[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Another solution (was Re: All services that require a restart from libc6 upgrade...)

On Tue, 17 Oct 2000, Ben Collins wrote:

> If changing nsswitch.conf did not propogate to running programs, then we
> wouldn't be having this problem. I don't see how you can argue against one
> solution by claiming something that would negate the problem in the first
> place. These programs have an issue because NSS is not loaded permanently,

We both seem to agree that once you make a call that results in
nsswith.conf being loaded glibc will cache that load and not load it
again. (strace ls and you can see it does it exactly once)

Furthermore glibc also dlopens the nss libraries exactly once, it never
unloads them. (strace again if you have doubts)

So I claim that there are programs which do not need to be restarted and
will not honor changes to nsswitch.conf [notice I didn't say all things,
only some]. If you accept the above, we can prove this assertion by just
using lsof, and seeing who has loaded some nss modules:

syslogd     840      root  mem    REG               8,20    22920
639454 /lib/libnss_db-2.1.3.so
ippl        873      root  mem    REG               8,20    22920
639454 /lib/libnss_db-2.1.3.so
proftpd     912      root  mem    REG               8,20    22920
639454 /lib/libnss_db-2.1.3.so
cron        918      root  mem    REG               8,20    22920
639454 /lib/libnss_db-2.1.3.so
apache      923      root  mem    REG               8,20    22920
639454 /lib/libnss_db-2.1.3.so


Of note is that exim's daemon is not in the list above, and exim is by far
the worst offender for this problem - exactly because it doesn't have a
preload nss.

When setting up Debian boxes for our LDAP system I have run into the
problem I am describing, things like apache and boa will not honor ~ dirs
that are resolved using a changed nssswitch.conf file.

So my take on this whole thing is make it a non-problem and make it
consistent. nsswitch.conf does not affect running daemons, and running
daemons do not need restarting when glibc is upgraded. Simple, robust,

If ever glibc alters its behavior WRT to nsswitch.conf then this scheme
stil works, except that changing nsswitch.conf after a libc6 upgrade will
go back to requiring daemon restarts.

> it, and I change my nsswitch.conf quite often to test LDAP, NIS and the
> like. I've never seen this happen and the change is always picked up.

Would you like a demo? Lets abuse faure for a moment..

faure{root}/tmp#id jgg
uid=1083(jgg) gid=800(Debian) groups=800(Debian),4(adm),38(list),102(distmnt)
faure{root}/tmp#wget http://localhost/~jgg 
12:52:08 (739.26 KB/s) - `index.html.3' saved [757]
[edit nssswitch.conf]
faure{root}/tmp#id jgg
id: jgg: No such user
faure{root}/tmp#wget http://localhost/~jgg
12:52:57 (739.26 KB/s) - `index.html.4' saved [757]
faure{root}/tmp#/etc/init.d/apache restart
Reloading apache modules.
/usr/sbin/apachectl stop: httpd stopped
/usr/sbin/apachectl start: httpd started
faure{root}/tmp#wget http://localhost/~jgg
HTTP request sent, awaiting response... 404 Not Found



Reply to: