cvs commit: hints nss_db.txt

tushar at tushar at
Sun Jun 20 20:48:06 PDT 2004

tushar      04/06/20 21:48:06

  Added:       .        nss_db.txt
  Added Hint: nss_db
  Revision  Changes    Path
  1.1                  hints/nss_db.txt
  Index: nss_db.txt
  AUTHOR:   Randy McMurchy <LFS-User_at_mcmurchy_dot_com>
  DATE:     2004-06-08
  LICENSE:  Creative Commons Attribution-NonCommercial-ShareAlike License
  SYNOPSIS: Installing the nss_db library and creating the NSS db files
  This hint will guide you through the installation of the nss_db package and
  population of the NSS db files. Additionally, the hint covers making the
  necessary changes to /etc/nsswitch.conf as well as providing another way to
  populate some of the db files.
  Alternate location:
  An LFS system using glibc-2.3.x.
          1. Introduction
          2. Package Dependencies
          3. Package Installation
              Download the package
              Patch the package
              Update the autotool programs
              Configure the build
              Build the package
              Checking the build
              Install the package
              Stripping the binaries
              Installation modifications
              Update /etc/
          4. Creating the DB Files
          5. Configuring /etc/nsswitch.conf
          6. Testing the Installation
          7. Alternate Method to Populate Files
          8. Issues, Gotchas and Other Sundry Items
          9. To Do List
         10. Closing
  Up until version 2.2.0 of glibc, the nss_db library, as well as Berkeley DB,
  were included with the glibc package. Beginning with glibc-2.2.0, nss_db and
  DB were removed from glibc as the maintainers could not control the version
  of DB installed on the system. If DB was upgraded on the system, it could 
  render nss_db unusable. So, at this point the decision was made to make
  nss_db a separate package.
  As official glibc releases were made public, nss_db was left behind. There's
  been no official updates to the nss_db package since glibc-2.2.0. Some of the
  mainstream Linux distro's have been keeping nss_db alive during this time.
  This hint brings nss_db back to LFS users.
  The following files are duplicated as db files and may be used as primary or
  alternate nameservice files using the nss_db library.
  1) /etc/passwd
  2) /etc/group
  3) /etc/shadow
  4) /etc/services
  5) /etc/protocols
  6) /etc/rpc
  There are many good uses for nss_db as a nameservice resolver on your system.
  1) On a stand-alone Linux system, nss_db can be used to provide a backup
  mechanism for the nameservice /etc/flatfiles. There are reports that if your
  Linux system has very large /etc/flatfiles, using nss_db to resolve the 
  nameservice information is faster than using the /etc/flatfiles.
  2) In a networked environment, the administrator can create db files to 
  supplement the /etc/flatfiles. These db files could be placed on an NFS
  partition which is locally mounted by other systems, giving the administrator
  a central location for updating nameservice information.
  3) In a network environment where usernames are resolved over the network
  (LDAP, WINS, etc.), local copies of the username login authentication files
  can be locally stored, eliminating the need to fetch this information from
  the network.
  Berkeley DB-4.1.25 (DB-4.2.52 would probably work as well, though I've not
  tested this.)
  Instructions for installing the DB package can be found at:
  Current release:
  Tested release:
  Download the package:
  The last available "official" release of nss_db is nss_db-2.2 and can be
  downloaded using the following URL's:
  Anonymous FTP:
  Patch the package:
  You must first download and install the patch. The patch is included as an
  attachment to this hint. See the Attachments section at the beginning of the
  hint for download locations.
  Patch the package by running the following command:
  patch -Np1 -i ../nss_db-2.2-update-1.patch
  The patch does many things.
  1) Allows building against glibc-2.3.x.
  2) Changes DB calls to use DB-4.x
  3) Fixes a problem with a db-open routine.
  4) Allows a user-specified db directory using --localstatedir as a switch to
     the configure script.
  5) Modifies the Makefile used to create the db files to reflect the directory
     used to store the files, then copies the Makefile into this db directory.
  Update the autotool programs:
  Run the following commands to create the proper autotool programs and
  automake -a
  libtoolize -f
  You may receive warnings when running the "aclocal", "automake" and
  "autoconf" programs. You can safely ignore these warnings.
  Configure the Build:
  ./configure --prefix=/usr --localstatedir=/var/lib/nss_db
  Command explanation:
  --prefix=/usr installs the library in /lib and the makedb program in /usr/bin
  --localstatedir=/var/lib/nss_db is used to point to the location of the
  actual db files created by the makedb program. The default location is
  /var/db, however there is no mention of this directory in the FHS guidelines.
  You may choose any directory you wish. If you desire the glibc default of
  /var/db, simply leave off the --localstatedir switch altogether.
  Build the Package:
  Simply running the "make" command will build the package.
  Checking the Build:
  There are no "check" rules in the various subdirectory makefiles, so there's
  nothing to check. Running the "make check" command is pointless.
  Install the Package:
  *****                                                                  *****
  *****  The remainder of this hint must be performed by the root user   *****
  *****                                                                  *****
  Simply issue a "make install" command to install the package.
  Stripping the Binaries:
  If desired, strip the unnecessary symbols from the installed binaries by
  issuing the following commands:
  strip --strip-all /usr/bin/makedb
  strip --strip-debug /lib/
  Installation Modifications:
  If your system's /usr directory is not part of the root partition and is not
  mounted in single-user mode, you may wish to copy the DB libraries to /lib so
  that the nss_db library can find them during times when /usr is not mounted.
  The following commands move libraries created by Berkeley DB-4.1.25. If you
  have installed a newer version of DB, you may need to change the following
  commands to reflect the actual names of the DB libraries.
  Use the following commands to move the DB libraries and create symlinks in
  /usr/lib pointing back to /lib so that programs looking for DB in /usr/lib
  won't break.
  mv /usr/lib/ /lib
  mv /usr/lib/ /lib
  mv /usr/lib/ /lib
  ln -s ../../lib/ /usr/lib/
  ln -s ../../lib/ /usr/lib/
  ln -s ../../lib/ /usr/lib/
  Update /etc/
  Update the linker's library cache file by issuing the "ldconfig" command:
  ldconfig -v
  To create the db files, simply run the following command:
  make -f /var/lib/nss_db/Makefile
  You should substitute the correct path to the Makefile if you omitted or used
  a different path on the --localstatedir switch to the configure command
  during installation of the package.
  After creating the initinal db files, if you modify any of the /etc/flatfiles
  and want to update the db files, simply run the command again. The
  appropriate db files will be updated to reflect the changes in the /etc
  5. CONFIGURING /etc/nsswitch.conf
  So that glibc can use the db files, you'll need to make appropriate changes
  to the /etc/nsswitch.conf file. I won't insult you by recommending any
  necessary changes. If you're installing the nss_db package, you should know
  how to use it! If you need a refresher, start by looking at the man page for
  nsswitch.conf. This reference doesn't explicitly cover the use of db files,
  though you should be able to get the drift from the example files given.
  The actual files used by nss_db that can be referenced in the nsswitch.conf
  file are listed in the Introduction section of this hint. 
  Testing the installation is simple. Modify any of the /etc/flatfiles and
  run the make script to update the db files. Then remove the modifications
  from the /etc files and test.
  Alternately, if you've already created the db files and don't wish to add
  anything to them, make backup copies and remove a user from /etc/passwd
  or an entry in /etc/services, or any other file you've identified in the
  /etc/nsswitch.conf file to resolve using nss_db and test.
  The procedures up to this point provide a way to duplicate the information
  in /etc/flatfiles. You can also use nss_db to resolve information from other
  sources. This section deals with using sources other than /etc for the passwd
  and group files. 
  If your system resolves user and group names using sources other than
  /etc/passwd and /etc/group, you can create db files using another method.
  This method requires the use of the nss_updatedb package provided by PADL
  The instructions for downloading and installing the nss_updatedb package can
  be found in my ldap_nameservice.txt hint, right now located at:
  Note: If you specified a custom directory (other than /var/db) using the
  --localstatedir switch to the configure script when you built the nss_db
  package, you'll need to install the patch I created for the nss_updatedb
  package. By default, the nss_updatedb package creates/updates files in the
  /var/db directory. Instructions for downloading and installing the patch are
  included in the ldap_nameservice.txt hint.
  See the README file included with the nss_updatedb package for instructions
  on using the package to create/update the passwd and group db files.
  1) I've not tested nss_db using anything but Berkeley DB-4.1.25. If you find
  this hint works using the newer DB-4.2.52 package, I would appreciate you 
  dropping me a line letting me know this. I'll be testing this soon, but for
  now, I'm just making a note of it.
  2) I've not tested nss_db using NPTL builds. As soon as I get around to 
  building an NPTL based system, I'll test this.
  9. TODO:
  1) Test nss_db using DB-4.2.52
  2) Test nss_db using NPTL based systems.
  3) Test nss_db using nss_updatedb to create passwd and group files based on
     WINS data.
  10. CLOSING:
  During the testing and experimenting with an installation using LDAP and
  Kerberos is where my idea of resurrecting nss_db came about. I wanted a way
  to have local access to the LDAP user/group information. Because PADL
  software already had the nss_updatedb package, all there was for me to do was
  figure out how my LFS system could use nss_db. Thanks to the help of the 
  folks mentioned below and a little perseverance on my part, nss_db is now
  available to LFS users. Enjoy!
  Luke Howard <lukeh_at_padl_dot_com> for a fix to an nss_db db-open bug
  DJ Lucas <dj_at_lucasit_dot_com> for the research and assistance
      * Original draft

More information about the hints mailing list