Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 09 Aug 2011 11:11:47 -0700
From:      Doug Barton <>
To:        Peter Wemm <>
Cc:, "Simon L. B. Nielsen" <>,,,
Subject:   Re: svn commit: r224674 - head/etc
Message-ID:  <>
In-Reply-To: <>
References:  <> <> <> <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
This is a multi-part message in MIME format.
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

On 08/09/2011 10:04, Peter Wemm wrote:
> On Tue, Aug 9, 2011 at 12:30 AM, Doug Barton <> wrote:
>> On 08/09/2011 00:07, Peter Wemm wrote:
>>> As much as I'd like to see NIS die a painful death, the answer to the
>>> question of helping non-NIS users is "not much" as things stand.
>>> The nis, files and dns components are statically compiled into libc.
>>> There is no expensive dlopen("/usr/lib/") to optimize out,
>>> unlike some other systems.
>>> The runtime overheads are negligible.  The compiled-in routines check
>>> if nis activated with one syscall and immediately return NS_UNAVAIL if
>>> nis is not configured.
>> None of this is relevant. The problem is that when you install the
>> system, by default it generates errors for every access to /etc/passwd,
>> /etc/group, or /etc/services. This is a silly way to ship a system.
> It does what??  The code is completely passive unless NIS is configured.

Well I feel stupid. What I was remembering as the default state (errors
produced by default) was incorrect. I had recently installed a new
system and thought that I was seeing what I remembered, but it turns out
that was a different issue. As a result I failed to check my facts, and
it turns out that I was 100% wrong. My sincere apologies to all involved
for the time-suck, as well as the breakage I caused.

Meanwhile, here is a patch which restores the old nsswitch.conf, and
restores Ed's change with a slightly improved sed filter which produces
this output instead of removing the _compat lines altogether:

group: files
# group_compat: nis
hosts: files dns
networks: files
passwd: files
# passwd_compat: nis
shells: files
services: files
# services_compat: nis
protocols: files
rpc: files

IMO that will make it easier if users want to go back and enable NIS
down the road. However if the prevailing wisdom is to just back out my
change and go back to Ed's previous version I'm Ok with that.



	Nothin' ever doesn't change, but nothin' changes much.
			-- OK Go

	Breadth of IT experience, and depth of knowledge in the DNS.
	Yours for the right price.  :)

Content-Type: text/plain;
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;

Index: Makefile
--- Makefile	(revision 224688)
+++ Makefile	(working copy)
@@ -256,6 +256,10 @@
+.if ${MK_NIS} == "no"
+	sed -i "" -e 's/.*_compat:/# &/' -e 's/compat$$/files/' \
+		${DESTDIR}/etc/nsswitch.conf
 	mtree -eU ${MTREE_FOLLOWS_SYMLINKS} -f ${.CURDIR}/mtree/BSD.root.dist -p ${DESTDIR}/
Index: nsswitch.conf
--- nsswitch.conf	(revision 224688)
+++ nsswitch.conf	(working copy)
@@ -1,23 +1,15 @@
+# nsswitch.conf(5) - name service switch configuration file
 # $FreeBSD$
-# To enable NIS the commented entries should replace their uncommented
-# equivalents.  See nsswitch.conf(5) for more information.
-group: files
-#group_compat: nis
-#group: compat
-passwd: files
-#passwd_compat: nis
-#passwd: compat
-services: files
-#services_compat: nis
-#services: compat
+group: compat
+group_compat: nis
 hosts: files dns
 networks: files
+passwd: compat
+passwd_compat: nis
 shells: files
+services: compat
+services_compat: nis
 protocols: files
 rpc: files


Want to link to this message? Use this URL: <>