URL: https://github.com/SSSD/sssd/pull/5784 Title: #5784: proxy: allow removing group members
sumit-bose commented: """ > @sumit-bose , can it happen (is it supported) two groups in different domains > have the same GID? Hi, if the two domains are managed separately it can of course happen that two groups have the same GID. For lookups by GID the group from the first domain listed in the `domains` option will win. A lookup by name, especially with a fully-qualified name, will most probably resolve both groups. Given that the `id` command will do lookups by GID an `id` lookup for the user from the second domain which is a member of the group with the duplicated GID will return the wrong group name. In this sense I would say we do not support this kind of configuration. Additionally, the filesystem is doing access control based with respect to groups with the help of the GID using the same GID in different domains might give users access to files of users from the other domain, which is typically not expected. HTH bye, Sumit """ See the full comment at https://github.com/SSSD/sssd/pull/5784#issuecomment-934479813
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure