From: "Ludovic Courtès" <ludo@gnu.org>
To: 70992@debbugs.gnu.org
Cc: "Ludovic Courtès" <ludovic.courtes@inria.fr>
Subject: [bug#70992] [PATCH] services: nscd: Enable ‘passwd’ and ‘group’ caches by default.
Date: Thu, 16 May 2024 23:01:45 +0200 [thread overview]
Message-ID: <7942e1351315694f0c6675a702f4153fd83cadc3.1715893079.git.ludo@gnu.org> (raw)
From: Ludovic Courtès <ludovic.courtes@inria.fr>
This allows users to specify NSS plugins such as LDAP via the
‘name-services’ field of <nscd-configuration>. Failing that, user code
will dlopen whatever passwd/group plugins are listed in
/etc/nsswitch.conf, which is likely to fail, typically because those are
not in $LD_LIBRARY_PATH.
* gnu/services/base.scm (%nscd-default-caches): Add ‘passwd’ and ‘group’
caches.
Change-Id: I9c03346a1de2710685f7801eccd2e08007427f5d
---
gnu/services/base.scm | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
Hi!
I realized by looking at ‘strace id’ that our nscd instance was replying
negatively to passwd and group lookups (to my surprise). Turns out we
need to explicitly enable caching of a database in nscd.conf if we want
nscd to honor lookups for that database.
We really need nscd to honor passwd/group lookups if we want to support
NSS plugins like LDAP or sss. (Now I realize that this is something
Jean-François et al. probably experienced with their OpenLDAP service
at <https://issues.guix.gnu.org/52578>.)
Thoughts?
Ludo’.
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 85160bd3abb..15f3807efcc 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1340,7 +1340,22 @@ (define %nscd-default-caches
(positive-time-to-live (* 3600 24))
(negative-time-to-live 3600)
(check-files? #t) ;check /etc/services changes
- (persistent? #t))))
+ (persistent? #t))
+
+ ;; Enable minimal caching of the user databases, not so much for
+ ;; caching but rather to allow that uses of NSS plugins like LDAP
+ ;; don't lead user processes to dlopen them (which is likely to fail
+ ;; due to them not being found in $LD_LIBRARY_PATH).
+ (nscd-cache (database 'passwd)
+ (positive-time-to-live 600)
+ (negative-time-to-live 20)
+ (check-files? #t) ;check /etc/passwd changes
+ (persistent? #f))
+ (nscd-cache (database 'group)
+ (positive-time-to-live 600)
+ (negative-time-to-live 20)
+ (check-files? #t) ;check /etc/group changes
+ (persistent? #f))))
(define-deprecated %nscd-default-configuration
#f
base-commit: 58be9a79e2862d5fa9842d73f498ce2e5442b9ce
--
2.41.0
next reply other threads:[~2024-05-16 21:03 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-16 21:01 Ludovic Courtès [this message]
2024-06-03 21:30 ` bug#70992: [PATCH] services: nscd: Enable ‘passwd’ and ‘group’ caches by default Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7942e1351315694f0c6675a702f4153fd83cadc3.1715893079.git.ludo@gnu.org \
--to=ludo@gnu.org \
--cc=70992@debbugs.gnu.org \
--cc=ludovic.courtes@inria.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.