[Freeipa-users] Re: Is there a way to change a private group to a normal user group?

Thu, 06 Jun 2024 07:34:56 -0700 

Djerk Geurts wrote:
> Is detaching all I need to do?

Yes.

It removes the MEP entries from the group and the user which is what
attaches them and adds the appropriate objectclasses to the group so it
can contain members.

rob

> On 6 Jun 2024, at 14:43, Rob Crittenden <rcrit...@redhat.com
> <mailto:rcrit...@redhat.com>> wrote:
> 
>     Djerk Geurts via FreeIPA-users wrote:
> 
>         Hi all,
> 
>         Working on NFS access for local system accounts I found that one NFS
>         client was only able to use a primary group to gain access to an NFS
>         share via group privileges, and not a secondary group.
> 
>         But now, I’ve run into an issue where I need to grant others
>         access to
>         the same files, and their use of secondary group membership isn’t a
>         problem. So now I’m considering if I can change the private
>         group to a
>         normal group and still have it as the primary group for the
>         system account.
> 
>         I don’t want to have to change the group ownership of 10TB of
>         files and
>         folders again as this takes a long time. So the gid must stay
>         ideally
>         stay the same. Can I:
> 
>         * Change the group type, so it shows up in the IPA GUI and add
>         another
>         group to it.
>         * Delete the private group and recreate it as a normal group
>         with the
>         same gid and name?
> 
> 
>         Or am I screwed and need to remove the user and group and
>         recreate them
>         from scratch?
> 
>     On the cli you can do: ipa group-detach <group>
> 
>     There is no equivalent attach command to convert a non-private group
>     into a private one (except a toy I made on my blog).
> 
>     rob
> 
--
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to