Re: [Freeipa-users] Default gid for AD trust users
On 09/02/2016 03:15 PM, Lukas Slebodnik wrote: On (24/08/16 11:42), Orion Poplawski wrote: While that is definitely *a* convention, it's not the one we've used which puts users by default in shared groups (nwra, visitors, etc). For example: uid=2941(user) gid=1991(nwra) The user "user" should be a member "nwra" group. If no then you have other issues. Why does it matter whether it is a primary group or no? LS Because that is the default group ownership of files created by the user. Yes, they can change it, and yes you can use setgid directories, but it is the default. -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA/CoRA DivisionFAX: 303-415-9702 3380 Mitchell Lane or...@cora.nwra.com Boulder, CO 80301 http://www.cora.nwra.com -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Default gid for AD trust users
On (24/08/16 11:42), Orion Poplawski wrote: >While that is definitely *a* convention, it's not the one we've used which >puts users by default in shared groups (nwra, visitors, etc). For example: > >uid=2941(user) gid=1991(nwra) > The user "user" should be a member "nwra" group. If no then you have other issues. Why does it matter whether it is a primary group or no? LS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Default gid for AD trust users
FWIW - I've filed https://fedorahosted.org/freeipa/ticket/6293 to request the ability to set the primary group for AD trust users. On 08/24/2016 11:42 AM, Orion Poplawski wrote: > While that is definitely *a* convention, it's not the one we've used which > puts users by default in shared groups (nwra, visitors, etc). For example: > > uid=2941(user) gid=1991(nwra) > > We may be fine changing conventions, but I'm researching whether or not we > have to. > > Thanks. > > On 08/24/2016 11:19 AM, Justin Stephenson wrote: >> Could you please explain further what you are trying to accomplish with an AD >> trust default group? I believe we are following the standard linux convention >> of creating a user private group using the ID number which matches the uid >> number for AD trust users. >> >> Kind regards, >> >> Justin Stephenson >> >> >> On 08/23/2016 06:27 PM, Orion Poplawski wrote: >>> Is there any way to control the default gid for AD trust users? At the >>> moment >>> each user has it's own default group, e.g.: >>> >>> uid=22603(user@ad.domain) gid=22603(user@ad.domain) >>> >>> It would be nice to be able to set this to an actual group. >>> >>> Thanks. >>> >> > > -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane or...@nwra.com Boulder, CO 80301 http://www.nwra.com -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Default gid for AD trust users
While that is definitely *a* convention, it's not the one we've used which puts users by default in shared groups (nwra, visitors, etc). For example: uid=2941(user) gid=1991(nwra) We may be fine changing conventions, but I'm researching whether or not we have to. Thanks. On 08/24/2016 11:19 AM, Justin Stephenson wrote: > Could you please explain further what you are trying to accomplish with an AD > trust default group? I believe we are following the standard linux convention > of creating a user private group using the ID number which matches the uid > number for AD trust users. > > Kind regards, > > Justin Stephenson > > > On 08/23/2016 06:27 PM, Orion Poplawski wrote: >> Is there any way to control the default gid for AD trust users? At the >> moment >> each user has it's own default group, e.g.: >> >> uid=22603(user@ad.domain) gid=22603(user@ad.domain) >> >> It would be nice to be able to set this to an actual group. >> >> Thanks. >> > -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane or...@nwra.com Boulder, CO 80301 http://www.nwra.com -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Default gid for AD trust users
Could you please explain further what you are trying to accomplish with an AD trust default group? I believe we are following the standard linux convention of creating a user private group using the ID number which matches the uid number for AD trust users. Kind regards, Justin Stephenson On 08/23/2016 06:27 PM, Orion Poplawski wrote: Is there any way to control the default gid for AD trust users? At the moment each user has it's own default group, e.g.: uid=22603(user@ad.domain) gid=22603(user@ad.domain) It would be nice to be able to set this to an actual group. Thanks. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] Default gid for AD trust users
Is there any way to control the default gid for AD trust users? At the moment each user has it's own default group, e.g.: uid=22603(user@ad.domain) gid=22603(user@ad.domain) It would be nice to be able to set this to an actual group. Thanks. -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane or...@nwra.com Boulder, CO 80301 http://www.nwra.com -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
