我已经在 Linux 服务器(ubuntu 16.04)上设置了 pam 和 nss,以从远程 postgresql 数据库获取用户和组。在服务器上登录没问题,但无法从数据库中加载组。
如果表 group_table 中存在条目,getent group 将失败并显示以下消息'第 3 列超出范围 0..2'。 nss-pgsql.conf 中使用的所有 sql 似乎都很好。
我使用以下数据库表:
nss-pgsql.conf 的内容:
connectionstring = hostaddr=123.456.789.10 dbname=nobodyexpects user=the password=spanishinquisition connect_timeout=1
getgroupmembersbygid = SELECT username FROM passwd_table WHERE gid = $1
getpwnam = SELECT username, passwd, gecos, homedir, shell, uid, gid FROM passwd_table WHERE username = $1
getpwuid = SELECT username, passwd, gecos, homedir, shell, uid, gid FROM passwd_table WHERE uid = $1
allusers = SELECT username, passwd, gecos, homedir, shell, uid, gid FROM passwd_table
getgrnam = SELECT groupname, passwd, gid FROM group_table WHERE groupname = $1
getgrgid = SELECT groupname, passwd, gid FROM group_table WHERE gid = $1
groups_dyn = SELECT ug.gid FROM passwd_table JOIN usergroups ug USING (uid) where username = $1 and ug.gid <> $2
allgroups = SELECT groupname, passwd, gid FROM group_table
如果表 group_table 不包含任何数据,我会收到一条消息,指出找不到组的名称,并且 getent 组与本地组一起使用。希望有人能帮忙。
答案1
发现 group-SQL 需要额外的用户名列表。将 SQL 更改为
getgrnam = SELECT g.groupname, 'x' AS passwd, g.gid, ARRAY(SELECT p.username FROM passwd_table p INNER JOIN usergroups ug ON ug.uid=p.uid WHERE ug.gid = g.gid) AS members FROM group_table g WHERE g.groupname = $1
getgrgid = SELECT g.groupname, 'x' AS passwd, g.gid, ARRAY(SELECT p.username FROM passwd_table p INNER JOIN usergroups ug ON ug.uid=p.uid WHERE ug.gid = g.gid) AS members FROM group_table g WHERE g.gid = $1
groups_dyn = SELECT ug.gid FROM passwd_table JOIN usergroups ug USING (uid) where username = $1 and ug.gid <> $2
allgroups = SELECT groupname, passwd, gid, ARRAY(SELECT p.username FROM passwd_table p INNER JOIN usergroups ug ON ug.uid=p.uid WHERE ug.gid = g.gid) AS members FROM group_table
解决问题。