Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
comp.unix.solaris
Message from discussion Why does initgroups() do yp_all() instead of yp_match()?

View parsed - Show only message text

Path: supernews.google.com!sn-xit-02!supernews.com!isdnet!newsfeeds.belnet.be!news.belnet.be!btnet-peer1!btnet-feed5!btnet!carbon.eu.sun.com!new-usenet.uk.sun.com!not-for-mail
From: Casper....@Holland.Sun.Com (Casper H.S. Dik - Network Security Engineer)
Newsgroups: comp.unix.solaris
Subject: Re: Why does initgroups() do yp_all() instead of yp_match()?
Date: 25 Jan 2001 09:44:58 GMT
Organization: Sun Microsystems, Netherlands
Lines: 36
Message-ID: <94osiq$ebp$1@new-usenet.uk.sun.com>
References: <94o3bt$d56$1@canopus.cc.umanitoba.ca>
NNTP-Posting-Host: room101.holland.sun.com
X-Trace: new-usenet.uk.sun.com 980415898 14713 129.159.201.52 (25 Jan 2001 09:44:58 GMT)
X-Complaints-To: usenet@new-usenet.uk.sun.com
NNTP-Posting-Date: 25 Jan 2001 09:44:58 GMT
Mail-Copies-To: never

[[ PLEASE DON'T SEND ME EMAIL COPIES OF POSTINGS ]]

mi...@cc.umanitoba.ca (Gary Mills) writes:

>Does anyone know why, on Solaris, the initgroups() library function
>reads the entire NIS group.byname map, instead of looking up the
>information for the one specific user?  I'm using NIS as an example
>here, but the same thing would apply to other network databases, such
>as NIS+ or LDAP.  initgroups() appears to enumerate the entire
>group.byname with yp_all().  Surely, there are other NIS maps that
>can return the group list for a specific user with a single yp_match()
>call.  Is there a reason why initgroups() doesn't do this?

WHich map would that be?   By default, there isn't on except the
netid nismap which often isn't kept or not kept uptodate.

>I noticed this problem because we have a cron command that runs every
>five minutes on all of our workstations.  They are synchronized with
>NTP, so the cron commands all start at exactly the same instant.
>cron does an initgroups() before it runs each command, so we have a
>sudden large number of TCP RPC requests to the NIS server, all
>to read the group.byname map.  There are so many that ypserv
>momentarily runs out of file descriptors.  Staggering the times of
>the cron commands will fix the problem, but overall performance would
>certainly be better if initgroups() didn't behave that way.

I think there is or will be a method to enable netid searches, but
it isn't available everywhere (ther eare point patches for older 
releases)

Casper
--
Expressed in this posting are my opinions.  They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google