nscd is a process that provides a cache for the most common name service requests. It starts up during multi-user boot. The default configuration-file /etc/nscd.conf determines the behavior of the cache daemon. See nscd.conf(4).
nscd provides caching for the passwd(4), group(4), hosts(4), ipnodes(4), exec_attr(4), prof_attr(4), and user_attr(4) databases through standard libc interfaces, such as gethostbyname(3NSL), getipnodebyname(3SOCKET), gethostbyaddr(3NSL), and others. Each cache has a separate time-to-live for its data; modifying the local database (/etc/hosts, /etc/resolv.conf, and so forth) causes that cache to become invalidated upon the next call to nscd. The shadow file is specifically not cached. getspnam(3C) calls remain uncached as a result.
nscd also acts as its own administration tool. If an instance of nscd is already running, commands are passed to the running version transparently.
In order to preserve NIS+ security, the startup script for nscd (/etc/init.d/nscd) checks the permissions on the passwd table if NIS+ is being used. If this table cannot be read by unauthenticated users, then nscd will make sure that any encrypted password information returned from the NIS+ server is supplied only to the owner of that password.
nscd runs at the sensitivity label
ADMIN_LOW. However, it can communicate with DNS name servers at any sensitivity label. It requires the Trusted Path attribute.
Several of the options described below require a cachename specification. Supported values are passwd, group, and hosts.
Causes nscd to read its configuration data from the specified file.
Prints current configuration and statistics to standard output. This is the only option executable by non-root users.
Enables or disables the specified cache.
Invalidate the specified cache.
example# /etc/init.d/nscd stop example# /etc/init.d/nscd start
/etc/nscd.conf determines the behavior of the cache daemon.
See attributes(5) for descriptions of the following attributes:
To invoke nscd requires the Trusted Path attribute, a process sensitivity label of
ADMIN_LOW, and the following privileges:
file_setid. If nscd's
clearance is not
ADMIN_HIGH, it will be set to
The output from the -g option to nscd is subject to change. Do not rely upon it as a programming interface.