Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Cron, sendmail, finger slowdowns & large password files

0 views
Skip to first unread message

Noel Hunter

unread,
Nov 15, 1993, 9:54:52 PM11/15/93
to
After two years of wrnagling with HP over problems which appear to be the
result of our "huge" password file (I never thought 6,000 was that big, but
apparently it is), I have decided to vent my frustration to you. Maybe someone
at HP is listening. Or maybe enough people on the net have had the same
problems, and we can gang up.

Here are the symptoms:

1. Cron takes a LONG time to launch jobs. We're talking 5-10 minutes EACH
time a cron job is spawned. The time increases geometrically as the
user's location in the password file increases. That is, a root (first
entry) cron job starts immediately. User ID 6000 takes 10 minutes.
Needless to say, this makes cron useless for 80-90% or the users, because
if they start up a job say every 15 minutes, the system bogs down until
it crashes.

2. Sendmail verify takes a LONG time whenever it gets a bad username. We're
talking 30 minutes here. HP has actually patched this with a special
sendmail for us, but it seems relevant.

3. Finger fails with "fork failed: no more processes" whenever someone fingers
the machine from a remote site. Local fingers work, UNLESS you are root.
This is my favorite problem, because I think it demonstrates the root of
the problem, which is that the routine getpwent in HP-UX 8 and 9 has a
BAD bug that only comes into full effect when you are on a trusted system
(i.e. /.secure/etc/password exists AND is readable by the process). That's
why I think finger bombs as root.

Anyway, HP had promised to fix all of these problems at HP-UX 9.0, but they
let us down on 1 and 3. In fact, they let us down on 2 as well, in that we
are still using the patched sendmail from HP-UX 8.

It should be obvious that I know only enough Unix to make me dangerous.
I would like to be able to say that I wish no one else has these problems,
but I'll say instead that I hope someone else has figured out how to fix them.

Standard disclaimer applies here: These views are mine alone.

--
* Noel Hunter, Academic Systems Administrator, Wake Forest University *
* no...@wfu.edu TEL:(919) 759-5812 MAIL:PO Box 7408 Winston-Salem, NC 27109 *

Rob Francis

unread,
Nov 15, 1993, 10:22:22 PM11/15/93
to
In article <2c9fds$9...@quad.wfunet.wfu.edu> no...@ac.wfu.edu (Noel Hunter) writes:
>
>2. Sendmail verify takes a LONG time whenever it gets a bad username. We're
> talking 30 minutes here. HP has actually patched this with a special
> sendmail for us, but it seems relevant.

We have this problem too. Around 5000 accounts. Mater of fact,
sendmail takes forever to vrfy, period. Valid username or not.

>3. Finger fails with "fork failed: no more processes" whenever someone fingers
> the machine from a remote site. Local fingers work, UNLESS you are root.
> This is my favorite problem, because I think it demonstrates the root of
> the problem, which is that the routine getpwent in HP-UX 8 and 9 has a
> BAD bug that only comes into full effect when you are on a trusted system
> (i.e. /.secure/etc/password exists AND is readable by the process). That's
> why I think finger bombs as root.

This would go with my working theory as well.

-rob
---
Rob Francis Unix Systems Specialist, University Computing Services
Indiana University, fran...@indiana.edu (812)855-0327

Michael J. Corrigan

unread,
Nov 20, 1993, 4:31:22 AM11/20/93
to corrigan
In article <2c9fds$9...@quad.wfunet.wfu.edu>,

Noel Hunter <no...@ac.wfu.edu> wrote:
>After two years of wrnagling with HP over problems which appear to be the
>result of our "huge" password file (I never thought 6,000 was that big, but
>apparently it is), I have decided to vent my frustration to you. Maybe someone
>at HP is listening. Or maybe enough people on the net have had the same
>problems, and we can gang up.
>
>Here are the symptoms:
>
>1. Cron takes a LONG time to launch jobs. We're talking 5-10 minutes EACH
> time a cron job is spawned. The time increases geometrically as the
> user's location in the password file increases. That is, a root (first
> entry) cron job starts immediately. User ID 6000 takes 10 minutes.
> Needless to say, this makes cron useless for 80-90% or the users, because
> if they start up a job say every 15 minutes, the system bogs down until
> it crashes.

Root cron jobs take 15 seconds on my 8.x 8x7 before the child is spawned.
That's bad. Since I start maybe 4 cron jobs every 5 minutes, that means
20% of the cpu is taken up starting cron jobs - which are themselves
incredibly trivial. I finally combined all 4 jobs into one shell script
and spawn one job that does 4 things.

>
>2. Sendmail verify takes a LONG time whenever it gets a bad username. We're
> talking 30 minutes here. HP has actually patched this with a special
> sendmail for us, but it seems relevant.

That's fairly serious. sendmail v8 takes less than a second to find a bad
username (1000 passwd entries)

>
>3. Finger fails with "fork failed: no more processes" whenever someone fingers
> the machine from a remote site. Local fingers work, UNLESS you are root.
> This is my favorite problem, because I think it demonstrates the root of
> the problem, which is that the routine getpwent in HP-UX 8 and 9 has a
> BAD bug that only comes into full effect when you are on a trusted system
> (i.e. /.secure/etc/password exists AND is readable by the process). That's
> why I think finger bombs as root.
>

finger as root on the 8.0 8x7 with /.secure/etc/passwd does not show this
problem.

Noel Hunter

unread,
Nov 22, 1993, 11:55:14 AM11/22/93
to
: In article <2c9fds$9...@quad.wfunet.wfu.edu>,

: Noel Hunter <no...@ac.wfu.edu> wrote:
: >After two years of wrnagling with HP over problems which appear to be the
: >result of our "huge" password file (I never thought 6,000 was that big, but

HP now tells me that they have a beta versoin of a patch to address the
getpwent performance problems. More to follow... If anyone has tried the
beta patch, could you provide an evaluation?

Wong Siu To

unread,
Nov 29, 1993, 1:34:53 AM11/29/93
to
In <2cqqti$o...@quad.wfunet.wfu.edu> no...@ac.wfu.edu (Noel Hunter) writes:

>: In article <2c9fds$9...@quad.wfunet.wfu.edu>,
>: Noel Hunter <no...@ac.wfu.edu> wrote:
>: >After two years of wrnagling with HP over problems which appear to be the
>: >result of our "huge" password file (I never thought 6,000 was that big, but

>HP now tells me that they have a beta versoin of a patch to address the
>getpwent performance problems. More to follow... If anyone has tried the
>beta patch, could you provide an evaluation?

Would anyone please advise where I can get this "beta" version patch ?

Thanks a lot.

Regards,

--
S.T. Wong | BITNET: A86...@CUCSC.BITNET
Computer Services Centre | Internet: st-...@cuhk.hk
The Chinese University of Hong Kong | Tel. No: (852) 609 8825
Shatin, N.T., Hong Kong | FAX No: (852) 603 5001

0 new messages