diff options
| author | Arian van Putten <aeroboy94@gmail.com> | 2018-11-14 13:03:13 +0100 |
|---|---|---|
| committer | Arian van Putten <aeroboy94@gmail.com> | 2018-12-12 15:35:40 +0100 |
| commit | 335b41b3fbf1191e9310dc2717a68df2b0759b76 (patch) | |
| tree | f6310ae461356b32a2cbcd474982c1a82d5e5733 /nixos/doc | |
| parent | 99d32799520366422b169438cd990fb133d847d4 (diff) | |
| download | nixlib-335b41b3fbf1191e9310dc2717a68df2b0759b76.tar nixlib-335b41b3fbf1191e9310dc2717a68df2b0759b76.tar.gz nixlib-335b41b3fbf1191e9310dc2717a68df2b0759b76.tar.bz2 nixlib-335b41b3fbf1191e9310dc2717a68df2b0759b76.tar.lz nixlib-335b41b3fbf1191e9310dc2717a68df2b0759b76.tar.xz nixlib-335b41b3fbf1191e9310dc2717a68df2b0759b76.tar.zst nixlib-335b41b3fbf1191e9310dc2717a68df2b0759b76.zip | |
nixos/nscd: Add release note entry about nscd changes
Diffstat (limited to 'nixos/doc')
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-1903.xml | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1903.xml b/nixos/doc/manual/release-notes/rl-1903.xml index bade93c0984e..975c566411c0 100644 --- a/nixos/doc/manual/release-notes/rl-1903.xml +++ b/nixos/doc/manual/release-notes/rl-1903.xml @@ -247,6 +247,66 @@ </listitem> <listitem> <para> + The <literal>nscd</literal> now disables all caching of + <literal>passwd</literal> and <literal>group</literal> databases by + default. This was interferring with the correct functioning of the + <literal>libnss_systemd.so</literal> module which is used by + <literal>systemd</literal> to manage uids and usernames in the presence + of <literal>DynamicUser=</literal> in systemd services. + The was already the default behaviour in presence of + <literal>services.sssd.enable = true</literal> because nscd caching + would interfere sssd in unpredictable ways as well.Because we're using nscd + not for caching, but for convincing glibc to find NSS modules in the + nix store instead of an absolute path, we have decided to disable + caching globally now, as it's usually not the behaviour the user wants + and can lead to surprising behaviour. + Furthermore, negative caching of host lookups is also disabled now by + default. This should fix the issue of dns lookups failing in the + presence of an unreliable network. + </para> + <para> + If the old behaviour is desired, this can be restored by setting + the <literal>services.nscd.config</literal> option + with the desired caching parameters. + <programlisting> + services.nscd.config = + '' + server-user nscd + threads 1 + paranoia no + debug-level 0 + + enable-cache passwd yes + positive-time-to-live passwd 600 + negative-time-to-live passwd 20 + suggested-size passwd 211 + check-files passwd yes + persistent passwd no + shared passwd yes + + enable-cache group yes + positive-time-to-live group 3600 + negative-time-to-live group 60 + suggested-size group 211 + check-files group yes + persistent group no + shared group yes + + enable-cache hosts yes + positive-time-to-live hosts 600 + negative-time-to-live hosts 5 + suggested-size hosts 211 + check-files hosts yes + persistent hosts no + shared hosts yes + ''; + </programlisting> + See <link xlink:href="https://github.com/NixOS/nixpkgs/pull/50316">#50316</link> + for details. + </para> + </listitem> + <listitem> + <para> GitLab Shell previously used the nix store paths for the <literal>gitlab-shell</literal> command in its <literal>authorized_keys</literal> file, which might stop working after |