Try   HackMD

Sysadm records

sssd and login

nsswitch.conf - group

Summery

If a user needs both local group and remote group, nsswitch group field could be configured as below

group:      files sss # /etc/groups + groups from sssd

or

group:      files [SUCCESS=merge] sss # Specifiy an action

if a user only need sssd group, it could be configured like this

group:     sss       // no files

Explanation:

Based on man page:

The first column is the database name. The remaining columns
specify:

  • One or more service specifications, for example, "files",
    "db", or "nis". The order of the services on the line
    determines the order in which those services will be queried,
    in turn, until a result is found.
  • Optional actions to perform if a particular result is obtained
    from the preceding service, for example, "[NOTFOUND=return]".

Simply to say, name services will follow the order to query.

group:      files sss

above configuration means asking /etc/group first for groups, then asking sssd after that.

Based on the man page of STATUS

success:
No error occurred and the requested entry is returned.
The default action for this condition is "return".

group query might be stopped after searching /etc/group.
If this happens, use [SUCCESS=merge] when you plan to have 2 groups for 1 user.

In my Ubuntu bionic, it works without set [SUCCESS=merge].
I guess default option is merge, but not verified.

Trace PAM with strace

Last changed by 
Sheng-Wen Wang
0
132

Read more

Technical docs

Most of them are Mandarin, but they all have example code or experiement resutls.I'd like to discuss more about what I've done.

Dec 9, 2024
Ultimate AWS Certified Solutions Architect Associate - 筆記

2/9:Create a user account on IAM.

Nov 15, 2023
virsh VM 指令

建立一個 20G 的虛擬硬碟空間

Oct 23, 2023
DNS

< 4.2.0

Oct 10, 2023
Read more from Sheng-Wen Wang
Published on HackMD