[jira] [Comment Edited] (RANGER-827) Use system supplied mechanism to get users and groups on unix

[Velmurugan Periasamy (JIRA)]

    [ 
https://issues.apache.org/jira/browse/RANGER-827?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15143675#comment-15143675
 ] 

Velmurugan Periasamy edited comment on RANGER-827 at 2/11/16 11:36 PM:
-----------------------------------------------------------------------

I have one minor change introduced - to support existing deployments without 
any config changes, added a default value of 0 for min group id 
(ranger.usersync.unix.minGroupId). I believe it should be okay as this property 
is used only if ranger.usersync.unix.backend is nss, in that case user is 
expected to set ranger.usersync.unix.minGroupId property to a valid value. 

See attached follow-up patch - 
https://issues.apache.org/jira/secure/attachment/12787560/0001-RANGER-827-Add-default-value-for-min-group-id-to-sup.patch

Review request here - https://reviews.apache.org/r/43505/


was (Author: vperiasamy):
I have one minor change introduced - to support existing deployments without 
any config changes, added a default value of 0 for min group id. I believe it 
should be okay as this property is used only if ranger.usersync.unix.backend is 
nss, in that case user is expected to set this property to a valid value. 

See attached follow-up patch - 
https://issues.apache.org/jira/secure/attachment/12787560/0001-RANGER-827-Add-default-value-for-min-group-id-to-sup.patch

Review request here - https://reviews.apache.org/r/43505/

> Use system supplied mechanism to get users and groups on unix
> -------------------------------------------------------------
>
>                 Key: RANGER-827
>                 URL: https://issues.apache.org/jira/browse/RANGER-827
>             Project: Ranger
>          Issue Type: Improvement
>          Components: usersync
>    Affects Versions: 0.5.1
>            Reporter: Bolke de Bruin
>            Assignee: Bolke de Bruin
>              Labels: integration, pam, sssd, sync
>             Fix For: 0.6.0
>
>         Attachments: 
> 0001-RANGER-827-Add-default-value-for-min-group-id-to-sup.patch, 
> 0001-RANGER-827-Improve-unix-usersync.patch, 
> 0002-RANGER-827-Improve-unix-usersync.patch, 
> 0003-RANGER-827-Improve-unix-usersync.patch, 
> 0004-RANGER-827-Improve-unix-usersync.patch, 
> 0005-RANGER-827-Improve-unix-usersync.patch, 
> 0006-RANGER-827-Improve-unix-usersync.patch, usersync.patch
>
>
> The unix user sync currently reads /etc/passwd /etc/groups . This is often 
> not a reflection of users and groups available on a system especially when 
> nsswitch is configured (eg. sssd, ldap etc).
> Secondly in some cases groups will contain user names that are not returned 
> with "getent passwd", especially "external users" and it is required to add 
> these using the group information.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)