Re: [patch] nsswitch.conf.5: clarify the "notfound" status
|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
Hello, I've updated the patch against the latest man-pages 3.41. Also, I've added description of the initgroups database, reformulated the note and moved it to the return action. What do you think? Thanks, peter --- nsswitch.conf.5.org 2012-05-10 22:13:23.000000000 +0200 +++ nsswitch.conf.5 2012-05-30 11:16:26.881542800 +0200 @@ -59,6 +59,11 @@ .BR gethostbyname (3) and related functions. .TP +.B initgroups +Supplementary group access list, used by +.BR getgrouplist (3) +function. +.TP .B netgroup Network-wide list of hosts and users, used for access rules. C libraries before glibc 2.1 supported netgroups only over NIS. @@ -241,6 +246,10 @@ .B return Return a result now. Do not call any further lookup functions. +However, for compatibility reasons, if this is the selected action +for the `group' database and the `notfound' status, +and the configuration file does not contain the `initgroups' line,+the next lookup function is always called, without affecting the search result.
.TP .B continue Call the next lookup function. On 03/30/2012 09:17 AM, Peter Schiffer wrote:
Hello guys, thanks for looking into this. I am adding some notes below: On 03/30/2012 01:27 AM, Michael Kerrisk (man-pages) wrote:On Fri, Mar 30, 2012 at 10:31 AM, Mark R Bannister <mark@xxxxxxxxxxxxxxxxxxxxx> wrote:On 29/03/2012 19:34, Michael Kerrisk (man-pages) wrote:I can't find this comment in glibc myself, there's nothing to this effect inOn Thu, Mar 29, 2012 at 9:09 AM, Mark R Bannister <mark@xxxxxxxxxxxxxxxxxxxxx> wrote:On 28/03/2012 19:27, Peter Schiffer wrote:Hello,I am suggesting the following update of the "notfound" status on the nsswitch.conf.5 man page. I am not 100% sure that this is the correctplacewhere this information on the man page should be placed. Any commentsare welcome.Hi Peter, I did a rewrite of the nsswitch.conf man page in October last year: http://article.gmane.org/gmane.linux.man/2366/match=nsswitch+conf I'm still waiting for Michael to incorporate these changes. May I suggestyou send in a patch that is applied against this? I would also suggestthatif you're going to make reference to "initgroups" you'll need to add somefurther description somewhere that explains what this is and when you would use it.Looking a little deeper at this, I'd like another set of eyes. Mark, would you be able to review Peter's patch? Thanks, Michaelgrp/initgroups.c ?Follow Peter's URL.I've tested on a build with glibc 2.5 - admittedly not the latest version but it does feature the initgroups functionality - and I am not witnessingthis behaviour. My configuration file has no initgroups line, and this entry: group: db [NOTFOUND=return] files...always returns as expected if my /var/db/group.db file does not containthe group entry that I am searching for. So I don't concur with the suggested change ...The result is always as expected, the added note should clarify how the search is done. Important example would be like this: group: files [!NOTFOUND=return] XXXXXX what means, according to the current text in the man page, that if the result from "files" is either SUCCESS, UNAVAIL or TRYAGAIN, then,it should be returned. Well, it is, but the XXXXXX is also _always_ searched. Without the suggested note, it can be confusing while testing or setting up, also, if the XXXXXX is some remote service, this can create some hard to finddelays. Thanks, peterIt looks like the change only arrived in glibc 2.14. Would you be able to take a look there? Thanks, Michael
-- To unsubscribe from this list: send the line "unsubscribe linux-man" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html