Joe can you please advise us how many users we should store in /etc/passwd file ? I will soon have many users (I think about thousands) for emails and FTP accounts. So could it be over 10k ? Or over 50k ?
10k is probably still fine. I managed a system several years ago with about four thousand users in /etc/passwd, and it didn’t have any trouble at all. It only had 2GB of RAM, I think, and was an old dual core Intel Xeon at about 1GHz.
Are things getting slow? The places you’d notice it would be when adding, editing, or removing users.
10,000 users would lead to an /etc/passwd of about 500 kilobytes. When loaded into a Perl data structure, it’d be about two or three times that size, so a few MB in RAM. Still quite simple to manage–I’ve built Perl apps that deal with far larger data in RAM without beginning to worry about doing more complex things like memory mapping or storing it in custom data structures written in C. The C data structures that PAM uses (linked list, probably, but maybe a hash table of some sort) would be even smaller, most likely. Pretty much everything on the system is going to be dealing with PAM for user data interactions, so, as long as PAM is fast, it should work fine.
So, you tell us when it starts getting slow, or acting funny, and then we’ll know. It may even be more than 50k on modern hardware. 2.5MB of raw data is not all that intimidating–even if it balloons up to five times that in data structures within the software, it’s still only 15MB. We aint breaking the bank on RAM here, or on what can be loaded into RAM quickly (and what can easily be permanently cached by the kernel on a system with reasonable amounts of RAM).
But, my main argument whenever anyone wants to introduce a database into a hosting system is, “Think about whether you need that extra complexity to achieve what you want to achieve.” Usually, the answer is no. Performance is not a benefit of moving to a database for users–plain text passwd storage is faster in every case I’ve ever personally managed, and if you think about it, it’ll be obvious why. But, there are some cases where you need other tools. If you have many machines and they all need to share users…obviously you need a directory that all machines authenticate to. But many users is rarely a good reason to introduce that complexity, because it’s just going to be slower and harder to configure and manage.
I just imagine there must be some point at which the standard passwd tools begin to breakdown, and loading the whole list into RAM for editing becomes a problem. I’ve just never run into it in person.