Hi Bas, Bas van der Vlies wrote: > First a brief description of our setup: > - +/- 800 nodes installed with debian > - more then 4000 users and each user has its own group > - 2 LDAP servers (master/slave) setup > > > This is what i encountered when cron runs a script. This script is started > on each node and it does an initgroups call. This call have i huge impact > on our LDAP servers. It fetches all the groups and will find out if the > user is a member of the group. This can be useful for all users except > root.
I don't consider this a bug - cron is doing here exactly what it is
expected to do. I agree that the call to initgroups() is redundant, but
there might actually be (broken?) code relying on this.
The heart of this issue is simply performance. Are you using NSS, nscd
etc? Other bug reports mentioning performance issues with cron which
were related to a specific version of libpam-ldap, so that could be a
cause, too.
> I can make a patch that is skip this check for root user or we can
> add environment variable to /etc/crontab:
> SKP_INITGROUPS=root
I think this could be achieved much more easily via NSS with the
following setting in nsswitch.conf:
nss_initgroups_ignoreusers root
I don't use NSS, so I cannot vouch for this. But looking at #457200,
this approach might even be more beneficial to you than changing cron's
source.
Please let me know if you disagree with my assessment. Otherwise, I'd
like to close this bug.
Thanks,
Christian
signature.asc
Description: OpenPGP digital signature
