From debbugs-submit-bounces@debbugs.gnu.org Thu May 16 17:02:27 2024 Received: (at submit) by debbugs.gnu.org; 16 May 2024 21:02:27 +0000 Received: from localhost ([127.0.0.1]:50988 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s7iF8-00041d-QJ for submit@debbugs.gnu.org; Thu, 16 May 2024 17:02:27 -0400 Received: from lists.gnu.org ([209.51.188.17]:55710) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s7iF6-00041R-OV for submit@debbugs.gnu.org; Thu, 16 May 2024 17:02:25 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1s7iF3-0004po-Qq for guix-patches@gnu.org; Thu, 16 May 2024 17:02:22 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1s7iF2-0002Lt-IQ; Thu, 16 May 2024 17:02:20 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=T5F33nfKtE6ebjq3kWuAql7F+XF6JQR0uBHUoLvlkn4=; b=WVKZJVg/MB08LS LyE8T72bJU6KVlXa+AfmDFvSb/UT0CIWNTeLd33Gz8s2o7zoeuZJXtCrpliEIChV6ByfQmGujryVW 7udEvTBuq2cKN+c7ab4anNS8uaDA+/K8qYUJACcr7GcmhBMsAszbyW5u1icAVgt2UvlHZlil+qgXE 3lzEmX92eCWbrkArx21Emq98Mi52etBBRfRvbYDENcRs8BDl/9kTeoRHagc8uhUZduUqISqgcXtWy i0CGkYIPQSbxD3N6dK+0RulV0A2aEoHQwEbVjGc8X2CBk6RP2mZN0qbpZwWvu1QeoVNczaUeXv0md hQxSvEXOKEpamr1NFOaQ==; From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: guix-patches@gnu.org Subject: [PATCH] =?UTF-8?q?services:=20nscd:=20Enable=20=E2=80=98passwd?= =?UTF-8?q?=E2=80=99=20and=20=E2=80=98group=E2=80=99=20caches=20by=20defau?= =?UTF-8?q?lt.?= Date: Thu, 16 May 2024 23:01:45 +0200 Message-ID: <7942e1351315694f0c6675a702f4153fd83cadc3.1715893079.git.ludo@gnu.org> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) From: Ludovic Courtès This allows users to specify NSS plugins such as LDAP via the ‘name-services’ field of . Failing that, user code will dlopen whatever passwd/group plugins are listed in /etc/nsswitch.conf, which is likely to fail, typically because those are not in $LD_LIBRARY_PATH. * gnu/services/base.scm (%nscd-default-caches): Add ‘passwd’ and ‘group’ caches. Change-Id: I9c03346a1de2710685f7801eccd2e08007427f5d --- gnu/services/base.scm | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) Hi! I realized by looking at ‘strace id’ that our nscd instance was replying negatively to passwd and group lookups (to my surprise). Turns out we need to explicitly enable caching of a database in nscd.conf if we want nscd to honor lookups for that database. We really need nscd to honor passwd/group lookups if we want to support NSS plugins like LDAP or sss. (Now I realize that this is something Jean-François et al. probably experienced with their OpenLDAP service at .) Thoughts? Ludo’. diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 85160bd3abb..15f3807efcc 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1340,7 +1340,22 @@ (define %nscd-default-caches (positive-time-to-live (* 3600 24)) (negative-time-to-live 3600) (check-files? #t) ;check /etc/services changes - (persistent? #t)))) + (persistent? #t)) + + ;; Enable minimal caching of the user databases, not so much for + ;; caching but rather to allow that uses of NSS plugins like LDAP + ;; don't lead user processes to dlopen them (which is likely to fail + ;; due to them not being found in $LD_LIBRARY_PATH). + (nscd-cache (database 'passwd) + (positive-time-to-live 600) + (negative-time-to-live 20) + (check-files? #t) ;check /etc/passwd changes + (persistent? #f)) + (nscd-cache (database 'group) + (positive-time-to-live 600) + (negative-time-to-live 20) + (check-files? #t) ;check /etc/group changes + (persistent? #f)))) (define-deprecated %nscd-default-configuration #f base-commit: 58be9a79e2862d5fa9842d73f498ce2e5442b9ce -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Mon Jun 03 17:30:55 2024 Received: (at 70992-done) by debbugs.gnu.org; 3 Jun 2024 21:30:55 +0000 Received: from localhost ([127.0.0.1]:55878 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sEFGZ-0003fA-Bi for submit@debbugs.gnu.org; Mon, 03 Jun 2024 17:30:55 -0400 Received: from eggs.gnu.org ([209.51.188.92]:58334) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sEFGW-0003er-Mv for 70992-done@debbugs.gnu.org; Mon, 03 Jun 2024 17:30:54 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sEFGE-0004Ha-2y for 70992-done@debbugs.gnu.org; Mon, 03 Jun 2024 17:30:34 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=Ms9nieQA1ji1zFIlO3W8hs64pJBqOmHSSwKBIkoa2fg=; b=fI1Vcm+irvGE/Tke1euo cjsBrMC6qrBHWSMy9QyCoW4fY9h19XBNXvgzaDwpDlF+nI7/guhnd5btSFtyWZfFd/YU4IStNEA2a RSAR0/ZPmjF6wBbgJ4QKCahlXTc4CXb7jFx3qRA8VY9DEcDTN7VGflpjzUc5QRxULXh6oFBCkTgg8 iGdMjfroQBpPvCMQrGoy0U4NCzjin/H/LzGD5QLd76cF1VVkOQl4Il1op4jjVduNS+egXDt1W8sL7 F6aznoV1kdXr29jMXawSOOTVpQYYohbAkIpXZ26Y8LKmT39KhAGUL1P8FUueqz2UQjywQNXNtAKgx Y29ksUPbfrQnXQ==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: 70992-done@debbugs.gnu.org Subject: Re: [bug#70992] [PATCH] services: nscd: Enable =?utf-8?B?4oCYcGFz?= =?utf-8?B?c3dk4oCZ?= and =?utf-8?B?4oCYZ3JvdXDigJk=?= caches by default. In-Reply-To: <7942e1351315694f0c6675a702f4153fd83cadc3.1715893079.git.ludo@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22's?= message of "Thu, 16 May 2024 23:01:45 +0200") References: <7942e1351315694f0c6675a702f4153fd83cadc3.1715893079.git.ludo@gnu.org> Date: Mon, 03 Jun 2024 23:30:30 +0200 Message-ID: <87v82p90jt.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 70992-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Ludovic Court=C3=A8s skribis: > From: Ludovic Court=C3=A8s > > This allows users to specify NSS plugins such as LDAP via the > =E2=80=98name-services=E2=80=99 field of . Failing t= hat, user code > will dlopen whatever passwd/group plugins are listed in > /etc/nsswitch.conf, which is likely to fail, typically because those are > not in $LD_LIBRARY_PATH. > > * gnu/services/base.scm (%nscd-default-caches): Add =E2=80=98passwd=E2=80= =99 and =E2=80=98group=E2=80=99 > caches. > > Change-Id: I9c03346a1de2710685f7801eccd2e08007427f5d Pushed as 85ac164c41fc4c93d3cb2a5d3321c63598c2855f. Ludo=E2=80=99. From unknown Sat Jun 21 05:15:48 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Tue, 02 Jul 2024 11:24:13 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator