[OpenAFS] Re: unix owner/group of files in AFS
FB
fbo2@gmx.net
Thu, 29 Mar 2007 09:45:47 +0200
Hi,
On Wed, Mar 28, 2007 at 04:54:51PM -0400, Jeffrey Hutzelman wrote:
>
>
> On Tuesday, March 20, 2007 08:58:41 PM +0100 FB <fbo2@gmx.net> wrote:
>
> >No. The nss-plugin actually returns this:
> >
> >('frank','x',1000,65534,'frank','/afs/alpha/user/frank','/bin/bash')
> >
> >Nobody here uses a shell different from Bash which is why i didn't really
> >cared about make the login shell non-static.
> >
> >>How hard would it be to fake shell info as well, say by creating
> >>shell.zsh, shell.bash, etc PTS groups and putting a pts user in one?
> >
> >Shouldn't be complicated. But maybe it's a better idea to evaluate a file
> >or a symlink in the user's home-volume.
>
> Something like this intended for heavy use should
>
> (1) cache results
> (2) not touch users' home directories
>
> Bear in mind that when you do something like 'ls', your NSS module will be
> called to do an id-to-name lookup for _every file_.
ls is a bad example because it doesn't ask once per file but once per UID
(-> coreutils-idcache) ;-) .
> That can get real
> slow if you don't cacne results or have to go out and look at a user's
> home directory, open files, etc for every lookup. It makes nss_ldap
> pretty much unbearable without nscd. Bear in mind that you cannot tell
> the difference between something like ls that just wants a name, and
> something that needs some other field or the whole entry.
I got your point. However - it's working fine here. We've got ~ 150 linux
PCs here using it without nscd and it was quite an improvement over nss-ldap
which we used before. But I don't want lots of accesses to homedir volumes
either. I'll apply the "preferred-shell-patch-from-homedir"-patch slightly
modified. I.e. it'll be disabled by default.
Regards,
Frank