On Thu, Dec 16, 2010 at 03:00:39PM -0500, Wietse Venema wrote: > Dave Brodin: > > Many thanks to Scott Lambert for what I believe to be the solution > > to my load problem. It was nsswitch.conf which still had all its > > default settings when I began this troubleshooting. I had changed > > all the entries from nis to files when he mentioned it a few days > > ago. But he then suggested changing the compat setting for group > > and passwd to files also. > > > > So it now looks like: > > > > group: files > > group_files: nis > > hosts: files dns > > networks: files > > passwd: compat > > passwd_files: nis > > shells: files > > services: files > > services_files: nis > > protocols: files > > rpc: files > > OK, before less-informed people start to spread urban legends, I did > all the measurements with the default nsswitch.conf file (see below) > which contains the exact same entries that were making your system > crawl. > > So, while Postfix is now performing better for you, I am less > convinced that everything is kosher, unless someone can explain to why > the default nsswitch.conf was no good for your particular system (or > why it was burning up 98% CPU in kernel mode).
This is not postfix specific. Just in case anyone was inferring that. It has to do with the number of entries in the password file. I do not remember the details for why, but with thousands of users in the password file anything that maps usernames to uids gets slow with passwd and group set to compat. The first time I saw the problem was with ls -l in /home on a machine with thousands of users. It took minutes. ls -ln completed as quickly as the pty could display the output. I do not have that issue on my cyrus-imapd box which has 20 users in the password file, but eight thousand e-mail accounts/mailboxes in Cyrus with Cyrus SASL and Postfix using MySQL storage for the mailbox lookups/authentication data. Running ncsd may also mitigate the issue. I have not tried that. I was happy to eliminate the latency without running an additional daemon. I do not understand why the default "compat" option, which seems to be designed to mimic pre-nsswitch behaviour, is slower than the "files" option. -- Scott Lambert KC5MLE Unix SysAdmin lamb...@lambertfam.org
