Directory permisions for /var/run/nscd were set to rwx------ where all apps, which try to use nscd cache will fail trying to access /var/run/nscd/socket It causes large timeouts when used with eg. LDAP, because every single access to passwd database leads to network connection to the LDAP server. [ebuild R ] sys-libs/glibc-2.3.5 -build -debug -erandom -hardened (-multilib) +nls -nomalloccheck +nptl +nptlonly +pic +userlocales Reproducible: Always Steps to Reproduce: 1. 2. 3. Additional suggestion: add a check for these permissions in /etc/init.d/nscd and issue a warning if the socket cannot be accessed by unprivileged users.
Hmmm? $ ls -la /var/run/nscd/ total 4 drwxr-xr-x 2 root root 96 Jun 4 16:59 . drwxr-xr-x 7 root root 424 Jun 6 23:20 .. -rw-r--r-- 1 root root 5 Jun 4 16:59 nscd.pid srw-rw-rw- 1 root root 0 Jun 4 16:59 socket
if the dir perms ended up 700 on your machine it's probably not the fault of nscd ... making the init.d script reset permissions is not friendly for those who wish to do so, so the only thing i would accept adding is: if [[ -z ${NSCD_PERMS_OK} && $(stat -c %a /var/run/nscd) != "755" ]] ; then ewarn "nscd run dir is not world readable, you should reset the perms:" ewarn "chmod 755 /var/run/nscd" ewarn "chmod a+rw /var/run/nscd/socket" echo "" ewarn "To disable this warning, set 'NSCD_PERMS_OK' in /etc/conf.d/nscd" fi
added warning
