current-users: Re: pwd_mkdb - Lets do this differently!

Subject: Re: pwd_mkdb - Lets do this differently!
To: Stephen M Jones <smj@cirr.com>
From: Ignatios Souvatzis <is@netbsd.org>
List: current-users
Date: 08/09/2001 08:54:02
On Wed, Aug 08, 2001 at 09:54:08PM -0500, Stephen M Jones wrote:
> 
> Hi.  In 1996 I wanted to move from running 3b2 SysVr3 systems to PeeCees
> running NetBSD .  One machine has since run NetBSD because it only has
> about 20 accounts on it.  However, for another machine I was trying
> to move about 10,000 user accounts and found that the BSD pwd.db/spwd.db
> concepts were really not practical with a frequently frobbed passwd file.
> 
> So, I went with leenox*.  (said with a Skane accent and vodka on the breath)
> 
> Then and now I read rants on various BSD list archives about how 'pwd_mkdb'
> bites the bag.  I think we need to take a different approach (I want to get
> away from leenox and I'm determined to not turn back).
> 
> I don't think this is a question of tweaking or optimising 'pwd_mkdb' 
> but rather a NEW method of dealing with a password file.  I realise 
> this will take work and I know a few old hackers eyebrows are raising.
> 
> But, can pwd_mkdb really be optimised?
> 
> I'll bore you with statistics for a moment.
> 
> I've got 29,365 accounts converted from a passwd/shadow setup.  To 
> do something as simple as changing a passwd requires for pwd.db and
> spwd.db to be rebuilt.  These files are roughly 12mb each using a
> stock pwd_mkdb and take about 5 minutes to build total on a Dec ALPHA
> 533mhz 5305 w/ 1024mb of RAM.
> 
> I was frobbing assignments in 'HASHINFO' hoping to get some speed ups.
> I found that by increasing 'nelem' between 1024-2048 (from 256) and
> keeping ffactor relatively small 128 (from 32) I could get a passwd
> change done in about 4 minutes with the pwd.db and spwd.db files 
> 2mb smaller (about 10mb each).
> 
> Now for some other statistics.  Since August 1st (its now August 8th)
> one production leenox system has seen 12,270 changes to passwd/shadow ..
> these changes come from userdel, useradd, usermod, chfn, chsh and passwd.
> being that there are only 1440 minutes in a day, it would take about
> 8.52 days to complete these 12,270 changes (and thats just in theory,
> if they were happening all sequentially). 
> 
> bulk updates to the passwd file are out of the question.
> 
> Some thoughts .. btree versus hash? or, why not just get rid of dbs??
> Have you ever watched /etc while the passwd files are being rebuilt?
> Its just a nest for race conditions.  I've had a few test users on 
> and from:

etc...

Some years ago, somebody mentioned he wanted to make incremental update
programs/library calls for passwd handling. E.g., useradd would only add
one record to passwd as well as the .db, making the update much faster.

It should not be necessary to rebuild the passwd databases on each small
change.

With proper write locking in place, this should be enough to make you happy.

"Somebody", could you please speak up?

Regards,
	Ignatios