[sudo-users] cannot sudo after short time - ldap/nis configuration

Edward Capriolo edlinuxguru at gmail.com
Tue Oct 20 18:27:52 EDT 2009


On Tue, Oct 20, 2009 at 6:20 PM, Todd C. Miller
<Todd.Miller at courtesan.com> wrote:
> In message <4ADE12CF.9010601 at simulexinc.com>
>        so spake Jason Hamilton (jhamilton):
>
>> If I kill nscd then I can't even ssh into the box :-)
>
> Doh.  I wouldn't have expected that; things should work OK w/o the
> caching.
>
>  - todd
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>

Actually not having NSCD can be a huge problem. Once you go the LDAP
route several systems calls in libc rely on it. If you have nscd off,
each time a file owned by an LDAP users is 'stat'ed the system will do
LDAP lookups. (this is implementation dependent).

Worse case scenario, say a file in your web directory gets owned by an
LDAP user. Each hit to that file ends up doing a 'stat' each stat does
a lookup. = Big Trouble.



More information about the sudo-users mailing list