Re: Can we build a proper email cluster? (was: Re: Why is debian.org email so unreliable?)

To: debian-isp@lists.debian.org
Subject: Re: Can we build a proper email cluster? (was: Re: Why is debian.org email so unreliable?)
From: Russell Coker <russell@coker.com.au>
Date: Thu, 14 Oct 2004 00:20:07 +1000
Message-id: <[🔎] 200410140020.08051.russell@coker.com.au>
Reply-to: russell@coker.com.au
In-reply-to: <[🔎] 20041013132304.GF17418@grep.be>
References: <20040921141306.GY642@parcelfarce.linux.theplanet.co.uk> <[🔎] 200410132301.42366.russell@coker.com.au> <[🔎] 20041013132304.GF17418@grep.be>

On Wed, 13 Oct 2004 23:23, Wouter Verhelst <wouter@grep.be> wrote:
> > > This is not the case for Debian; and yes, we already do have local fast
> > > DB caches (using libnss-db).
> >
> > That's an entirely different issue.
>
> No, it's not, not in this case anyway.
>
> > libnss-db is just for faster access to /etc/passwd.
>
> You are mistaken. In the FreeBSD implementation, it is; however, the
> Linux implementation allows other things to be done with it.
>
> For instance, my /etc/default/libnss-db contains the following lines:
>
> ETC = /root/stage
> DBS = passwd group shadow

shadow is part of the passwd setup.  group does no good on most systems (on my 
system /etc/group is only 70 lines and the database gives no benefit).

> I also have a script which creates (incomplete (as in, without system
> users)) files /root/stage/{passwd,shadow,group} containing just the user
> and group records that are in LDAP. Next, /etc/nsswitch.conf contains
> the following:
>
> passwd:         db compat
> group:          db compat
> shadow:         db compat

So what's the point of having LDAP if you are going to manually copy flat 
files around?

> > The implementation in Linux is fairly poor however, it doesn't even
> > stat /etc/passwd to see if it's newer than the db.
>
> That's a feature, not a bug. Unless you want it to check 'the passwd
> file' as it is defined in /etc/default/libnss-db (or another
> configuration file), in which case it would indeed be a good idea.

If you want the database to be in sync with the flat file and be usable 
without gross hacks as it is in AIX then it's a serious bug.

> > The performance gain isn't as good as you would expect either.
>
> Been there, done that.
>
> IME, doing this kind of thing is *way* faster than using libnss-ldap.

Way faster than a non-local LDAP.  But not significantly faster than flat 
files unless you have >10,000 users (which isn't the case for Debian).

> An added bonus is that the libnss-db Makefile will not update the .db
> files if the original ones are empty; so if the LDAP daemon dies or is
> unavailable for some reason, my users can still login, even after the
> next time the cronjob runs. This is not the case with libnss-ldap, AIUI.

True.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

Follow-Ups:
- this thread moved (was: Can we build a proper email cluster?)
  - From: martin f krafft <madduck@debian.org>
- Re: Can we build a proper email cluster?
  - From: Wouter Verhelst <wouter@grep.be>

References:
- Re: Can we build a proper email cluster? (was: Re: Why is debian.org email so unreliable?)
  - From: Russell Coker <russell@coker.com.au>
- Re: Can we build a proper email cluster? (was: Re: Why is debian.org email so unreliable?)
  - From: Wouter Verhelst <wouter@grep.be>

Prev by Date: Re: Bug#276217: postfix: random SIGSEGV in smtp processes
Next by Date: this thread moved (was: Can we build a proper email cluster?)
Previous by thread: Re: Can we build a proper email cluster? (was: Re: Why is debian.org email so unreliable?)
Next by thread: this thread moved (was: Can we build a proper email cluster?)
Index(es):
- Date
- Thread