Sunday, May 15, 2016

Oracle Linux Name Service Switch libraries

When scripting a bash solution which needs to check if a user is existing on your Oracle Linux instance you have a couple of options. The most known solution is to check if the username is present in the /etc/passwd file. You can simply do a cat of this file and using grep and wc command to make it more usable in your script. An example of this could be for example the command below which will give you the number of times that “apache” is mentioned in the file. Do remember, we assume this is the user apache and this is not very reliable in reality.

cat /etc/passwd | grep apache | wc –l

Another solution is making use of getent which is not that well known as the above example. The getent command displays entries from databases supported by the Name Service Switch libraries. An example of this is shown below:

[root@dev1 ~]# getent passwd apache
apache:x:48:48:Apache:/var/www:/sbin/nologin
[root@dev1 ~]#

Where in case the user is not existing the command will provide no output:

[root@dev1 ~]# getent passwd apache222
[root@dev1 ~]#

Using a wc –l on getent will provide you a more pure answer opposed to a wc –l on a cat from the passwd file. As stated; The getent command displays entries from databases supported by the Name Service Switch libraries. To understand this in a bit more detail and understand what databases are that are supported by the Name Service Switch libraries you can check the configuration file. Under Oracle Linux (and most other Linux distributions) this can be found at /etc/nsswitch.conf .  An example of a standard nsswitch.conf file is shown below. As you can see a lot more is supported by the Name Service Switch libraries and not only passwd.

#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
#       nisplus                 Use NIS+ (NIS version 3)
#       nis                     Use NIS (NIS version 2), also called YP
#       dns                     Use DNS (Domain Name Service)
#       files                   Use the local files
#       db                      Use the local database (.db) files
#       compat                  Use NIS on compat mode
#       hesiod                  Use Hesiod for user lookups
#       [NOTFOUND=return]       Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis

passwd:     files
shadow:     files
group:      files

#hosts:     db files nisplus nis dns
hosts:      files dns

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files

netgroup:   nisplus

publickey:  nisplus

automount:  files nisplus
aliases:    files nisplus

No comments: