From 196f930e9acf0652209d3454da8d6597061f71dd Mon Sep 17 00:00:00 2001 From: Don Armstrong Date: Mon, 21 Oct 2013 17:03:15 -0700 Subject: [PATCH] * Use saner settings in nscd.conf; thanks to Harald Dunkel (Closes: #702211). * Run unscd as the unscd user instead of root by default --- debian/changelog | 5 +++- debian/nscd.conf | 61 +++++++++++++++++++------------------------ debian/unscd.postinst | 22 ++++++++++++++++ 3 files changed, 53 insertions(+), 35 deletions(-) create mode 100644 debian/unscd.postinst diff --git a/debian/changelog b/debian/changelog index c305333..da3313e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,8 +4,11 @@ unscd (0.51-1) unstable; urgency=low * Silence the cache invalidation output (Closes: #622230) * Update to debhelper 9 * Support at least INT_MAX numbers in config (Closes: #676689) + * Use saner settings in nscd.conf; thanks to Harald Dunkel (Closes: + #702211). + * Run unscd as the unscd user instead of root by default - -- Don Armstrong Mon, 21 Oct 2013 16:04:54 -0700 + -- Don Armstrong Mon, 21 Oct 2013 17:02:22 -0700 unscd (0.49-1) unstable; urgency=low diff --git a/debian/nscd.conf b/debian/nscd.conf index aa35af9..fe77d05 100644 --- a/debian/nscd.conf +++ b/debian/nscd.conf @@ -28,45 +28,38 @@ # auto-propagate (ignored) # # Currently supported cache names (services): passwd, group, hosts -# -# logfile /var/log/nscd.log -# threads 4 -# max-threads 32 -# server-user nobody -# stat-user somebody - debug-level 0 -# reload-count 5 - paranoia no -# restart-interval 3600 - enable-cache passwd yes - positive-time-to-live passwd 600 - negative-time-to-live passwd 20 - suggested-size passwd 211 - check-files passwd yes - persistent passwd yes - shared passwd yes - auto-propagate passwd yes +# logfile /var/log/nscd.log +# threads 14 +# max-threads 32 +server-user unscd +debug-level 0 + +enable-cache passwd yes +positive-time-to-live passwd 600 +negative-time-to-live passwd 20 +suggested-size passwd 1001 +check-files passwd yes - enable-cache group yes - positive-time-to-live group 3600 - negative-time-to-live group 60 - suggested-size group 211 - check-files group yes - persistent group yes - shared group yes - auto-propagate group yes +enable-cache group yes +positive-time-to-live group 3600 +negative-time-to-live group 60 +suggested-size group 1001 +check-files group yes # hosts caching is broken with gethostby* calls, hence is now disabled -# per default. See /usr/share/doc/nscd/NEWS.Debian. - enable-cache hosts no - positive-time-to-live hosts 3600 - negative-time-to-live hosts 20 - suggested-size hosts 211 - check-files hosts yes - persistent hosts yes - shared hosts yes +# by default. Specifically, the caching does not obey DNS TTLs, and +# thus could lead to problems if the positive-time-to-live is +# significantly larger than the actual TTL. +# +# You should really use a caching nameserver instead of nscd for this +# sort of request. However, you can easily re-enable this by default. +enable-cache hosts no +positive-time-to-live hosts 3600 +negative-time-to-live hosts 20 +suggested-size hosts 1001 +check-files hosts yes # unscd does not support services caching diff --git a/debian/unscd.postinst b/debian/unscd.postinst new file mode 100644 index 0000000..6340bc0 --- /dev/null +++ b/debian/unscd.postinst @@ -0,0 +1,22 @@ +set -e + +case "$1" in + configure) + # Create the unscd user + if [ -x /usr/sbin/adduser ] && [ -x /usr/bin/getent ] && [ -x /usr/sbin/addgroup ]; then + if ! getent group unscd >/dev/null 2>&1; then + addgroup --system unscd; + fi; + if ! id -u unscd >/dev/null 2>&1; then + adduser --quiet --system --ingroup unscd --no-create-home --home /var/lib/unscd unscd; + fi; + fi; + ;; + *) + # do nothing + ;; +esac + +###DEBHELPER### + +exit 0; -- 2.39.2