What is it ?

nsss is an implementation of a subset of the pwd.h, group.h and shadow.h family of functions, performing user database access on Unix systems.

Usually, user database access via getpwnam() and similar function is provided by the system's libc. However, not all libcs implement a configurable backend for the user/group database. For instance the musl libc, on Linux, only supports the standard /etc/passwd mechanism; it also supports the nscd protocol but this is not quite enough to implement the full set of database access functions with certain backends (such as a LDAP server).

nsss is a secure implementation of configurable user/group/shadow database access, providing getpwnam() et al. functionality by communicating over a Unix domain socket with a daemon; the daemon can perform lookups in any database it chooses.

Unlike NSS, nsss does not perform dynamic module loading, only adds a small footprint to the application's binary, and does not add any complex decision engine into the client's address space. Applications can be statically linked against the nsss library, and still benefit from configurable user database access functions.




nsss is free software. It is available under the ISC license.



Upgrade notes




Related resources

nsss discussion