users: Don't cache NSS user indentity information
nscd daemon caches queries made to NSS via glibc. In our case queries to passwd and group databases are cached. But this leads to many problems.
See: !2520 (closed)
The bug that this MR fixes, that is, the inaccuracy of the authentication data, is horrible and only acceptable if the caching provides very important functionality. Already, having to purge nscd caches after modifying user accounts is not nice.
I believe that we have encountered this bug before and blamed libpam-abl due to the time sensitive nature of the problem.
nscd itself recommends that it should be used if NSS lookup are expensive (such as in case of NIS, NIS+ queries according to /etc/init.d/nscd). In case of FreedomBox, LDAP queries are unlikely to be made using network. LDAP server is likely always local. I believe we can safely remove nscd by masking and stopping nscd.service and unscd.service.
Tests:
-
After applying the patches, users app setup is re-run. Service nscd is stopped and masked. unscd is also masked.
-
Running 'id tester' shows expected value 'uid=10001(tester) gid=100(users) groups=100(users),10002(admin)'.
-
Adding, removing, renaming a user immediately reflects in 'id '.
-
Adding and removing a user from groups immediately reflects in 'id '.
Signed-off-by: Sunil Mohan Adapa sunil@medhas.org