GNU bug report logs -
#70992
[PATCH] services: nscd: Enable ‘passwd’ and ‘group’ caches by default.
Previous Next
Reported by: Ludovic Courtès <ludo <at> gnu.org>
Date: Thu, 16 May 2024 21:03:01 UTC
Severity: normal
Tags: patch
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Your message dated Mon, 03 Jun 2024 23:30:30 +0200
with message-id <87v82p90jt.fsf <at> gnu.org>
and subject line Re: [bug#70992] [PATCH] services: nscd: Enable ‘passwd’ and ‘group’ caches by default.
has caused the debbugs.gnu.org bug report #70992,
regarding [PATCH] services: nscd: Enable ‘passwd’ and ‘group’ caches by default.
to be marked as done.
(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)
--
70992: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=70992
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
From: Ludovic Courtès <ludovic.courtes <at> inria.fr>
This allows users to specify NSS plugins such as LDAP via the
‘name-services’ field of <nscd-configuration>. Failing that, user code
will dlopen whatever passwd/group plugins are listed in
/etc/nsswitch.conf, which is likely to fail, typically because those are
not in $LD_LIBRARY_PATH.
* gnu/services/base.scm (%nscd-default-caches): Add ‘passwd’ and ‘group’
caches.
Change-Id: I9c03346a1de2710685f7801eccd2e08007427f5d
---
gnu/services/base.scm | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
Hi!
I realized by looking at ‘strace id’ that our nscd instance was replying
negatively to passwd and group lookups (to my surprise). Turns out we
need to explicitly enable caching of a database in nscd.conf if we want
nscd to honor lookups for that database.
We really need nscd to honor passwd/group lookups if we want to support
NSS plugins like LDAP or sss. (Now I realize that this is something
Jean-François et al. probably experienced with their OpenLDAP service
at <https://issues.guix.gnu.org/52578>.)
Thoughts?
Ludo’.
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 85160bd3abb..15f3807efcc 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1340,7 +1340,22 @@ (define %nscd-default-caches
(positive-time-to-live (* 3600 24))
(negative-time-to-live 3600)
(check-files? #t) ;check /etc/services changes
- (persistent? #t))))
+ (persistent? #t))
+
+ ;; Enable minimal caching of the user databases, not so much for
+ ;; caching but rather to allow that uses of NSS plugins like LDAP
+ ;; don't lead user processes to dlopen them (which is likely to fail
+ ;; due to them not being found in $LD_LIBRARY_PATH).
+ (nscd-cache (database 'passwd)
+ (positive-time-to-live 600)
+ (negative-time-to-live 20)
+ (check-files? #t) ;check /etc/passwd changes
+ (persistent? #f))
+ (nscd-cache (database 'group)
+ (positive-time-to-live 600)
+ (negative-time-to-live 20)
+ (check-files? #t) ;check /etc/group changes
+ (persistent? #f))))
(define-deprecated %nscd-default-configuration
#f
base-commit: 58be9a79e2862d5fa9842d73f498ce2e5442b9ce
--
2.41.0
[Message part 3 (message/rfc822, inline)]
Ludovic Courtès <ludo <at> gnu.org> skribis:
> From: Ludovic Courtès <ludovic.courtes <at> inria.fr>
>
> This allows users to specify NSS plugins such as LDAP via the
> ‘name-services’ field of <nscd-configuration>. Failing that, user code
> will dlopen whatever passwd/group plugins are listed in
> /etc/nsswitch.conf, which is likely to fail, typically because those are
> not in $LD_LIBRARY_PATH.
>
> * gnu/services/base.scm (%nscd-default-caches): Add ‘passwd’ and ‘group’
> caches.
>
> Change-Id: I9c03346a1de2710685f7801eccd2e08007427f5d
Pushed as 85ac164c41fc4c93d3cb2a5d3321c63598c2855f.
Ludo’.
This bug report was last modified 353 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.