[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#793649: nscd does not invalidate all caches (esp. netgroup)



Package: nscd
Version: 2.19-18
Severity: important
Tags: patch
User: debian-edu@lists.debian.org
Usertags: debian-edu
X-Debbugs-Cc: debian-edu@lists.debian.org

Dear maintainer(s) of nscd,

these days I upgraded a Debian Edu mainserver from squeeze to Debian jessie.

I really spent several hours with NFSv4 problems due to a non-invalidated netgroup cache on reboot. Seemingly, the nscd cache of nscd in Debian squeeze is incompatible with the nscd cache of nscd in Debian jessie. So checking if a host is in a given netgroup always fails if nscd is running.

Steps to reproduce (you don't wanna do this, as it takes hours):

  Install a Debian Edu squeeze server
  Upgrade it to Debian (Edu) jessie
  Add a new test-host to the workstation-hosts netgroup (in LDAP)
  Check if the test-host is in the netgroup:

$ innetgroup -h test-host.intern workstation-hosts && echo TRUE || echo FALSE
  FALSE
  Result: test-host.intern is not in the workstation-hosts netgroup

  Then stop nscd and test again...
$ innetgroup -h test-host.intern workstation-hosts && echo TRUE || echo FALSE
  TRUE
  Result: test-host.intern is in the workstation-hosts netgroup

  Then stop nscd and remove all files in /var/cache/nscd/
  Start nscd again and test again...
$ innetgroup -h test-host.intern workstation-hosts && echo TRUE || echo FALSE
  TRUE
Result: test-host.intern is in the workstation-hosts netgroup, now reported via nscd


In /etc/init.d/nscd, we find this:

"""
invalidate_cache()
{
	for table in passwd group hosts ; do
		$DAEMON --invalidate $table
	done
}
"""

This should be either replaced by

"""
invalidate_cache()
{
for table in $(grep -P "^[\ \t]+enable-cache[\ \t]+\w+[\ \t]+yes$" /etc/nscd.conf | awk '{ print $2 }'); do
		$DAEMON --invalidate $table
	done
}
"""

or by
invalidate_cache()
{
        rm -f /var/cache/nscd/*
}

As this issue will be bugging people upgrading a Debian Edu main server from squeeze to wheezy/jessie, the Debian Edu team will highly appreciate it to such a change as proposed above enter Debian jessie.

light+love,
Mike

--

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb

Attachment: pgpxR2gVInXsC.pgp
Description: Digitale PGP-Signatur


Reply to: