Date: Tue, 31 Jan 2012 16:03:25 -0800 From: Benjamin Lee <ben@b1c1l1.com> To: "O. Hartmann" <ohartman@zedat.fu-berlin.de> Cc: Current FreeBSD <freebsd-current@freebsd.org> Subject: Re: using nscd (ldap) makes passwd/group disappearing while installing ports Message-ID: <4F28814D.2030804@b1c1l1.com> In-Reply-To: <4F287338.8000002@zedat.fu-berlin.de> References: <4F287338.8000002@zedat.fu-berlin.de>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigEC6F7B58BF123392C1E1F8AF Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 01/31/2012 03:03 PM, O. Hartmann wrote: > I'm using on a couple of servers the nameservice cache dameon nscd and > cache "group", "passwd" and "sudoers". Backend is LDAP, but local files= > should searched first. then ldap. cache is searched the very first even= > before files. >=20 > Well, I'd expect that if a group is present, like "cups" or "dhcp" and > reside in the local file (/etc/group or /etc/passwd), they are cached. >=20 > Installing net/isc-dhcp42-server fails with this error: >=20 >=20 > gmake[1]: Leaving directory > `/usr/ports/net/isc-dhcp42-server/work/dhcp-4.2.3-P2/server' > gmake[1]: Entering directory > `/usr/ports/net/isc-dhcp42-server/work/dhcp-4.2.3-P2' > gmake[1]: Nothing to be done for `all-am'. > gmake[1]: Leaving directory > `/usr/ports/net/isc-dhcp42-server/work/dhcp-4.2.3-P2' > =3D=3D=3D> Installing for isc-dhcp42-server-4.2.3_2 > =3D=3D=3D> Generating temporary packing list > =3D=3D=3D> Creating users and/or groups. > Creating group `dhcpd' with gid `136'. > pw: group disappeared during update > *** Error code 70 >=20 > Stop in /usr/ports/net/isc-dhcp42-server. > *** Error code 1 >=20 > Stop in /usr/ports/net/isc-dhcp42-server. What's going on is: 1) The port checks if the group exists 2) nscd caches that the group does not exist in its negative cache 3) pw(8) creates the group then checks if it exists 4) nscd returns the negative cache entry (group does not exist) This causes pw(8) to error since it expects the group that it just created to exist. > I also have this error very often when rebuilding/updating or even > installing cups when "nscd" is enabled. A simple restart of nscd helps > in most cases, most times I need to disable "cache" tag in > /etc/nsswitch.conf, then everything runs smooth. >=20 > Well, this behaviour is since a couple of years now, occurs sporadic. I= > have had in FreeBSD 7, 8, 9 and I see it in 10. What is it? >=20 > I like the cache facility, since in domains with a lot of users > searching LDAP takes some time and caching help keeping traffic and > latency short. But the namservice caching mechanism seems to be > unreliable. What is up there? You should put "files" before "cache" in /etc/nsswitch.conf, e.g.: group: files cache ldap passwd: files cache ldap The problem is that tools that modify the passwd and group files, like pw(8), don't invalidate nscd's negative cache entries when making changes. --=20 Benjamin Lee http://www.b1c1l1.com/ --------------enigEC6F7B58BF123392C1E1F8AF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPKIFSAAoJEAzughVKX1dUBOMP/A/DmkDCV23FwZoCJftKop1s KuFmP1VAFeJb7NgVsuqpajKkVCK7bPCTR0h7iEmaGukAZxsQ9iWnzWduujRGZmjg XRXpdXw1UY4/xTJyJh1ILPPvXr6ejSdvde38DqsjY1Ee7EhilqXmril3zh8K6k3M PXzTrGkpyYi8ZmPD6STf0bq+RM3BxrjXCi5fLER7ufxr5i+AGukPF/b1uSiC+sUm pOYKmsu9ZjA92TXUvhhraZDXEbROI8EEGcccMnebVEOkqueqkE9tfRz4Xlz54cOY RBwujRyzvvolS60Yy4AZgqGuFYLW9hDZKhxW4xIb+WaOIHRrSNH8YF0nDXXQVQT4 BGkA6JIblgNyeqX7RYiyM6G1O2RV6LWGVUWgVk+GHHgcYQGPu/KQX7gE2kBptynH vDY6UpLCLuL9u7xVY4U5qKPAl1bzXbLaHjTvmZxGZ6PoEhO07hCvy6gGRKp5B+7I 7+AGjVTEt7/dbr/p48JNZUffbnjOG6vptLDUh0+O9AffDsiUwPM538bIsFBclK9z 1WIfsBQsX9cRWBihA/YBGHexqbYBtdaO2sK+5phx1/1ixm2wBF3nltCXz0B3nSzX 2Kwx1+pytZWW/thMzKsX64HnSpTTfZpHrT/slQ+GWfevOrHUgAcLi09Gh7Coubp5 cXi1XDQNrSjberphhBi7 =fxlZ -----END PGP SIGNATURE----- --------------enigEC6F7B58BF123392C1E1F8AF--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F28814D.2030804>