GNU bug report logs -
#70992
[PATCH] services: nscd: Enable ‘passwd’ and ‘group’ caches by default.
Previous Next
To reply to this bug, email your comments to 70992 AT debbugs.gnu.org.
There is no need to reopen the bug first.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#70992; Package
guix-patches.
(Thu, 16 May 2024 21:03:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Ludovic Courtès <ludo <at> gnu.org>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Thu, 16 May 2024 21:03:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludovic.courtes <at> inria.fr>
This allows users to specify NSS plugins such as LDAP via the
‘name-services’ field of <nscd-configuration>. Failing that, user code
will dlopen whatever passwd/group plugins are listed in
/etc/nsswitch.conf, which is likely to fail, typically because those are
not in $LD_LIBRARY_PATH.
* gnu/services/base.scm (%nscd-default-caches): Add ‘passwd’ and ‘group’
caches.
Change-Id: I9c03346a1de2710685f7801eccd2e08007427f5d
---
gnu/services/base.scm | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
Hi!
I realized by looking at ‘strace id’ that our nscd instance was replying
negatively to passwd and group lookups (to my surprise). Turns out we
need to explicitly enable caching of a database in nscd.conf if we want
nscd to honor lookups for that database.
We really need nscd to honor passwd/group lookups if we want to support
NSS plugins like LDAP or sss. (Now I realize that this is something
Jean-François et al. probably experienced with their OpenLDAP service
at <https://issues.guix.gnu.org/52578>.)
Thoughts?
Ludo’.
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 85160bd3abb..15f3807efcc 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1340,7 +1340,22 @@ (define %nscd-default-caches
(positive-time-to-live (* 3600 24))
(negative-time-to-live 3600)
(check-files? #t) ;check /etc/services changes
- (persistent? #t))))
+ (persistent? #t))
+
+ ;; Enable minimal caching of the user databases, not so much for
+ ;; caching but rather to allow that uses of NSS plugins like LDAP
+ ;; don't lead user processes to dlopen them (which is likely to fail
+ ;; due to them not being found in $LD_LIBRARY_PATH).
+ (nscd-cache (database 'passwd)
+ (positive-time-to-live 600)
+ (negative-time-to-live 20)
+ (check-files? #t) ;check /etc/passwd changes
+ (persistent? #f))
+ (nscd-cache (database 'group)
+ (positive-time-to-live 600)
+ (negative-time-to-live 20)
+ (check-files? #t) ;check /etc/group changes
+ (persistent? #f))))
(define-deprecated %nscd-default-configuration
#f
base-commit: 58be9a79e2862d5fa9842d73f498ce2e5442b9ce
--
2.41.0
Reply sent
to
Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility.
(Mon, 03 Jun 2024 21:31:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Ludovic Courtès <ludo <at> gnu.org>:
bug acknowledged by developer.
(Mon, 03 Jun 2024 21:31:02 GMT)
Full text and
rfc822 format available.
Message #10 received at 70992-done <at> debbugs.gnu.org (full text, mbox):
Ludovic Courtès <ludo <at> gnu.org> skribis:
> From: Ludovic Courtès <ludovic.courtes <at> inria.fr>
>
> This allows users to specify NSS plugins such as LDAP via the
> ‘name-services’ field of <nscd-configuration>. Failing that, user code
> will dlopen whatever passwd/group plugins are listed in
> /etc/nsswitch.conf, which is likely to fail, typically because those are
> not in $LD_LIBRARY_PATH.
>
> * gnu/services/base.scm (%nscd-default-caches): Add ‘passwd’ and ‘group’
> caches.
>
> Change-Id: I9c03346a1de2710685f7801eccd2e08007427f5d
Pushed as 85ac164c41fc4c93d3cb2a5d3321c63598c2855f.
Ludo’.
This bug report was last modified 5 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.