diff options
Diffstat (limited to 'man5/nscd.conf.5')
-rw-r--r-- | man5/nscd.conf.5 | 342 |
1 files changed, 342 insertions, 0 deletions
diff --git a/man5/nscd.conf.5 b/man5/nscd.conf.5 new file mode 100644 index 0000000..041793e --- /dev/null +++ b/man5/nscd.conf.5 @@ -0,0 +1,342 @@ +.\" Copyright (c) 1999, 2000 SuSE GmbH Nuernberg, Germany +.\" Author: Thorsten Kukuk <kukuk@suse.de> +.\" Updates: Greg Banks <gbanks@linkedin.com> Copyright (c) 2021 Microsoft Corp. +.\" +.\" SPDX-License-Identifier: GPL-2.0-or-later +.\" +.TH nscd.conf 5 2023-02-05 "Linux man-pages 6.05.01" +.SH NAME +nscd.conf \- name service cache daemon configuration file +.SH DESCRIPTION +The file +.I /etc/nscd.conf +is read from +.BR nscd (8) +at startup. +Each line specifies either an attribute and a value, or an +attribute, service, and a value. +Fields are separated either by SPACE +or TAB characters. +A \[aq]#\[aq] (number sign) indicates the beginning of a +comment; following characters, up to the end of the line, +are not interpreted by nscd. +.PP +Valid services are \fIpasswd\fP, \fIgroup\fP, \fIhosts\fP, \fIservices\fP, +or \fInetgroup\fP. +.PP +.B logfile +.I debug-file-name +.RS +Specifies name of the file to which debug info should be written. +.RE +.PP +.B debug\-level +.I value +.RS +Sets the desired debug level. +0 hides debug info. +1 shows general debug info. +2 additionally shows data in cache dumps. +3 (and above) shows all debug info. +The default is 0. +.RE +.PP +.B threads +.I number +.RS +This is the initial number of threads that are started to wait for +requests. +At least five threads will always be created. +The number of threads may increase dynamically up to +.B max\-threads +in response to demand from clients, +but never decreases. +.RE +.PP +.B max\-threads +.I number +.RS +Specifies the maximum number of threads. +The default is 32. +.RE +.PP +.B server\-user +.I user +.RS +If this option is set, nscd will run as this user and not as root. +If a separate cache for every user is used (\-S parameter), this +option is ignored. +.RE +.PP +.B stat\-user +.I user +.RS +Specifies the user who is allowed to request statistics. +.RE +.PP +.B reload\-count +unlimited | +.I number +.RS +Sets a limit on the number of times a cached entry +gets reloaded without being used +before it gets removed. +The limit can take values ranging from 0 to 254; +values 255 or higher behave the same as +.BR unlimited . +Limit values can be specified in either decimal +or hexadecimal with a "0x" prefix. +The special value +.B unlimited +is case-insensitive. +The default limit is 5. +A limit of 0 turns off the reloading feature. +See NOTES below for further discussion of reloading. +.RE +.PP +.B paranoia +.I <yes|no> +.RS +Enabling paranoia mode causes nscd to restart itself periodically. +The default is no. +.RE +.PP +.B restart\-interval +.I time +.RS +Sets the restart interval to +.I time +seconds +if periodic restart is enabled by enabling +.B paranoia +mode. +The default is 3600. +.RE +.PP +.B enable\-cache +.I service +.I <yes|no> +.RS +Enables or disables the specified +.I service +cache. +The default is no. +.RE +.PP +.B positive\-time\-to\-live +.I service +.I value +.RS +Sets the TTL (time-to-live) for positive entries (successful queries) +in the specified cache for +.IR service . +.I Value +is in seconds. +Larger values increase cache hit rates and reduce mean +response times, but increase problems with cache coherence. +Note that for some name services (including specifically DNS) +the TTL returned from the name service is used and +this attribute is ignored. +.RE +.PP +.B negative\-time\-to\-live +.I service +.I value +.RS +Sets the TTL (time-to-live) for negative entries (unsuccessful queries) +in the specified cache for +.IR service . +.I Value +is in seconds. +Can result in significant performance improvements if there +are several files owned by UIDs (user IDs) not in system databases (for +example untarring the Linux kernel sources as root); should be kept small +to reduce cache coherency problems. +.RE +.PP +.B suggested\-size +.I service +.I value +.RS +This is the internal hash table size, +.I value +should remain a prime number for optimum efficiency. +The default is 211. +.RE +.PP +.B check\-files +.I service +.I <yes|no> +.RS +Enables or disables checking the file belonging to the specified +.I service +for changes. +The files are +.IR /etc/passwd , +.IR /etc/group , +.IR /etc/hosts , +.IR /etc/resolv.conf , +.IR /etc/services , +and +.IR /etc/netgroup . +The default is yes. +.RE +.PP +.B persistent +.I service +.I <yes|no> +.RS +Keep the content of the cache for +.I service +over server restarts; useful when +.B paranoia +mode is set. +The default is no. +.RE +.PP +.B shared +.I service +.I <yes|no> +.RS +The memory mapping of the nscd databases for +.I service +is shared with the clients so +that they can directly search in them instead of having to ask the +daemon over the socket each time a lookup is performed. +The default is no. +Note that a cache miss will still result in +asking the daemon over the socket. +.RE +.PP +.B max\-db\-size +.I service +.I bytes +.RS +The maximum allowable size, in bytes, of the database files for the +.IR service . +The default is 33554432. +.RE +.PP +.B auto\-propagate +.I service +.I <yes|no> +.RS +When set to +.I no +for +.I passwd +or +.I group +service, then the +.I .byname +requests are not added to +.I passwd.byuid +or +.I group.bygid +cache. +This can help with tables containing multiple records for the same ID. +The default is yes. +This option is valid only for services +.I passwd +and +.IR group . +.RE +.SH NOTES +The default values stated in this manual page originate +from the source code of +.BR nscd (8) +and are used if not overridden in the configuration file. +The default values used in the configuration file of +your distribution might differ. +.SS Reloading +.BR nscd (8) +has a feature called reloading, +whose behavior can be surprising. +.PP +Reloading is enabled when the +.B reload-count +attribute has a non-zero value. +The default value in the source code enables reloading, +although your distribution may differ. +.PP +When reloading is enabled, +positive cached entries (the results of successful queries) +do not simply expire when their TTL is up. +Instead, at the expiry time, +.B nscd +will "reload", +i.e., +re-issue to the name service the same query that created the cached entry, +to get a new value to cache. +Depending on +.I /etc/nsswitch.conf +this may mean that a DNS, LDAP, or NIS request is made. +If the new query is successful, +reloading will repeat when the new value would expire, +until +.B reload-count +reloads have happened for the entry, +and only then will it actually be removed from the cache. +A request from a client which hits the entry will +reset the reload counter on the entry. +Purging the cache using +.I nscd\~-i +overrides the reload logic and removes the entry. +.PP +Reloading has the effect of extending cache entry TTLs +without compromising on cache coherency, +at the cost of additional load on the backing name service. +Whether this is a good idea on your system depends on +details of your applications' behavior, +your name service, +and the effective TTL values of your cache entries. +Note that for some name services +(for example, DNS), +the effective TTL is the value returned from the name service and +.I not +the value of the +.B positive\-time\-to\-live +attribute. +.PP +Please consider the following advice carefully: +.IP \[bu] 3 +If your application will make a second request for the same name, +after more than 1 TTL but before +.B reload\-count +TTLs, +and is sensitive to the latency of a cache miss, +then reloading may be a good idea for you. +.IP \[bu] +If your name service is configured to return very short TTLs, +and your applications only make requests rarely under normal circumstances, +then reloading may result in additional load on your backing name service +without any benefit to applications, +which is probably a bad idea for you. +.IP \[bu] +If your name service capacity is limited, +reloading may have the surprising effect of +increasing load on your name service instead of reducing it, +and may be a bad idea for you. +.IP \[bu] +Setting +.B reload\-count +to +.B unlimited +is almost never a good idea, +as it will result in a cache that never expires entries +and puts never-ending additional load on the backing name service. +.PP +Some distributions have an init script for +.BR nscd (8) +with a +.I reload +command which uses +.I nscd\~-i +to purge the cache. +That use of the word "reload" is entirely different +from the "reloading" described here. +.SH SEE ALSO +.BR nscd (8) +.\" .SH AUTHOR +.\" .B nscd +.\" was written by Thorsten Kukuk and Ulrich Drepper. |