services: nscd: Enable ‘passwd’ and ‘group’ caches by default.

This allows users to specify NSS plugins such as LDAP via the ‘name-services’ field of <nscd-configuration>. Failing that, user code will dlopen whatever passwd/group plugins are listed in /etc/nsswitch.conf, which is likely to fail, typically because those are not in $LD_LIBRARY_PATH. * gnu/services/base.scm (%nscd-default-caches): Add ‘passwd’ and ‘group’ caches. Change-Id: I9c03346a1de2710685f7801eccd2e08007427f5d
2024-05-16 22:50:22 +02:00 · 2024-05-16 22:50:22 +02:00 · 85ac164c41
parent 53db1ed94e
commit 85ac164c41
1 changed files with 16 additions and 1 deletions
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@ -1340,7 +1340,22 @@ the tty to run, among other things."
                    (positive-time-to-live (* 3600 24))
                    (negative-time-to-live 3600)
                    (check-files? #t)             ;check /etc/services changes
-                    (persistent? #t))))
+                    (persistent? #t))
+
+        ;; Enable minimal caching of the user databases, not so much for
+        ;; caching but rather to allow that uses of NSS plugins like LDAP
+        ;; don't lead user processes to dlopen them (which is likely to fail
+        ;; due to them not being found in $LD_LIBRARY_PATH).
+        (nscd-cache (database 'passwd)
+                    (positive-time-to-live 600)
+                    (negative-time-to-live 20)
+                    (check-files? #t)             ;check /etc/passwd changes
+                    (persistent? #f))
+        (nscd-cache (database 'group)
+                    (positive-time-to-live 600)
+                    (negative-time-to-live 20)
+                    (check-files? #t)             ;check /etc/group changes
+                    (persistent? #f))))

 (define-deprecated %nscd-default-configuration
  #f