[Freeipa-users] changing primary GID for a user?
Brian LaMere
brian at cukerinteractive.com
Wed Sep 22 19:31:01 UTC 2010
On Wed, Sep 22, 2010 at 12:09 PM, James Roman <james.roman at ssaihq.com>wrote:
> On 9/22/10 2:42 PM, Brian LaMere wrote:
>
>> The primary GID for a user isn't in the web interface for the user to be
>> able to change it.
>>
> Holy cow. What a security flaw that would be if it were. How about a sign
> up sheet for admin access to the mail server.
>
> /usr/sbin/ipa-moduser (what the document references) doesn't exist, nor
>> does "ipa user-mod" have an options for changing the GID.
>>
>> How is this done?
>>
> You don't. The administrators (or those appropriately designated) assign
> you to the appropriate group. Perhaps you could provide an idea of why you
> would want to extend this privilege?
>
you're substantially misunderstanding. When logging in to the web interface
as admin, with the ability to create users, hosts, roles, etc etc - there's
no box for the GID. There's no box to even see what it is. I *am* the
administrator.
I was only looking at the web page because the command line didn't have the
option listed, either. Which seemed to suggest that a very, very basic
component of creating and modifying user accounts was not easily adjustable.
Rob answered the question, however - thanks.
Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20100922/a8da10ef/attachment.htm>
More information about the Freeipa-users
mailing list