[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

NSCD, /var/db, etc

Currently things aren't working as well as they could regarding password data.

One problem that has recently been discussed is that the nscd will cache
negative entries relating to /etc/passwd lookups.

Another problem is that there is no good reliable way of running databases for
/etc/passwd etc.  If /etc/nsswitch.conf has "passwd: db files" then if you do a
list-all-users type operation (such as on starting a version of XDM that has
icons for users) then every account will be listed twice.  Also if you remove
an account then it'll still be in the database...  If you just have "passwd:
db" then when you make a change to /etc/passwd it won't be noticed until the
next time you run the make command to rebuild the database.

The solution to the first problem could be to have the default /etc/nscd.conf
not negatively cache entries from /etc/passwd.  I don't think that it's so
important to cache negative entries because they aren't generally triggered by
daemons from inetd or cron jobs so they aren't going to be common enough to
cause a serious loss of performance.  In any case if you have a small
/etc/passwd or a passwd database then it won't take long, if you have a large
/etc/passwd then performance will suck no matter what you do.

The solution to the second problem IMHO is to do what AIX does.  On AIX when
you have indexes for /etc/passwd etc the system stat's the index files and the
flat-files.  The file with the newest time-stamp is used.  So if you have made
new indexes more recently than the flat file has changed then the database is
used for speed.  If the flat file has been changed since the last time the
database was generated then it will be used for accuracy.
This system works so well that I have no doubt that it is the correct way to do
things.  The only question is what is the best way to implement it?  Should it
be a change to /lib/libnss_db* ?  Or should we just send the suggestion
upstream and hope for the best?
NB This is something that really concerns me.  I am involved with an AIX server
for 30K users.  I would prefer to see some of it's functions moved to a Linux

Russell Coker

PS We really need some documentation for nscd...

Reply to: