From 85ac164c41fc4c93d3cb2a5d3321c63598c2855f Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Thu, 16 May 2024 22:50:22 +0200 Subject: services: nscd: Enable ‘passwd’ and ‘group’ caches by default. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This allows users to specify NSS plugins such as LDAP via the ‘name-services’ field of . Failing that, user code will dlopen whatever passwd/group plugins are listed in /etc/nsswitch.conf, which is likely to fail, typically because those are not in $LD_LIBRARY_PATH. * gnu/services/base.scm (%nscd-default-caches): Add ‘passwd’ and ‘group’ caches. Change-Id: I9c03346a1de2710685f7801eccd2e08007427f5d --- gnu/services/base.scm | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'gnu/services') diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 984670cd32..5f69b68f79 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1340,7 +1340,22 @@ (define %nscd-default-caches (positive-time-to-live (* 3600 24)) (negative-time-to-live 3600) (check-files? #t) ;check /etc/services changes - (persistent? #t)))) + (persistent? #t)) + + ;; Enable minimal caching of the user databases, not so much for + ;; caching but rather to allow that uses of NSS plugins like LDAP + ;; don't lead user processes to dlopen them (which is likely to fail + ;; due to them not being found in $LD_LIBRARY_PATH). + (nscd-cache (database 'passwd) + (positive-time-to-live 600) + (negative-time-to-live 20) + (check-files? #t) ;check /etc/passwd changes + (persistent? #f)) + (nscd-cache (database 'group) + (positive-time-to-live 600) + (negative-time-to-live 20) + (check-files? #t) ;check /etc/group changes + (persistent? #f)))) (define-deprecated %nscd-default-configuration #f -- cgit v1.2.3