I find interesting the last example with find and ldap queries. I'm not too familiar with ldap, but i do use find frequently. Could you expand on the example and what happens and why it's bad?
Certainly! In this case, they were interested in files that were too permissive.
I don't have a good example of the command, but it was basically looking for 'worldly' permissions that were too open. It's important to note the users/groups could be discarded/ignored.
They were using 'find ... -exec ls -ld {} \;', which does an LDAP lookup on each result to resolve UIDs and GIDs to names.
They could have made the process far more efficient with either the native '-ls' argument built into find, or adding '-n' to the exec'd 'ls'
Either would skip the name resolution/domain. At a certain number of results/files the expense is too high, causing the job to time out
I think correctly configuring nscd should prevent this, ie it should cache some of these name lookups for a period of time. As long as it is properly setup for LDAP to hook into it.
I don't have a good example of the command, but it was basically looking for 'worldly' permissions that were too open. It's important to note the users/groups could be discarded/ignored.
They were using 'find ... -exec ls -ld {} \;', which does an LDAP lookup on each result to resolve UIDs and GIDs to names.
They could have made the process far more efficient with either the native '-ls' argument built into find, or adding '-n' to the exec'd 'ls'
Either would skip the name resolution/domain. At a certain number of results/files the expense is too high, causing the job to time out