Last active
January 17, 2017 23:37
-
-
Save jmaziarz/94d4568fee7bb22a1e6b41711c8b2d4c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Our nsswitch.conf from our production configuration | |
$ cat /etc/nsswitch.conf | |
passwd: compat [NOTFOUND=continue] pgsql | |
shadow: files | |
group: files pgsql | |
hosts: files dns | |
bootparams: files | |
ethers: files | |
netmasks: files | |
networks: files | |
protocols: files | |
rpc: files | |
services: files | |
automount: files | |
aliases: files | |
sudoers: files | |
## Our nss-pgsql.conf from our production configuration | |
$ cat /etc/nss-pgsql.conf | |
connectionstring = dbname=gforge user=gforge password= connect_timeout=1 | |
# List all the groups | |
allgroups = SELECT groupname, passwd, gid FROM nss_group_vw | |
# List all the users | |
allusers = SELECT username, passwd, gecos, homedir, shell, uid, gid FROM nss_passwd_vw | |
# Get the user information by username | |
getpwnam = SELECT username, passwd, gecos, homedir, shell, uid, gid FROM nss_passwd_vw WHERE username=$1 | |
# Get the user information by uid | |
getpwuid = SELECT username, passwd, gecos, homedir, shell, uid, gid FROM nss_passwd_vw WHERE uid=$1 | |
# Get the group information by group name | |
getgrnam = SELECT groupname, passwd, gid FROM nss_group_vw WHERE groupname=$1 | |
# Get the group information by gid | |
getgrgid = SELECT groupname, passwd, gid FROM nss_group_vw WHERE gid=$1 | |
# Get the list of groups a user belongs to | |
groups_dyn = SELECT DISTINCT getAllUserProjectsIdsSCM+50000 FROM getAllUserProjectsIdsSCM( (SELECT uid-1000000 FROM nss_passwd_vw WHERE username=$1) ) WHERE getAllUserProjectsIdsSCM <> $2-1000000 UNION SELECT gid FROM nss_group_vw WHERE has_apache=true AND $1='apache' UNION SELECT gid FROM nss_group_vw WHERE has_anonymous=true AND $1='anonymous' | |
# Get the list of users in a group | |
getgroupmembersbygid = SELECT username FROM nss_passwd_vw WHERE user_id IN (SELECT * FROM getAllProjectUsersIdsSCM( $1-50000 )) UNION SELECT username FROM nss_passwd_vw WHERE gid=$1 UNION SELECT 'apache' FROM nss_group_vw WHERE gid=$1 AND has_apache=true UNION SELECT 'anonymous' FROM nss_group_vw WHERE gid=$1 AND has_anonymous=true | |
## Users work properly | |
$ psql -U gforge gforge -c "SELECT * FROM nss_passwd_vw LIMIT 1" | |
user_id | uid | gid | username | passwd | gecos | homedir | shell | |
---------+---------+---------+----------+------------------------------------+--------------------+-------------+--------------- | |
101 | 1982000 | 1982000 | admin | $1$wJNAVnC2$/tjIE4zOHmu.Z74gCYv655 | Local GForge Admin | /home/admin | /bin/cvssh.pl | |
(1 row) | |
$ getent passwd admin | |
admin:$1$wJNAVnC2$/tjIE4zOHmu.Z74gCYv655:1982000:1982000:Local GForge Admin:/home/admin:/bin/cvssh.pl | |
## Groups fail | |
$ psql -U gforge gforge -c "SELECT * FROM nss_group_vw LIMIT 1" | |
groupname | passwd | gid | has_anonymous | has_apache | |
--------------+--------+-------+---------------+------------ | |
contextaware | x | 50287 | t | f | |
(1 row) | |
$ getent group contextaware |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment