Re: Seeking clarification for nscd invalidation
On Mon, Jul 4, 2022 at 3:30 PM Marc Haber <mh+debian-glibc@zugschlus.de> wrote:
> adduser still has code to invalidate nscd cache after doing changes to
> the user database. I would like to get rid of this and just document
> that people using nscd should use the provided hook to invalidate their
> nscd cache after creating or deleting users.
>
> I am wondering whether this is actually needed any more. The nscd source
> code contains numerous calls to inotify, and
> https://man7.org/linux/man-pages/man8/nscd.8.html suggests that it
> actually notices changes to the passwd/group "database" files and
> invalidates automatically at least since 2015. The nscd manpage in
> Debian seems to have been taken from a different source. I guess it was
> not updated.
>
> Do we still need to invalidate nscd cache "manually" or will nscd cover
> the basic use cases automatically?
I'm a glibc maintainer.
In 2015 nscd's inotify support was improved to cover many more cases
of editors changing the files with specific patterns of file system accesses.
You can verify that nscd is catching the cases you care about by running
it in '--debug' mode to let you see the cache invalidation.
If cases of filesystem changes are not covered then nscd should be fixed.
nscd is still being used by Guix and other distributions. Fedora is no longer
going to ship nscd in favour of sssd as a caching framework. The future
of nscd is likely going to be to simplify the code and provide a very thin
local cache, but this is still up for discussion.
Cheers,
Carlos.
Reply to: