[OpenAFS] Re: unix owner/group of files in AFS
Thu, 29 Mar 2007 09:45:47 +0200
On Wed, Mar 28, 2007 at 04:54:51PM -0400, Jeffrey Hutzelman wrote:
> On Tuesday, March 20, 2007 08:58:41 PM +0100 FB <firstname.lastname@example.org> wrote:
> >No. The nss-plugin actually returns this:
> >Nobody here uses a shell different from Bash which is why i didn't really
> >cared about make the login shell non-static.
> >>How hard would it be to fake shell info as well, say by creating
> >>shell.zsh, shell.bash, etc PTS groups and putting a pts user in one?
> >Shouldn't be complicated. But maybe it's a better idea to evaluate a file
> >or a symlink in the user's home-volume.
> Something like this intended for heavy use should
> (1) cache results
> (2) not touch users' home directories
> Bear in mind that when you do something like 'ls', your NSS module will be
> called to do an id-to-name lookup for _every file_.
ls is a bad example because it doesn't ask once per file but once per UID
(-> coreutils-idcache) ;-) .
> That can get real
> slow if you don't cacne results or have to go out and look at a user's
> home directory, open files, etc for every lookup. It makes nss_ldap
> pretty much unbearable without nscd. Bear in mind that you cannot tell
> the difference between something like ls that just wants a name, and
> something that needs some other field or the whole entry.
I got your point. However - it's working fine here. We've got ~ 150 linux
PCs here using it without nscd and it was quite an improvement over nss-ldap
which we used before. But I don't want lots of accesses to homedir volumes
either. I'll apply the "preferred-shell-patch-from-homedir"-patch slightly
modified. I.e. it'll be disabled by default.