Oh yes, it's clear, but I just don't know if I'm setting myself up for problems if I set a freeipa gid or uid to a value that already existed on the host before it was turned into a freeipa client. That's already a problem with my users since they have different uids on the hosts if they were useradd-ed in a different order. However I'm sure that if I just change uids in the /etc/passwd file to match freeipa then all the existing file ownerships will be messed up.
I was hoping there is a standard way to deal with this and that I just didn't find the right page in the docs. On Wed, Oct 23, 2019 at 2:37 PM John Duino <jdu...@oblong.com> wrote: > You can specify the GID when you create user groups in freeIPA. > In the GUI it's very clear (Group name[required], Description, Group Type, > GID). > CLI it's something like # ipa group-add <group name> --gid=<GID> > > On Wed, Oct 23, 2019 at 3:12 PM Jason Dunham via FreeIPA-users < > freeipa-users@lists.fedorahosted.org> wrote: > >> Hi I'm trying to figure out the best practice for groups on my client >> servers. >> I have several computation workstation hosts that have been added as >> freeipa clients, and several engineers who want to run docker on them >> Members of the 'docker' group (gid=999 on some machines, for example) can >> run docker without needing sudo, which is what I want to roll out to all >> machines. Ideally this would be managed from freeipa with LDAP groups, and >> so anyone in the 'engineers' group should also be a member of the 'docker' >> group. >> >> When I create a 'docker' group on freeIPA it will have some other gid and >> the client sees that. >> Should I just delete the original docker group from my hosts and let it >> get it from ldap, or should I go into /etc/group and change the gid to the >> one that matches the right ldap gid, or preferably something easier than >> that? >> _______________________________________________ >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> To unsubscribe send an email to >> freeipa-users-le...@lists.fedorahosted.org >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org >> >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org