To reproduce the core of this issue, the following steps must happen:
* Configure a service that nscd can cache, which provides netgroup maps. I use LDAP but others should work also.
* Ensure it has at least one positive query for "in net group" (which may require other maps)
* Perform multiple identical "in net group" queries within the TTL time. If the cached service is remote, you can tell when you have enough when network traffic stops. I used getent netgroup QAUsers "" testuser23461 ""
(the bug has now been triggered; the next steps show the effects)
* wait for the entry to time out (the positive TTL time).
* If you watch the logs (enable debug) you can see the message where the cleanup task tries to purge it, or after the timeout time, you can use "nscd -i netgroup" to force a purge
If you let the cleanup task run, you can attach to nscd with gdb and "info threads" - one will be waiting for a write lock.
If you use "nscd -i netgroup" it will hang.
To "reset" this test, you need to stop nscd *and* manually remove the persistent cached databases it uses.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.