sudo 响应缓慢

tag-icon tag-icon performance ldap sudo
sudo 响应缓慢

我们已设置 LDAP 来提供有关 sudo 的信息。整个系统运行正常,但任何 sudo 命令都需要很长时间(约 10 秒)才能返回。

例如如果我运行

 strace -f -r -o strace.sudo-l.wri sudo -l

我们在 strace 输出中看到了这一点 - 添加空行来显示循环代码:

16737      0.000129 open("/etc/netgroup", O_RDONLY) = -1 ENOENT (No such file or directory)
16737      0.000131 socket(PF_FILE, SOCK_STREAM, 0) = 6
16737      0.000097 connect(6, {sa_family=AF_FILE, path="/var/run/nslcd/socket"}, 110) = 0
16737      0.000246 select(1024, NULL, [6], NULL, {9, 999999}) = 1 (out [6], left {9, 999995})
16737      0.000192 sendto(6, "\1\0\0\0\341.\0\0\17\0\0\0TestGroup1_users", 27, MSG_NOSIGNAL, NULL, 0) = 27
16737      0.000134 select(1024, [6], NULL, NULL, {59, 999999}) = 1 (in [6], left {59, 987006})
16737      0.013308 read(6, "\1\0\0\0\341.\0\0\3\0\0\0", 1024) = 12
16737      0.000153 close(6)            = 0

16737      0.000114 open("/etc/netgroup", O_RDONLY) = -1 ENOENT (No such file or directory)
16737      0.000112 socket(PF_FILE, SOCK_STREAM, 0) = 6
16737      0.000091 connect(6, {sa_family=AF_FILE, path="/var/run/nslcd/socket"}, 110) = 0
16737      0.000214 select(1024, NULL, [6], NULL, {9, 1000000}) = 1 (out [6], left {9, 999996})
16737      0.000215 sendto(6, "\1\0\0\0\341.\0\0\21\0\0\0TestGroup2_users", 29, MSG_NOSIGNAL, NULL, 0) = 29
16737      0.000129 select(1024, [6], NULL, NULL, {59, 1000000}) = 1 (in [6], left {59, 987427})
16737      0.012863 read(6, "\1\0\0\0\341.\0\0\0\0\0\0\310\1\0\0\1\0\0\0-\10\0\0\0username1"..., 1024) = 248
16737      0.000156 close(6)            = 0

16737      0.000112 open("/etc/netgroup", O_RDONLY) = -1 ENOENT (No such file or directory)
16737      0.000110 socket(PF_FILE, SOCK_STREAM, 0) = 6
16737      0.000092 connect(6, {sa_family=AF_FILE, path="/var/run/nslcd/socket"}, 110) = 0
16737      0.000215 select(1024, NULL, [6], NULL, {9, 999999}) = 1 (out [6], left {9, 999995})
16737      0.000208 sendto(6, "\1\0\0\0\341.\0\0\17\0\0\0TestGroup3_users", 27, MSG_NOSIGNAL, NULL, 0) = 27
16737      0.000152 select(1024, [6], NULL, NULL, {59, 999999}) = 1 (in [6], left {59, 987404})
16737      0.012881 read(6, "\1\0\0\0\341.\0\0\3\0\0\0", 1024) = 12
16737      0.000121 close(6)            = 0

请注意,“read(6,” 调用返回的时间相对较长。有超过 800 个 read 调用,800 * 0.0128 秒 == 10.37 秒。

我知道这个调用在网上要花一些时间,但是 strace 输出显示它一遍又一遍地做着相同的工作:

  • open(“/etc/netgroup”, O_RDONLY) = -1 ENOENT (没有此文件或目录)
  • 连接(6,{sa_family = AF_FILE,路径=“/ var / run / nslcd / socket”},110)= 0
  • 读取(6,“\1\0\0\0\341.\0\0\3\0\0\0”,1024)= 12
  • 关闭(6)= 0

我是否错误配置了 sudo-ldap.conf 或 pam_ldap.conf(或其他地方)中的标志,从而导致此问题,或者这是 sudo 代码中的性能错误?(或者其他什么?)

相关内容