1nscd.conf(5) File Formats Manual nscd.conf(5)
2
3
4
6 nscd.conf - name service cache daemon configuration file
7
9 The file /etc/nscd.conf is read from nscd(8) at startup. Each line
10 specifies either an attribute and a value, or an attribute, service,
11 and a value. Fields are separated either by SPACE or TAB characters.
12 A '#' (number sign) indicates the beginning of a comment; following
13 characters, up to the end of the line, are not interpreted by nscd.
14
15 Valid services are passwd, group, hosts, services, or netgroup.
16
17 logfile debug-file-name
18 Specifies name of the file to which debug info should be writ‐
19 ten.
20
21 debug-level value
22 Sets the desired debug level. 0 hides debug info. 1 shows gen‐
23 eral debug info. 2 additionally shows data in cache dumps. 3
24 (and above) shows all debug info. The default is 0.
25
26 threads number
27 This is the initial number of threads that are started to wait
28 for requests. At least five threads will always be created.
29 The number of threads may increase dynamically up to max-threads
30 in response to demand from clients, but never decreases.
31
32 max-threads number
33 Specifies the maximum number of threads. The default is 32.
34
35 server-user user
36 If this option is set, nscd will run as this user and not as
37 root. If a separate cache for every user is used (-S parame‐
38 ter), this option is ignored.
39
40 stat-user user
41 Specifies the user who is allowed to request statistics.
42
43 reload-count unlimited | number
44 Sets a limit on the number of times a cached entry gets reloaded
45 without being used before it gets removed. The limit can take
46 values ranging from 0 to 254; values 255 or higher behave the
47 same as unlimited. Limit values can be specified in either dec‐
48 imal or hexadecimal with a "0x" prefix. The special value un‐
49 limited is case-insensitive. The default limit is 5. A limit
50 of 0 turns off the reloading feature. See NOTES below for fur‐
51 ther discussion of reloading.
52
53 paranoia <yes|no>
54 Enabling paranoia mode causes nscd to restart itself periodi‐
55 cally. The default is no.
56
57 restart-interval time
58 Sets the restart interval to time seconds if periodic restart is
59 enabled by enabling paranoia mode. The default is 3600.
60
61 enable-cache service <yes|no>
62 Enables or disables the specified service cache. The default is
63 no.
64
65 positive-time-to-live service value
66 Sets the TTL (time-to-live) for positive entries (successful
67 queries) in the specified cache for service. Value is in sec‐
68 onds. Larger values increase cache hit rates and reduce mean
69 response times, but increase problems with cache coherence.
70 Note that for some name services (including specifically DNS)
71 the TTL returned from the name service is used and this attri‐
72 bute is ignored.
73
74 negative-time-to-live service value
75 Sets the TTL (time-to-live) for negative entries (unsuccessful
76 queries) in the specified cache for service. Value is in sec‐
77 onds. Can result in significant performance improvements if
78 there are several files owned by UIDs (user IDs) not in system
79 databases (for example untarring the Linux kernel sources as
80 root); should be kept small to reduce cache coherency problems.
81
82 suggested-size service value
83 This is the internal hash table size, value should remain a
84 prime number for optimum efficiency. The default is 211.
85
86 check-files service <yes|no>
87 Enables or disables checking the file belonging to the specified
88 service for changes. The files are /etc/passwd, /etc/group,
89 /etc/hosts, /etc/resolv.conf, /etc/services, and /etc/netgroup.
90 The default is yes.
91
92 persistent service <yes|no>
93 Keep the content of the cache for service over server restarts;
94 useful when paranoia mode is set. The default is no.
95
96 shared service <yes|no>
97 The memory mapping of the nscd databases for service is shared
98 with the clients so that they can directly search in them in‐
99 stead of having to ask the daemon over the socket each time a
100 lookup is performed. The default is no. Note that a cache miss
101 will still result in asking the daemon over the socket.
102
103 max-db-size service bytes
104 The maximum allowable size, in bytes, of the database files for
105 the service. The default is 33554432.
106
107 auto-propagate service <yes|no>
108 When set to no for passwd or group service, then the .byname re‐
109 quests are not added to passwd.byuid or group.bygid cache. This
110 can help with tables containing multiple records for the same
111 ID. The default is yes. This option is valid only for services
112 passwd and group.
113
115 The default values stated in this manual page originate from the source
116 code of nscd(8) and are used if not overridden in the configuration
117 file. The default values used in the configuration file of your dis‐
118 tribution might differ.
119
120 Reloading
121 nscd(8) has a feature called reloading, whose behavior can be surpris‐
122 ing.
123
124 Reloading is enabled when the reload-count attribute has a non-zero
125 value. The default value in the source code enables reloading, al‐
126 though your distribution may differ.
127
128 When reloading is enabled, positive cached entries (the results of suc‐
129 cessful queries) do not simply expire when their TTL is up. Instead,
130 at the expiry time, nscd will "reload", i.e., re-issue to the name ser‐
131 vice the same query that created the cached entry, to get a new value
132 to cache. Depending on /etc/nsswitch.conf this may mean that a DNS,
133 LDAP, or NIS request is made. If the new query is successful, reload‐
134 ing will repeat when the new value would expire, until reload-count
135 reloads have happened for the entry, and only then will it actually be
136 removed from the cache. A request from a client which hits the entry
137 will reset the reload counter on the entry. Purging the cache using
138 nscd -i overrides the reload logic and removes the entry.
139
140 Reloading has the effect of extending cache entry TTLs without compro‐
141 mising on cache coherency, at the cost of additional load on the back‐
142 ing name service. Whether this is a good idea on your system depends
143 on details of your applications' behavior, your name service, and the
144 effective TTL values of your cache entries. Note that for some name
145 services (for example, DNS), the effective TTL is the value returned
146 from the name service and not the value of the positive-time-to-live
147 attribute.
148
149 Please consider the following advice carefully:
150
151 • If your application will make a second request for the same name,
152 after more than 1 TTL but before reload-count TTLs, and is sensitive
153 to the latency of a cache miss, then reloading may be a good idea
154 for you.
155
156 • If your name service is configured to return very short TTLs, and
157 your applications only make requests rarely under normal circum‐
158 stances, then reloading may result in additional load on your back‐
159 ing name service without any benefit to applications, which is prob‐
160 ably a bad idea for you.
161
162 • If your name service capacity is limited, reloading may have the
163 surprising effect of increasing load on your name service instead of
164 reducing it, and may be a bad idea for you.
165
166 • Setting reload-count to unlimited is almost never a good idea, as it
167 will result in a cache that never expires entries and puts never-
168 ending additional load on the backing name service.
169
170 Some distributions have an init script for nscd(8) with a reload com‐
171 mand which uses nscd -i to purge the cache. That use of the word
172 "reload" is entirely different from the "reloading" described here.
173
175 nscd(8)
176
177
178
179Linux man-pages 6.04 2023-02-05 nscd.conf(5)