cvs commit: hints nss_db.txt
tushar at linuxfromscratch.org
tushar at linuxfromscratch.org
Sun Jun 20 20:48:06 PDT 2004
tushar 04/06/20 21:48:06
Added: . nss_db.txt
Added Hint: nss_db
Revision Changes Path
AUTHOR: Randy McMurchy <LFS-User_at_mcmurchy_dot_com>
LICENSE: Creative Commons Attribution-NonCommercial-ShareAlike License
SYNOPSIS: Installing the nss_db library and creating the NSS db files
This hint will guide you through the installation of the nss_db package and
population of the NSS db files. Additionally, the hint covers making the
necessary changes to /etc/nsswitch.conf as well as providing another way to
populate some of the db files.
Alternate location: http://www.mcmurchy.com/lfs/nss_db-2.2-update-1.patch
An LFS system using glibc-2.3.x.
2. Package Dependencies
3. Package Installation
Download the package
Patch the package
Update the autotool programs
Configure the build
Build the package
Checking the build
Install the package
Stripping the binaries
4. Creating the DB Files
5. Configuring /etc/nsswitch.conf
6. Testing the Installation
7. Alternate Method to Populate Files
8. Issues, Gotchas and Other Sundry Items
9. To Do List
Up until version 2.2.0 of glibc, the nss_db library, as well as Berkeley DB,
were included with the glibc package. Beginning with glibc-2.2.0, nss_db and
DB were removed from glibc as the maintainers could not control the version
of DB installed on the system. If DB was upgraded on the system, it could
render nss_db unusable. So, at this point the decision was made to make
nss_db a separate package.
As official glibc releases were made public, nss_db was left behind. There's
been no official updates to the nss_db package since glibc-2.2.0. Some of the
mainstream Linux distro's have been keeping nss_db alive during this time.
This hint brings nss_db back to LFS users.
The following files are duplicated as db files and may be used as primary or
alternate nameservice files using the nss_db library.
There are many good uses for nss_db as a nameservice resolver on your system.
1) On a stand-alone Linux system, nss_db can be used to provide a backup
mechanism for the nameservice /etc/flatfiles. There are reports that if your
Linux system has very large /etc/flatfiles, using nss_db to resolve the
nameservice information is faster than using the /etc/flatfiles.
2) In a networked environment, the administrator can create db files to
supplement the /etc/flatfiles. These db files could be placed on an NFS
partition which is locally mounted by other systems, giving the administrator
a central location for updating nameservice information.
3) In a network environment where usernames are resolved over the network
(LDAP, WINS, etc.), local copies of the username login authentication files
can be locally stored, eliminating the need to fetch this information from
2. PACKAGE DEPENDENCIES:
Berkeley DB-4.1.25 (DB-4.2.52 would probably work as well, though I've not
Instructions for installing the DB package can be found at:
3. PACKAGE INSTALLATION:
Download the package:
The last available "official" release of nss_db is nss_db-2.2 and can be
downloaded using the following URL's:
Patch the package:
You must first download and install the patch. The patch is included as an
attachment to this hint. See the Attachments section at the beginning of the
hint for download locations.
Patch the package by running the following command:
patch -Np1 -i ../nss_db-2.2-update-1.patch
The patch does many things.
1) Allows building against glibc-2.3.x.
2) Changes DB calls to use DB-4.x
3) Fixes a problem with a db-open routine.
4) Allows a user-specified db directory using --localstatedir as a switch to
the configure script.
5) Modifies the Makefile used to create the db files to reflect the directory
used to store the files, then copies the Makefile into this db directory.
Update the autotool programs:
Run the following commands to create the proper autotool programs and
You may receive warnings when running the "aclocal", "automake" and
"autoconf" programs. You can safely ignore these warnings.
Configure the Build:
./configure --prefix=/usr --localstatedir=/var/lib/nss_db
--prefix=/usr installs the library in /lib and the makedb program in /usr/bin
--localstatedir=/var/lib/nss_db is used to point to the location of the
actual db files created by the makedb program. The default location is
/var/db, however there is no mention of this directory in the FHS guidelines.
You may choose any directory you wish. If you desire the glibc default of
/var/db, simply leave off the --localstatedir switch altogether.
Build the Package:
Simply running the "make" command will build the package.
Checking the Build:
There are no "check" rules in the various subdirectory makefiles, so there's
nothing to check. Running the "make check" command is pointless.
Install the Package:
***** The remainder of this hint must be performed by the root user *****
Simply issue a "make install" command to install the package.
Stripping the Binaries:
If desired, strip the unnecessary symbols from the installed binaries by
issuing the following commands:
strip --strip-all /usr/bin/makedb
strip --strip-debug /lib/libnss_db.so.2.0.0
If your system's /usr directory is not part of the root partition and is not
mounted in single-user mode, you may wish to copy the DB libraries to /lib so
that the nss_db library can find them during times when /usr is not mounted.
The following commands move libraries created by Berkeley DB-4.1.25. If you
have installed a newer version of DB, you may need to change the following
commands to reflect the actual names of the DB libraries.
Use the following commands to move the DB libraries and create symlinks in
/usr/lib pointing back to /lib so that programs looking for DB in /usr/lib
mv /usr/lib/libdb-4.1.so /lib
mv /usr/lib/libdb-4.so /lib
mv /usr/lib/libdb.so /lib
ln -s ../../lib/libdb-4.1.so /usr/lib/libdb-4.1.so
ln -s ../../lib/libdb-4.so /usr/lib/libdb-4.so
ln -s ../../lib/libdb.so /usr/lib/libdb.so
Update the linker's library cache file by issuing the "ldconfig" command:
4. CREATING THE DB FILES:
To create the db files, simply run the following command:
make -f /var/lib/nss_db/Makefile
You should substitute the correct path to the Makefile if you omitted or used
a different path on the --localstatedir switch to the configure command
during installation of the package.
After creating the initinal db files, if you modify any of the /etc/flatfiles
and want to update the db files, simply run the command again. The
appropriate db files will be updated to reflect the changes in the /etc
5. CONFIGURING /etc/nsswitch.conf
So that glibc can use the db files, you'll need to make appropriate changes
to the /etc/nsswitch.conf file. I won't insult you by recommending any
necessary changes. If you're installing the nss_db package, you should know
how to use it! If you need a refresher, start by looking at the man page for
nsswitch.conf. This reference doesn't explicitly cover the use of db files,
though you should be able to get the drift from the example files given.
The actual files used by nss_db that can be referenced in the nsswitch.conf
file are listed in the Introduction section of this hint.
6. TESTING THE INSTALLATION:
Testing the installation is simple. Modify any of the /etc/flatfiles and
run the make script to update the db files. Then remove the modifications
from the /etc files and test.
Alternately, if you've already created the db files and don't wish to add
anything to them, make backup copies and remove a user from /etc/passwd
or an entry in /etc/services, or any other file you've identified in the
/etc/nsswitch.conf file to resolve using nss_db and test.
7. ALTERNATE METHOD TO POPULATE FILES:
The procedures up to this point provide a way to duplicate the information
in /etc/flatfiles. You can also use nss_db to resolve information from other
sources. This section deals with using sources other than /etc for the passwd
and group files.
If your system resolves user and group names using sources other than
/etc/passwd and /etc/group, you can create db files using another method.
This method requires the use of the nss_updatedb package provided by PADL
The instructions for downloading and installing the nss_updatedb package can
be found in my ldap_nameservice.txt hint, right now located at:
Note: If you specified a custom directory (other than /var/db) using the
--localstatedir switch to the configure script when you built the nss_db
package, you'll need to install the patch I created for the nss_updatedb
package. By default, the nss_updatedb package creates/updates files in the
/var/db directory. Instructions for downloading and installing the patch are
included in the ldap_nameservice.txt hint.
See the README file included with the nss_updatedb package for instructions
on using the package to create/update the passwd and group db files.
8. ISSUES, GOTCHAS AND OTHER SUNDRY ITEMS:
1) I've not tested nss_db using anything but Berkeley DB-4.1.25. If you find
this hint works using the newer DB-4.2.52 package, I would appreciate you
dropping me a line letting me know this. I'll be testing this soon, but for
now, I'm just making a note of it.
2) I've not tested nss_db using NPTL builds. As soon as I get around to
building an NPTL based system, I'll test this.
1) Test nss_db using DB-4.2.52
2) Test nss_db using NPTL based systems.
3) Test nss_db using nss_updatedb to create passwd and group files based on
During the testing and experimenting with an installation using LDAP and
Kerberos is where my idea of resurrecting nss_db came about. I wanted a way
to have local access to the LDAP user/group information. Because PADL
software already had the nss_updatedb package, all there was for me to do was
figure out how my LFS system could use nss_db. Thanks to the help of the
folks mentioned below and a little perseverance on my part, nss_db is now
available to LFS users. Enjoy!
Luke Howard <lukeh_at_padl_dot_com> for a fix to an nss_db db-open bug
DJ Lucas <dj_at_lucasit_dot_com> for the research and assistance
* Original draft
More information about the hints