| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 27 Oct 2008 10:58:43 +0100 From: Max Kellermann <max@...mpel.org> To: Trond Myklebust <trond.myklebust@....uio.no> Cc: linux-kernel@...r.kernel.org, linux-nfs@...r.kernel.org Subject: Re: High load in 2.6.27, NFS / rpcauth_lookup_credcache()? On 2008/10/24 20:09, Trond Myklebust <trond.myklebust@....uio.no> wrote: > OK, could you please describe your environment a bit. Do you have lots > of different users logged in at the same time, or do you perhaps use > newgrp or su to switch uid/gids a lot on your processes? > I'm trying to see if there might be a reason for the lookup in the > credcache being such a heavy duty operation in your setup. It's a web server for shared hosting. The web space is mounted via NFSv3 from a NetApp. There is a huge number of web sites on this cluster. All web sites are owned by the same UID, and the web server runs as a different UID (read-only access). Each time a CGI starts, its uid is changed to the one "owner" UID (similar to mod_suexec, but there's only one UID for all customer accounts). Each time a CGI starts, its chroot (pivot_root) is constructed with several bind mounts (in a separate namespace with CLONE_NEWNS). There are no new users or groups being created. There are only 2 UIDs accessing NFS: the webserver (ro) and CGI (rw). Max -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists