nsswitch.conf —
name-service switch configuration file
The nsswitch.conf file specifies how the
  nsdispatch(3) (name-service
  switch dispatcher) routines in the C library should operate.
The configuration file controls how a process looks up various
    databases containing information regarding hosts, users (passwords), groups,
    netgroups, etc. Each database comes from a source (such as local files, DNS,
    and NIS), and the order to look up the sources is specified in
    nsswitch.conf.
Each entry in nsswitch.conf consists of a
    database name, and a space separated list of sources. Each source can have
    an optional trailing criterion that determines whether the next listed
    source is used, or the search terminates at the current source. Each
    criterion consists of one or more status codes, and actions to take if that
    status code occurs.
The following sources are implemented:
  
    | Source | Description | 
  
    | files | Local files, such as /etc/hosts, and
      /etc/passwd. | 
  
    | dns | Internet Domain Name System. “hosts” and
      “networks” use IN class entries, all other
      databases use HS class (Hesiod) entries. | 
  
    | mdnsd | Use mdnsd(8) for
      “hosts” lookups, acting as both a system-wide cache for
      normal unicast DNS as well as providing multicast DNS
      (“zeroconf”) lookups. | 
  
    | multicast_dns | Use mdnsd(8) only for
      multicast DNS “hosts” lookups. This would normally be used
      in conjunction with “dns”, which would then provide unicast
      DNS resolver functions. | 
  
    | nis | NIS (formerly YP) | 
  
    | compat | support ‘+/-’ in the “passwd” and
      “group” databases. If this is present, it must be the only
      source for that entry. | 
The following databases are used by the following C library functions:
The following status codes are available:
  
    | Status | Description | 
  
    | success | The requested entry was found. | 
  
    | notfound | The entry is not present at this source. | 
  
    | tryagain | The source is busy, and may respond to retries. | 
  
    | unavail | The source is not responding, or entry is corrupt. | 
For each of the status codes, one of two actions is possible:
  
    | Action | Description | 
  
    | continue | Try the next source | 
  
    | return | Return with the current result | 
A BNF description of the syntax of nsswitch.conf is:
  
    | <entry> | ::= <database> ":" [<source>
      [<criteria>]]* | 
  
    | <criteria> | ::= "[" <criterion>+ "]" | 
  
    | <criterion> | ::= <status> "=" <action> | 
  
    | <status> | ::= "success" | "notfound" | "unavail" |
      "tryagain" | 
  
    | <action> | ::= "return" | "continue" | 
Each entry starts on a new line in the file. A ‘#’
    delimits a comment to end of line. Blank lines are ignored. A
    ‘\’ at the end of a line escapes the newline, and causes the
    next line to be a continuation of the current line. All entries are
    case-insensitive.
The default criteria is to return on “success”, and
    continue on anything else (i.e, [success=return
    notfound=continue unavail=continue tryagain=continue] ).
In historical multi-source implementations, the ‘+’ and
  ‘-’ characters are used to specify the importing of user
  password and group information from NIS. Although
  nsswitch.conf provides alternative methods of
  accessing distributed sources such as NIS, specifying a sole source of
  “compat” will provide the historical behaviour.
An alternative source for the information accessed via
    ‘+/-’ can be used by specifying “passwd_compat:
    source”. “source” in this case can be
    ‘dns’, ‘nis’, or any other source except for
    ‘files’ and ‘compat’.
Historically, many of the databases had enumeration functions, often of the form
  getXXXent(). These made sense when the databases were
  in local files, but don't make sense or have lesser relevance when there are
  possibly multiple sources, each of an unknown size. The interfaces are still
  provided for compatibility, but the source may not be able to provide complete
  entries, or duplicate entries may be retrieved if multiple sources that
  contain similar information are specified.
To ensure compatibility with previous and current implementations,
    the “compat” source must appear alone for a given
  database.
If, for any reason, nsswitch.conf doesn't exist, or it
  has missing or corrupt entries,
  nsdispatch(3) will default
  to an entry of “files” for the requested database. Exceptions
  are:
  
    | Database | Default source list | 
  
    | group | compat | 
  
    | group_compat | nis | 
  
    | hosts | files dns | 
  
    | netgroup | files [notfound=return] nis | 
  
    | passwd | compat | 
  
    | passwd_compat | nis | 
  - /etc/nsswitch.conf
- The file nsswitch.confresides in
      /etc.
To lookup hosts in /etc/hosts and then from the DNS, and
  lookup user information from NIS then files, use:
  
    | hosts: | files dns | 
  
    | passwd: | nis [notfound=return] files | 
  
    | group: | nis [notfound=return] files | 
The criteria “[notfound=return]” sets a policy of
    "if the user is notfound in nis, don't try files." This treats nis
    as the authoritative source of information, except when the server is
  down.
The nsswitch.conf file format first appeared in
  NetBSD 1.4.
Luke Mewburn ⟨lukem@NetBSD.org⟩ wrote this
  freely distributable name-service switch implementation, using ideas from the
  ULTRIX svc.conf(5) and Solaris
  nsswitch.conf(4) manual
  pages.