Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: Multi-Minute Startup?



On Thu, Aug 7, 2008 at 5:28 PM, Benjamin R. Haskell <zsh@xxxxxxxxxx> wrote:

> On Thu, 7 Aug 2008, Aaron Davies wrote:
>
>> Looking at compaudit itself, it looks like it's still running "getent
>> group".
>
> Looking at compaudit more closely leads me to think something might be awry
> with your environment variables (either LOGNAME or EGID). On my system
> (Gentoo w/Zsh 4.3.4), the parts of compaudit germane to getent are:
>
>
> ===============================
> [[ -x /usr/bin/getent ]] || getent() {
>  if [[ $2 = <-> ]]; then
>    grep ":$2:[^:]*$" /etc/$1
>  else
>    grep "^$2:" /etc/$1
>  fi
> }
>
> # ... trimmed
>
> # RedHat Linux "per-user groups" check.  This is tricky, because it's very
> # difficult to tell whether the sysadmin has put someone else into your
> # "private" group (e.g., via the default group field in /etc/passwd, or
> # by NFS group sharing with an untrustworthy machine).  So we must assume
> # that this has not happened, and pick the best group.
>
> local GROUP GROUPMEM _i_pw _i_gid _i_ulwdirs
> if ((UID == EUID )); then
>  getent group $LOGNAME | IFS=: read GROUP _i_pw _i_gid GROUPMEM
> else
>  getent group $EGID | IFS=: read GROUP _i_pw _i_gid GROUPMEM
> fi
> ===============================
>
> Is getent installed in /usr/bin on that machine? If not, maybe it's doing a
> grep over a large, generated file? (Three minutes seems excessive, though.)

getent is definitely present, and anyway, /etc/passwd and /etc/group
are tiny stub files on this box--no more than 50 lines each.

> If getent is there, maybe LOGNAME or EGID (whichever path is appropriate) is
> unset. So, instead of (w/ a username of 'aaron'):

LOGNAME appears to be set correctly (adavies).

> getent group aaron | IFS=: read GROUP _i_pw _i_gid GROUPMEM
> (finding a specific group's members, which should be fast, even over a long
> distance -- otherwise many common operations would be annoyingly slow)
>
> it becomes:
>
> getent group | IFS=: read GROUP _i_pw _i_gid GROUPMEM
> (which should be slow, since you're reading all 10,000 groups)
>
>
> Can you find the specific invocation of getent that's slow for you?

The code in my compaudit is

===============================
# RedHat Linux "per-user groups" check.  This is tricky, because it's very
# difficult to tell whether the sysadmin has put someone else into your
# "private" group (e.g., via the default group field in /etc/passwd, or
# by NFS group sharing with an untrustworthy machine).  So we must assume
# that this has not happened, and pick the best group.

local GROUP GROUPMEM _i_pw _i_gid _i_ulwdirs
while IFS=: read GROUP _i_pw _i_gid GROUPMEM; do
  if (( UID == EUID )); then
    [[ $GROUP == $LOGNAME ]] && break
  else
    (( _i_gid == EGID )) && break       # Somewhat arbitrary
  fi
done <<(getent group)
===============================

which looks to me like it *will* get all groups.

FWIW, "getent group" returns 773 lines and takes about 3.5 minutes to run.
-- 
Aaron Davies
aaron.davies@xxxxxxxxx



Messages sorted by: Reverse Date, Date, Thread, Author