C library system-call wrappers, or the lack thereof
C library system-call wrappers, or the lack thereof
Posted Nov 13, 2018 1:55 UTC (Tue) by fartman (guest, #128226)In reply to: C library system-call wrappers, or the lack thereof by Cyberax
Parent article: C library system-call wrappers, or the lack thereof
*) There's a NSSS project already from Laurent that provides NSS compatibility for it https://github.com/skarnet/nsss
*) Another is using FUSE modules that provide a NSS API to existing modules and on read requests show a merged version of everything in the specific files (for example, a fuse-passwd could be mounted on top of the regular /etc/passwd and any requests to read() mean it will supply a merged version of all user database and then the libc function just parses from it as usual).
Posted Nov 13, 2018 2:10 UTC (Tue)
by Cyberax (✭ supporter ✭, #52523)
[Link] (1 responses)
Posted Nov 13, 2018 11:36 UTC (Tue)
by nix (subscriber, #2304)
[Link]
Posted Nov 13, 2018 15:41 UTC (Tue)
by quotemstr (subscriber, #45331)
[Link] (1 responses)
Posted Nov 13, 2018 16:28 UTC (Tue)
by smurf (subscriber, #17840)
[Link]
That's benign. The really interesting part is when your user database is not enumerable, e.g. because you don't have the rights to do so.
Posted Nov 14, 2018 0:34 UTC (Wed)
by sbaugh (guest, #103291)
[Link] (10 responses)
If you are enthusiastic about replacing NSS with an IPC-based API, please, promote use of nscd by default in Debian and Fedora! IMO, that's the only realistic route to achieve the goal.
Posted Nov 14, 2018 3:09 UTC (Wed)
by quotemstr (subscriber, #45331)
[Link]
Posted Nov 14, 2018 6:16 UTC (Wed)
by drag (guest, #31333)
[Link] (8 responses)
That's news to me.
I probably had to restart nscd thousands of times across hundreds of machines. It was flakier then ntpd, which is saying a lot.
Nobody should be installing nscd anymore. It has always been terrible and it's always going to be terrible.
Posted Nov 14, 2018 12:42 UTC (Wed)
by nix (subscriber, #2304)
[Link] (7 responses)
It is clearly not unreliable for many people, given that glibc upstream has been talking about replacing nss with nscd by default for some time now.
I think you need to investigate more....
Posted Nov 14, 2018 12:53 UTC (Wed)
by smurf (subscriber, #17840)
[Link] (6 responses)
Today? no problem IMHO, and it does speed things up (a lot, for some installations).
Posted Nov 14, 2018 15:25 UTC (Wed)
by zdzichu (subscriber, #17118)
[Link] (3 responses)
Except when it doesn't work, which is a daily occurrence: When allocating a dynamic user, a lookup is done in systemd, which fails (because the user doesnt exist, and systemd is going to allocate a dynamic uid for it) but then that answer is cached and after the dynamic user is set up, nscd will still say the user isn't created.
Posted Nov 14, 2018 16:40 UTC (Wed)
by nybble41 (subscriber, #55106)
[Link]
Posted Nov 14, 2018 19:01 UTC (Wed)
by quotemstr (subscriber, #45331)
[Link]
Posted Nov 15, 2018 16:05 UTC (Thu)
by nix (subscriber, #2304)
[Link]
Posted Nov 14, 2018 17:05 UTC (Wed)
by drag (guest, #31333)
[Link] (1 responses)
Posted Nov 15, 2018 16:07 UTC (Thu)
by nix (subscriber, #2304)
[Link]
C library system-call wrappers, or the lack thereof
C library system-call wrappers, or the lack thereof
C library system-call wrappers, or the lack thereof
C library system-call wrappers, or the lack thereof
C library system-call wrappers, or the lack thereof
C library system-call wrappers, or the lack thereof
C library system-call wrappers, or the lack thereof
C library system-call wrappers, or the lack thereof
C library system-call wrappers, or the lack thereof
C library system-call wrappers, or the lack thereof
C library system-call wrappers, or the lack thereof
C library system-call wrappers, or the lack thereof
C library system-call wrappers, or the lack thereof
C library system-call wrappers, or the lack thereof
C library system-call wrappers, or the lack thereof