @@ -33,7 +33,7 @@ .\" .\" $FreeBSD$ .\" -.Dd June 6, 2016 +.Dd September 6, 2020 .Dt NSSWITCH.CONF 5 .Os .Sh NAME @@ -48,8 +48,7 @@ file specifies how the .Pp The configuration file controls how a process looks up various databases containing information regarding hosts, users (passwords), groups, etc. -Each database comes from a source (such as local files, DNS, -.Tn NIS , +Each database comes from a source (such as local files, DNS, NIS , and cache), and the order to look up the sources is specified in .Nm . .Pp @@ -180,9 +179,7 @@ Try the next source Return with the current result .El .Ss Format of file -A -.Tn BNF -description of the syntax of +A BNF description of the syntax of .Nm is: .Pp @@ -222,20 +219,24 @@ and continue on anything else (i.e, .Ss Cache You can enable caching for the particular database by specifying .Dq cache -as the first source in the +in the .Nm file. +It should come after +.Dq files , +but before remote sources like +.Dq nis . You should also enable caching for this database in .Xr nscd.conf 5 . -If for the particular query +If for a particular query .Dq cache -source returns success, no further sources are queried. +source returns success, then no further sources are queried. On the other hand, if there are no previously cached data, the query result will be placed into the cache right after all other sources are processed. -Note, that +Note that .Dq cache -requires +requires the .Xr nscd 8 daemon to be running. .Ss Compat mode: +/- syntax @@ -244,12 +245,10 @@ In historical multi-source implementations, the and .Sq - characters are used to specify the importing of user password and -group information from -.Tn NIS . +group information from NIS . Although .Nm -provides alternative methods of accessing distributed sources such as -.Tn NIS , +provides alternative methods of accessing distributed sources such as NIS , specifying a sole source of .Dq compat will provide the historical behaviour. @@ -319,15 +318,14 @@ resides in .Pa /etc . .El .Sh EXAMPLES -To lookup hosts in cache, then in +To lookup hosts in .Pa /etc/hosts -and then from the DNS, and lookup user information from -.Tn NIS -then files, use: +, then in cache, +and then from the DNS, and lookup user information from NIS then files, use: .Pp .Bl -tag -width passwd: -compact .It hosts: -cache files dns +files cache dns .It passwd: nis [notfound=return] files .It group: @@ -349,9 +347,7 @@ entries. .Fx Ns 's .Lb libc provides stubs for compatibility with NSS modules -written for the -.Tn GNU -C Library +written for the GNU C Library .Nm nsswitch interface. However, these stubs only support the use of the @@ -377,10 +373,8 @@ Project, where it appeared first in .Sh AUTHORS .An Luke Mewburn Aq Mt lukem@netbsd.org wrote this freely distributable name-service switch implementation, -using ideas from the -.Tn ULTRIX +using ideas from the ULTRIX .Xr svc.conf 5 -and -.Tn Solaris +and Solaris .Xr nsswitch.conf 4 manual pages.