Name Service Switch under UNIX/Linux

This article was first written in August 2004 for the BeezNest technical
website (

Every UNIX/Linux operating system uses a set of libraries called the Name Service Switch (which is part of the LibC of the system) to resolve its names, be it for userids to login names or IP addresses to hostnames resolution, or whatever and the opposite. This library is meant to make the use of NIS, LDAP, etc… transparent to the program that will use it in the end. It could be compared to PAM for authentication.

For example, when you do a ls -l in a directory, you will probably see logins and groups as owner of the files. You will see them in their alphanumerical form, while in fact they are stored in numerical IDs only. It is the NSS which converts the numerical IDs to what you see, according to the various databases configured in /etc/nsswitch.

Configuring all this in a sensible way can be really tricky, so let’s analyse in details how to do it.

To configure the Name Service Switch, the file /etc/nsswitch.conf is the place to go. There, you can decide which way you want the resolution to be done, how, and in what order (if some of them fail).

For the DNS part, it will look into the local /etc/resolv.conf by default (be careful, sometimes it is just a link to another file!).

For the users and groups part, it will look respectively into the local /etc/passwd and /etc/group by default (together with /etc/shadow if applicable).

To query the database as the system does, one need to use the utility getent, which kind of simulate the files which are used by default. For example:

$ getent passwd

To be continued…

Related Posts

Get Linux distribution name

Why re-invent the wheel? This post gives ample details: cat /etc/*-release o...


Comments are closed.