[PATCH] services: nscd: Enable ‘passwd’ and ‘group’ caches by default.

  • Done
  • quality assurance status badge
Details
One participant
  • Ludovic Courtès
Owner
unassigned
Submitted by
Ludovic Courtès
Severity
normal
L
L
Ludovic Courtès wrote on 16 May 23:01 +0200
[PATCH] services: nscd: Enable ‘passwd ’ and ‘group’ caches by defau lt.
(address . guix-patches@gnu.org)(name . Ludovic Courtès)(address . ludovic.courtes@inria.fr)
7942e1351315694f0c6675a702f4153fd83cadc3.1715893079.git.ludo@gnu.org
From: Ludovic Courtès <ludovic.courtes@inria.fr>

This allows users to specify NSS plugins such as LDAP via the
‘name-services’ field of <nscd-configuration>. Failing that, user code
will dlopen whatever passwd/group plugins are listed in
/etc/nsswitch.conf, which is likely to fail, typically because those are
not in $LD_LIBRARY_PATH.

* gnu/services/base.scm (%nscd-default-caches): Add ‘passwd’ and ‘group’
caches.

Change-Id: I9c03346a1de2710685f7801eccd2e08007427f5d
---
gnu/services/base.scm | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)

Hi!

I realized by looking at ‘strace id’ that our nscd instance was replying
negatively to passwd and group lookups (to my surprise). Turns out we
need to explicitly enable caching of a database in nscd.conf if we want
nscd to honor lookups for that database.

We really need nscd to honor passwd/group lookups if we want to support
NSS plugins like LDAP or sss. (Now I realize that this is something
Jean-François et al. probably experienced with their OpenLDAP service

Thoughts?

Ludo’.

Toggle diff (32 lines)
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 85160bd3abb..15f3807efcc 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1340,7 +1340,22 @@ (define %nscd-default-caches
(positive-time-to-live (* 3600 24))
(negative-time-to-live 3600)
(check-files? #t) ;check /etc/services changes
- (persistent? #t))))
+ (persistent? #t))
+
+ ;; Enable minimal caching of the user databases, not so much for
+ ;; caching but rather to allow that uses of NSS plugins like LDAP
+ ;; don't lead user processes to dlopen them (which is likely to fail
+ ;; due to them not being found in $LD_LIBRARY_PATH).
+ (nscd-cache (database 'passwd)
+ (positive-time-to-live 600)
+ (negative-time-to-live 20)
+ (check-files? #t) ;check /etc/passwd changes
+ (persistent? #f))
+ (nscd-cache (database 'group)
+ (positive-time-to-live 600)
+ (negative-time-to-live 20)
+ (check-files? #t) ;check /etc/group changes
+ (persistent? #f))))
(define-deprecated %nscd-default-configuration
#f

base-commit: 58be9a79e2862d5fa9842d73f498ce2e5442b9ce
--
2.41.0
L
L
Ludovic Courtès wrote on 3 Jun 23:30 +0200
Re: [bug#70992] [PATCH] services: nscd: Enable ‘pas swd’ and ‘group’ caches by default.
(address . 70992-done@debbugs.gnu.org)
87v82p90jt.fsf@gnu.org
Ludovic Courtès <ludo@gnu.org> skribis:

Toggle quote (13 lines)
> From: Ludovic Courtès <ludovic.courtes@inria.fr>
>
> This allows users to specify NSS plugins such as LDAP via the
> ‘name-services’ field of <nscd-configuration>. Failing that, user code
> will dlopen whatever passwd/group plugins are listed in
> /etc/nsswitch.conf, which is likely to fail, typically because those are
> not in $LD_LIBRARY_PATH.
>
> * gnu/services/base.scm (%nscd-default-caches): Add ‘passwd’ and ‘group’
> caches.
>
> Change-Id: I9c03346a1de2710685f7801eccd2e08007427f5d

Pushed as 85ac164c41fc4c93d3cb2a5d3321c63598c2855f.

Ludo’.
Closed
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 70992@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 70992
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch