nscd.conf - configuration file for Name Service Caching Daemon
/etc/nscd.conf configures the caches used by nscd(8) as well as some
generic options. nscd(8) is able to use a configuration file at a
different location, when supplied with the -f or --config-file command
The configuration file consists of a set of lines. Empty lines, and
text after a '#' is ignored. All remaining lines denote the setting of
an option. White space before and after options, and between options
and option arguments is ignored.
There are two kinds of options: General options influence nscd(8)'s
general behaviour, while cache related options only affect the
specified cache. Options are set like this:
cache_option cache_name option
Specifies the name of the debug log-file that nscd(8) should use
if debug-level is higher than 0. If this option is not set,
nscd(8) will write its debug output to stderr.
If level is higher than 0, nscd(8) will create some debug
output. The higher the level, the more verbose the output.
This option sets the number of threads that nscd(8) should use
by default. It can be overridden by calling nscd(8) with the -t
or --nthreads argument. If neither this configuration option nor
the command line argument is given, nscd(8) uses 5 threads by
default. The minimum is 3. More threads means more simultaneous
connections that nscd(8) can handle.
Specifies the maximum number of threads to be started.
By default, nscd(8) is run as user root. This option can be set
to force nscd(8) to drop root privileges after startup. It
cannot be used when nscd(8) is called with the -S or --secure
argument. Also note that some services require that nscd run as
root, so using this may break those lookup services.
Specifies the user who is allowed to request statistics.
bool must be one of yes or no. Enabling paranoia mode causes
nscd(8) to restart itself periodically.
Sets the restart interval to time seconds if periodic restart is
enabled by enabling paranoia mode. The default value is 3600.
All cache options take two arguments. The first one denotes the service
or cache the option should affect. Currently service can be one of
passwd, group, or hosts.
enable-cache service bool
bool must be one of yes or no. Each cache is disabled by
default and must be enabled explicitly by setting this options
positive-time-to-live service secs
This is the number of seconds after which a cached entry is
removed from the cache. This defaults to 3600 seconds (i. e.
negative-time-to-live service secs
If an entry is not found by the Name Service, it is added to the
cache and marked as "not existent". This option sets the number
of seconds after which such a not existent entry is removed from
the cache. This defaults to 20 seconds for the password and host
caches and to 60 seconds for the group cache.
suggested-size service prime-number
This option sets the size of the hash that is used to store the
cache entries. As this is a hash, it should be reasonably larger
than the maximum number of entries that is expected to be cached
simultaneously and should be a prime number. It defaults to a
size of 211 entries.
check-files service bool
bool must be one of yes (default) or no. If file checking is
enabled, nscd(8) periodically checks the modification time of
/etc/passwd, /etc/group, or /etc/hosts (for the passwd, group,
and host cache respectively) and invalidates the cache if the
file has changed since the last check.
persistent service bool
bool must be one of yes (default) or no. Keep the content of
the cache for service over nscd(8) restarts. Useful when
paranoia mode is set.
shared service bool
bool must be one of yes (default) or no. The memory mapping of
the nscd(8) databases for service is shared with the clients so
that they can directly search in them instead of having to ask
the daemon over the socket each time a lookup is performed.
Sets the number of times a cached record is reloaded before it
is pruned from the cache. Each cache record has a timeout, when
that timeout expires, nscd(8) will either reload it (query the
NSS service again if the data hasn't changed), or drop it.
max-db-size service number-of-bytes
Sets the maximum allowable size for the service.
auto-propagate service bool
When set to no for passwd or group service, then the .byname
requests are not added to passwd.byuid or group.bygid cache.
This may help for tables containing multiple records for the
# This is a comment.
enable-cache passwd yes
positive-time-to-live passwd 600
negative-time-to-live passwd 20
suggested-size passwd 211
check-files passwd yes
enable-cache group yes
positive-time-to-live group 3600
negative-time-to-live group 60
suggested-size group 211
check-files group yes
enable-cache hosts yes
positive-time-to-live hosts 3600
negative-time-to-live hosts 20
suggested-size hosts 211
check-files hosts yes