Understanding cache objects

A cache object can be either positive or negative as follows:

  • Positive objects represent queries that previously returned successfully.

For example, if you execute the command getent passwd foo and foo refers to an actual user with agent authorization permission on the relevant system, a positive object with the appropriate user details filled in is stored.

  • Negative objects represent a query that previously returned unsuccessfully (or nothing).

For example, if you execute the command getent passwd foo, and foo does not refer to an actual user or refers to a user without agent authorization permission on the relevant system, a negative object entitled "there is no user with Unix name 'foo'" is stored.

Some things to remember:

  • Typically only contains partial information (e.g. it's not possible to have a negative user with both UID and Unix Name set, because it's not possible to make such a query at the same time).
  • Similarly, if you execute the command getent group bar, and bar does not refer to an actual role or to a non-visible role, a negative object stating "there is no role with name 'bar'" is stored.
  • When information in a negative object matches that of an about to be stored positive object, the negative object is first removed from the cache.
  • Some objects (for example, group membership lists or user group lists) are always positive.