diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/system/nscd.nix')
| -rw-r--r-- | nixpkgs/nixos/modules/services/system/nscd.nix | 31 |
1 files changed, 9 insertions, 22 deletions
diff --git a/nixpkgs/nixos/modules/services/system/nscd.nix b/nixpkgs/nixos/modules/services/system/nscd.nix index fd1570d11980..e11f7e049d8f 100644 --- a/nixpkgs/nixos/modules/services/system/nscd.nix +++ b/nixpkgs/nixos/modules/services/system/nscd.nix @@ -39,11 +39,6 @@ in config = mkIf cfg.enable { environment.etc."nscd.conf".text = cfg.config; - users.users.nscd = - { isSystemUser = true; - description = "Name service cache daemon user"; - }; - systemd.services.nscd = { description = "Name Service Cache Daemon"; @@ -51,22 +46,23 @@ in environment = { LD_LIBRARY_PATH = nssModulesPath; }; - preStart = - '' - mkdir -m 0755 -p /run/nscd - rm -f /run/nscd/nscd.pid - mkdir -m 0755 -p /var/db/nscd - ''; - restartTriggers = [ config.environment.etc.hosts.source config.environment.etc."nsswitch.conf".source config.environment.etc."nscd.conf".source ]; + # We use DynamicUser because in default configurations nscd doesn't + # create any files that need to survive restarts. However, in some + # configurations, nscd needs to be started as root; it will drop + # privileges after all the NSS modules have read their configuration + # files. So prefix the ExecStart command with "!" to prevent systemd + # from dropping privileges early. See ExecStart in systemd.service(5). serviceConfig = - { ExecStart = "@${pkgs.glibc.bin}/sbin/nscd nscd"; + { ExecStart = "!@${pkgs.glibc.bin}/sbin/nscd nscd"; Type = "forking"; + DynamicUser = true; + RuntimeDirectory = "nscd"; PIDFile = "/run/nscd/nscd.pid"; Restart = "always"; ExecReload = @@ -75,15 +71,6 @@ in "${pkgs.glibc.bin}/sbin/nscd --invalidate hosts" ]; }; - - # Urgggggh... Nscd forks before opening its socket and writing - # its pid. So wait until it's ready. - postStart = - '' - while ! ${pkgs.glibc.bin}/sbin/nscd -g > /dev/null; do - sleep 0.2 - done - ''; }; }; |