Hi Bas, Bas van der Vlies wrote: > First a brief description of our setup: > - +/- 800 nodes installed with debian > - more then 4000 users and each user has its own group > - 2 LDAP servers (master/slave) setup > > > This is what i encountered when cron runs a script. This script is started > on each node and it does an initgroups call. This call have i huge impact > on our LDAP servers. It fetches all the groups and will find out if the > user is a member of the group. This can be useful for all users except > root.
I don't consider this a bug - cron is doing here exactly what it is expected to do. I agree that the call to initgroups() is redundant, but there might actually be (broken?) code relying on this. The heart of this issue is simply performance. Are you using NSS, nscd etc? Other bug reports mentioning performance issues with cron which were related to a specific version of libpam-ldap, so that could be a cause, too. > I can make a patch that is skip this check for root user or we can > add environment variable to /etc/crontab: > SKP_INITGROUPS=root I think this could be achieved much more easily via NSS with the following setting in nsswitch.conf: nss_initgroups_ignoreusers root I don't use NSS, so I cannot vouch for this. But looking at #457200, this approach might even be more beneficial to you than changing cron's source. Please let me know if you disagree with my assessment. Otherwise, I'd like to close this bug. Thanks, Christian
signature.asc
Description: OpenPGP digital signature