Go to main content

man pages section 8: System Administration Commands

Exit Print View

Updated: Wednesday, July 27, 2022



nscd - name service cache daemon


/usr/sbin/nscd [-L logfile] [-C component[,component...]]
    [-D debuglevel[,debuglevel...]]
/usr/sbin/nscd [-g] [-c cachename,yes|no] [-e cachename,yes|no]
    [-h cachename,keep_hot_count]
    [-i cachename][,cachename...]]
    [-n cachename,negative_time_to_live]
    [-p cachename,positive_time_to_live]
    [-C component[,component...]]
    [-D debuglevel[,debuglevel...]]
    [-L newlogfile]


The nscd daemon provides caching for most name service requests to improve performance. nscd provides a consistent dynamic name service configuration to all processes.

nscd is also an administrative tool that transparently passes options to the running daemon (see the second command synopsis).

The nscd daemon starts at system boot by the svc:/system/name-service/cache SMF service and requires no administrative interaction. To manually start the daemon, see the first nscd command synopsis.

The service's properties define the behavior of the cache daemon as shown in the nscd.conf(5) man page.

Ensure that the nscd daemon is running for ldap(7) services to function correctly.

nscd provides caching for the auth_attr, bootparams, ethers, exec_attr, group, hosts, ipnodes, netmasks, networks, passwd, prof_attr, project protocols, rpc, services, and user_attr, databases by using standard libc interfaces, such as getaddrinfo(), getnameinfo(), getpwnam(), and others. The shadow file is purposefully not cached. As a result, getspnam() calls are not cached.

Each cache has a separate time-to-live (TTL) for its data. By default, when you modify the local files database (see FILES), that cache is invalidated upon the next call to nscd.

The nscd restarts when you update or refresh any of the following services that nscd optionally depends. When nscd restarts, the caches are effectively cleared.

The files and services monitoring provide a consistent dynamic name service configuration to all processes as all standard libc interfaces interact with nscd. So, when you commit a configuration change, nscd causes all subsequent calls to use that configuration. So, it is best to ensure that nscd is always running.

For comparison, when nscd is not used, processes only gather configuration information upon their initial relevant libc call. Subsequent calls use that same configuration until those processes are restarted.

For example, consider a system that does not have nscd running. Updating that system to use LDAP or NIS, nsswitch.conf(5) is updated to add those sources. As nscd is not running, processes already started before the configuration change (such as svc.startd and svc.configd) would not use the new source. In that instance, you should start the nscd service (svcadm enable name-service/cache) so that all processes benefit from the change, or you should reboot the system to ensure that a consistent configuration is used by all processes.

When running with per-user lookups enabled (enable_per_user_lookup in nscd.conf(5)), nscd forks exactly one child process (a per-user nscd) on behalf of the user who makes the request. The per-user nscd uses the credentials of the user to open a per-user connection to the name repository that is configured for the per-user style of lookups. The lookup will be performed in the child process. The results are cached in the process and are available only to the same user. The caches are managed exactly the same as the main nscd daemon manages its own caches. Subsequent requests from the user will be handled by that per-user nscd until it terminates. The per-user nscd uses a configurable inactivity time-to-live (TTL) value and terminates itself after the inactivity TTL expires.

The maximum number of per-user nscd processes that can be created by the main nscd is configurable (see nscd.conf(5)). After the maximum number of them are created, the main nscd will use a Least Recently Used (LRU) algorithm to terminate less active child nscd processes as needed.

The main nscd daemon creates, monitors, and manages all the child nscd processes. It creates a user's own nscd upon receiving the user's first per-user lookup. When the nscd daemon is started, if per-user lookups are enabled, it checks to ensure all conditions are met before getting ready to create a per-user nscd. When the daemon is stopped, it terminates all the per-user nscd processes under its control.

Per-user nscd processes use the same configuration as the main nscd. Once the configuration is read, the per-user nscd will use it for its entire lifetime.


Several of the options described below require a cachename specification. Supported values for cachename are: auth_attr, automount, bootparams, ethers, exec_attr, group, hosts, ipnodes, netmasks, networks, passwd, prof_attr, project, protocols, rpc, services, tnrhdb. tnrhtp, user_attr,

Options that dynamically update the running nscd daemon do so on a temporary basis until the daemon is restarted.

–c cachename,yes|no

Temporarily enables or disables the ongoing check of the specified cache. The check invalidates the cache if the database file is modified. To set permanently see check_files in nscd.conf(5).

–e cachename,yes|no

Temporarily enables or disables the specified cache. The data is retrieved, but the results are not cached. To set permanently see enable_cache in nscd.conf(5).


Prints the current configuration and statistics to standard output. This is the only option executable by users without the effective UID of 0 and who have not been assigned the Name Service Management rights profile. The configuration shown is the current configuration before processing any other command-line options.

–h cachename,keep_hot_count

Temporarily updates the number of entries to keep current in the specified cache. value is an integer that approximates the number of entries that are frequently used during the day. To set permanently, see keep_hot_count in nscd.conf(5).

–i cachename

Invalidate the specified cache of an active nscd daemon.

–l filename

Specifies the debug log file at startup. For backward compatibility, use the –L option.

–n cachename,negative_ttl

Temporarily updates time-to-live for negative entries (queries that return a not found response) in the specified cache. negative_ttl is the TTL in seconds. To set permanently, see negative_time_to_live in nscd.conf(5).

–p cachename,positive_ttl

Temporarily updates time-to-live for successful queries (positive entries) in the specified cache. positive_ttl is the TTL in seconds. To set permanently, see positive_time_to_live in nscd.conf(5).

–C debug_component_list

Temporarily sets the list of components to log debug messages, as specified by the debug_level_list property value. The list is a comma-separated list of names. Valid values are shown in usage output (nscd -?) and are subject to change. The none value disables all component values, while the all value enables all values. To set permanently, see debug_components in nscd.conf(5).

–D debug_level_list

Temporarily sets the list of debug levels for which to generate debug messages. The list is a comma-separated list of debug levels. Valid values are shown in usage output (nscd -?) and are subject to change. The none value disables all debug levels, while the all value enables all debug levels. To set permanently, see debug_level in nscd.conf(5).

–L log_filename

Temporarily sets the file in which to store debug output. See config/logfile in nscd.conf(5).


Example 1 Invalidate the Host Cache of an Active Daemon

Use the following command when you know that a host's address has been changed in DNS.

example# nscd -i hosts,ipnodes
Example 2 Enable Debugging for an Active nscd Daemon

The following command enables debugging on all components at all levels and writes debug messages to the specified log file.

example# nscd -g | egrep '(debug|log)'
         0  server debug level
         0  server debug components
"/dev/null"  is the server log file
example# /usr/sbin/nscd -D all -C all -L /var/tmp/nscd.log
example# nscd -g | egrep '(debug|log)'
     32767  server debug level
      8191  server debug components
"/var/tmp/nscd.log"  is the server log file
Example 3 Disable Debugging for an Active nscd Daemon

The following commands disables debugging and resets the location of the debug log to /dev/null.

example# /usr/sbin/nscd -D none -C none -L ""



Private configuration file that is automatically generated by svc:/system/name-service/cache, see nscd.conf(5).

/etc/nsswitch.conf, /etc/resolv.conf

Monitored. Modifying the file causes nscd to restart and flush all caches. See nsswitch.conf(5) and resolv.conf(5).

/etc/bootparams, /etc/ethers, /etc/group, /etc/inet/hosts, /etc/inet/ipnodes, /etc/inet/netmasks, /etc/inet/networks, /etc/inet/protocols, /etc/passwd, /etc/project, /etc/rpc, /etc/security/auth_attr.d, /etc/security/exec_attr.d, /etc/security/prof_attr.d, /etc/security/tsol/tnrhdb, /etc/security/tsol/tnrhtp, /etc/services, /etc/user_attr.d

Monitored by default. Monitors the relevant cache based on the check_files property value, see nscd.conf(5).


See attributes(7) for descriptions of the following attributes:


See Also

svcs(1), getaddrinfo(3C), getnameinfo(3C), getpwnam(3C), getspnam(3C), auth_attr(5), bootparams(5), ethers(5), exec_attr(5), group(5), hosts(5), netmasks(5), networks(5), nscd.conf(5), nsswitch.conf(5), passwd(5), prof_attr(5), project(5), protocols(5), resolv.conf(5), rpc(5), services(5), user_attr(5), ypfiles(5), attributes(7), ldap(7), getent(8), ldapclient(8), mdnsd(8), svcadm(8), svccfg(8), ypbind(8)


You can use the svcadm command to perform administrative actions on svc:/system/name-service/cache, such as enabling, or requesting restart. You can use the svcs command to query the service's status. You can use the svccfg command to configure this service. See nscd.conf(5).

The obsolete service svc:/system/name-service-cache has been retained for backward compatibility with scripts that might reference it. Its only purpose is to serve as an optional_all dependency on the service svc:/system/name-service/cache. The obsolete service name will be removed in a future release.


The Solaris 2.5 OS introduced the /usr/sbin/nscd command that provides cached lookups for the passwd, group, and hosts databases for a limited set of API calls.

The Oracle Solaris 10 8/07 release enhanced nscd to handle additional databases and API calls. The enhancements also include monitoring for runtime changes to name service configuration.

Starting with Oracle Solaris 11.4, the nscd daemon must be running for ldap(7) services to function correctly.