* Silence the cache invalidation output (Closes: #622230)
* Update to debhelper 9
* Support at least INT_MAX numbers in config (Closes: #676689)
+ * Use saner settings in nscd.conf; thanks to Harald Dunkel (Closes:
+ #702211).
+ * Run unscd as the unscd user instead of root by default
- -- Don Armstrong <don@debian.org> Mon, 21 Oct 2013 16:04:54 -0700
+ -- Don Armstrong <don@debian.org> Mon, 21 Oct 2013 17:02:22 -0700
unscd (0.49-1) unstable; urgency=low
# auto-propagate <service> (ignored)
#
# Currently supported cache names (services): passwd, group, hosts
-#
-# logfile /var/log/nscd.log
-# threads 4
-# max-threads 32
-# server-user nobody
-# stat-user somebody
- debug-level 0
-# reload-count 5
- paranoia no
-# restart-interval 3600
- enable-cache passwd yes
- positive-time-to-live passwd 600
- negative-time-to-live passwd 20
- suggested-size passwd 211
- check-files passwd yes
- persistent passwd yes
- shared passwd yes
- auto-propagate passwd yes
+# logfile /var/log/nscd.log
+# threads 14
+# max-threads 32
+server-user unscd
+debug-level 0
+
+enable-cache passwd yes
+positive-time-to-live passwd 600
+negative-time-to-live passwd 20
+suggested-size passwd 1001
+check-files passwd yes
- enable-cache group yes
- positive-time-to-live group 3600
- negative-time-to-live group 60
- suggested-size group 211
- check-files group yes
- persistent group yes
- shared group yes
- auto-propagate group yes
+enable-cache group yes
+positive-time-to-live group 3600
+negative-time-to-live group 60
+suggested-size group 1001
+check-files group yes
# hosts caching is broken with gethostby* calls, hence is now disabled
-# per default. See /usr/share/doc/nscd/NEWS.Debian.
- enable-cache hosts no
- positive-time-to-live hosts 3600
- negative-time-to-live hosts 20
- suggested-size hosts 211
- check-files hosts yes
- persistent hosts yes
- shared hosts yes
+# by default. Specifically, the caching does not obey DNS TTLs, and
+# thus could lead to problems if the positive-time-to-live is
+# significantly larger than the actual TTL.
+#
+# You should really use a caching nameserver instead of nscd for this
+# sort of request. However, you can easily re-enable this by default.
+enable-cache hosts no
+positive-time-to-live hosts 3600
+negative-time-to-live hosts 20
+suggested-size hosts 1001
+check-files hosts yes
# unscd does not support services caching
--- /dev/null
+set -e
+
+case "$1" in
+ configure)
+ # Create the unscd user
+ if [ -x /usr/sbin/adduser ] && [ -x /usr/bin/getent ] && [ -x /usr/sbin/addgroup ]; then
+ if ! getent group unscd >/dev/null 2>&1; then
+ addgroup --system unscd;
+ fi;
+ if ! id -u unscd >/dev/null 2>&1; then
+ adduser --quiet --system --ingroup unscd --no-create-home --home /var/lib/unscd unscd;
+ fi;
+ fi;
+ ;;
+ *)
+ # do nothing
+ ;;
+esac
+
+###DEBHELPER###
+
+exit 0;
projects / unscd.git / commitdiff