# Sysadm records
## sssd and login
### nsswitch.conf - group
#### Summery
If a user needs both local group and remote group, nsswitch group field could be configured as below
```
group: files sss # /etc/groups + groups from sssd
or
group: files [SUCCESS=merge] sss # Specifiy an action
```
if a user only need sssd group, it could be configured like this
```
group: sss // no files
```
#### Explanation:
Based on man page:
:::info
The first column is the database name. The remaining columns
specify:
* One or more service specifications, for example, "files",
"db", or "nis". The order of the services on the line
determines the order in which those services will be queried,
in turn, until a result is found.
* Optional actions to perform if a particular result is obtained
from the preceding service, for example, "[NOTFOUND=return]".
:::
Simply to say, name services will follow the order to query.
```
group: files sss
```
above configuration means asking /etc/group first for groups, then asking sssd after that.
Based on the man page of `STATUS`
:::info
success:
No error occurred and the requested entry is returned.
The default action for this condition is "return".
:::
group query might be stopped after searching /etc/group.
If this happens, use `[SUCCESS=merge]` when you plan to have 2 groups for 1 user.
In my Ubuntu bionic, it works without set `[SUCCESS=merge]`.
I guess default option is merge, but not verified.
## Trace PAM with strace
* https://forums.centos.org/viewtopic.php?t=46331
Sign in with Wallet
Connect another wallet