From: Kai Schaetzl (maillistsconactive.com)
Date: Thu Jul 21 2005 - 12:14:33 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Holger Diehm iS-Fun Internet Services GmbH wrote on Thu, 21 Jul 2005
13:30:06 +0200:

> Doing it via useradd the system CPU and RAM bloats up.
> cancelling with ctrl-c does not work.
> killing via killal doesnt work too.

I reported a similar problem years ago to Suse. Your strace looks quite a
bit like this. If I remember it right, it were certain programs (most
notably ipop3d) that showed this behavior after the system hit a certain
number of users (70 or so). I don't remember if useradd itself was
behaving the same, but it was the ultimate cause of the problem.
It happens because Suse 9.0 (and later?) adds new users to some groups by
default (audio, video, uucp or so). After a while the line for these
groups in /etc/group gets so long that it doesn't seem to fit in a buffer
used by a library these programs use. They grab more and more memory while
trying to cope with the situation. If you are fast enough you can kill the
process, otherwise the machine ultimately gets killed.
The problem does not occur when nscd is running. In that case these
applications seem to "outsource" the authentication process and thus the
problem is avoided.
Besides using nscd it can also be cured by removing that insanely long
user line from /etc/group and telling useradd to not add users to these
groups automatically (/etc/default/useradd ? or so, I don't remember
exactly).

Kai

--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]