1 .\" Copyright (c) 1999, 2000 SuSE GmbH Nuernberg, Germany
2 .\" Author: Thorsten Kukuk <kukuk@suse.de>
3 .\" Updates: Greg Banks <gbanks@linkedin.com> Copyright (c) 2021 Microsoft Corp.
5 .\" SPDX-License-Identifier: GPL-2.0-or-later
7 .TH NSCD.CONF 5 2020-12-21 "Linux man-pages (unreleased)"
9 nscd.conf \- name service cache daemon configuration file
16 Each line specifies either an attribute and a value, or an
17 attribute, service, and a value.
18 Fields are separated either by SPACE
20 A \(aq#\(aq (number sign) indicates the beginning of a
21 comment; following characters, up to the end of the line,
22 are not interpreted by nscd.
24 Valid services are \fIpasswd\fP, \fIgroup\fP, \fIhosts\fP, \fIservices\fP,
30 Specifies name of the file to which debug info should be written.
36 Sets the desired debug level.
38 1 shows general debug info.
39 2 additionally shows data in cache dumps.
40 3 (and above) shows all debug info.
47 This is the initial number of threads that are started to wait for
49 At least five threads will always be created.
50 The number of threads may increase dynamically up to
52 in response to demand from clients,
59 Specifies the maximum number of threads.
66 If this option is set, nscd will run as this user and not as root.
67 If a separate cache for every user is used (\-S parameter), this
74 Specifies the user who is allowed to request statistics.
81 Sets a limit on the number of times a cached entry
82 gets reloaded without being used
83 before it gets removed.
84 The limit can take values ranging from 0 to 254;
85 values 255 or higher behave the same as
87 Limit values can be specified in either decimal
88 or hexadecimal with a "0x" prefix.
92 The default limit is 5.
93 A limit of 0 turns off the reloading feature.
94 See NOTES below for further discussion of reloading.
100 Enabling paranoia mode causes nscd to restart itself periodically.
107 Sets the restart interval to
110 if periodic restart is enabled by enabling
120 Enables or disables the specified
126 .B positive\-time\-to\-live
130 Sets the TTL (time-to-live) for positive entries (successful queries)
131 in the specified cache for
135 Larger values increase cache hit rates and reduce mean
136 response times, but increase problems with cache coherence.
137 Note that for some name services (including specifically DNS)
138 the TTL returned from the name service is used and
139 this attribute is ignored.
142 .B negative\-time\-to\-live
146 Sets the TTL (time-to-live) for negative entries (unsuccessful queries)
147 in the specified cache for
151 Can result in significant performance improvements if there
152 are several files owned by UIDs (user IDs) not in system databases (for
153 example untarring the Linux kernel sources as root); should be kept small
154 to reduce cache coherency problems.
161 This is the internal hash table size,
163 should remain a prime number for optimum efficiency.
171 Enables or disables checking the file belonging to the specified
178 .IR /etc/resolv.conf ,
189 Keep the content of the cache for
191 over server restarts; useful when
201 The memory mapping of the nscd databases for
203 is shared with the clients so
204 that they can directly search in them instead of having to ask the
205 daemon over the socket each time a lookup is performed.
207 Note that a cache miss will still result in
208 asking the daemon over the socket.
215 The maximum allowable size, in bytes, of the database files for the
217 The default is 33554432.
232 requests are not added to
237 This can help with tables containing multiple records for the same ID.
239 This option is valid only for services
245 The default values stated in this manual page originate
246 from the source code of
248 and are used if not overridden in the configuration file.
249 The default values used in the configuration file of
250 your distribution might differ.
253 has a feature called reloading,
254 whose behavior can be surprising.
256 Reloading is enabled when the
258 attribute has a non-zero value.
259 The default value in the source code enables reloading,
260 although your distribution may differ.
262 When reloading is enabled,
263 positive cached entries (the results of successful queries)
264 do not simply expire when their TTL is up.
265 Instead, at the expiry time,
269 re-issue to the name service the same query that created the cached entry,
270 to get a new value to cache.
272 .I /etc/nsswitch.conf
273 this may mean that a DNS, LDAP, or NIS request is made.
274 If the new query is successful,
275 reloading will repeat when the new value would expire,
278 reloads have happened for the entry,
279 and only then will it actually be removed from the cache.
280 A request from a client which hits the entry will
281 reset the reload counter on the entry.
282 Purging the cache using
284 overrides the reload logic and removes the entry.
286 Reloading has the effect of extending cache entry TTLs
287 without compromising on cache coherency,
288 at the cost of additional load on the backing name service.
289 Whether this is a good idea on your system depends on
290 details of your applications' behavior,
292 and the effective TTL values of your cache entries.
293 Note that for some name services
295 the effective TTL is the value returned from the name service and
298 .B positive\-time\-to\-live
301 Please consider the following advice carefully:
303 If your application will make a second request for the same name,
304 after more than 1 TTL but before
307 and is sensitive to the latency of a cache miss,
308 then reloading may be a good idea for you.
310 If your name service is configured to return very short TTLs,
311 and your applications only make requests rarely under normal circumstances,
312 then reloading may result in additional load on your backing name service
313 without any benefit to applications,
314 which is probably a bad idea for you.
316 If your name service capacity is limited,
317 reloading may have the surprising effect of
318 increasing load on your name service instead of reducing it,
319 and may be a bad idea for you.
325 is almost never a good idea,
326 as it will result in a cache that never expires entries
327 and puts never-ending additional load on the backing name service.
329 Some distributions have an init script for
336 That use of the word "reload" is entirely different
337 from the "reloading" described here.
342 .\" was written by Thorsten Kukuk and Ulrich Drepper.