Bug#793649: nscd does not invalidate all caches (esp. netgroup)

[Mike Gabriel]

Package: nscd
Version: 2.19-18
Severity: important
Tags: patch
User: debian-...@lists.debian.org
Usertags: debian-edu
X-Debbugs-Cc: debian-...@lists.debian.org

Dear maintainer(s) of nscd,

these days I upgraded a Debian Edu mainserver from squeeze to Debian jessie.



Steps to reproduce (you don't wanna do this, as it takes hours):

  Install a Debian Edu squeeze server
  Upgrade it to Debian (Edu) jessie
  Add a new test-host to the workstation-hosts netgroup (in LDAP)
  Check if the test-host is in the netgroup:


  FALSE
  Result: test-host.intern is not in the workstation-hosts netgroup

  Then stop nscd and test again...

  TRUE
  Result: test-host.intern is in the workstation-hosts netgroup

  Then stop nscd and remove all files in /var/cache/nscd/
  Start nscd again and test again...

  TRUE



In /etc/init.d/nscd, we find this:

"""
invalidate_cache()
{
        for table in passwd group hosts ; do
                $DAEMON --invalidate $table
        done
}
"""

This should be either replaced by

"""
invalidate_cache()
{

                $DAEMON --invalidate $table
        done
}
"""

or by
invalidate_cache()
{
        rm -f /var/cache/nscd/*
}



light+love,
Mike

--

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb

I really spent several hours with NFSv4 problems due to a non-invalidated netgroup cache on reboot. Seemingly, the nscd cache of nscd in Debian squeeze is incompatible with the nscd cache of nscd in Debian jessie. So checking if a host is in a given netgroup always fails if nscd is running. $ innetgroup -h test-host.intern workstation-hosts && echo TRUE || echo FALSE $ innetgroup -h test-host.intern workstation-hosts && echo TRUE || echo FALSE $ innetgroup -h test-host.intern workstation-hosts && echo TRUE || echo FALSE Result: test-host.intern is in the workstation-hosts netgroup, now reported via nscd for table in $(grep -P "^[\ \t]+enable-cache[\ \t]+\w+[\ \t]+yes$" /etc/nscd.conf | awk '{ print $2 }'); do As this issue will be bugging people upgrading a Debian Edu main server from squeeze to wheezy/jessie, the Debian Edu team will highly appreciate it to such a change as proposed above enter Debian jessie.

pgpyQgsTLX8QY.pgp
Description: Digitale PGP-Signatur