[Freeipa-users] Different primary group on different machines.

[KodaK]

On Thu, Oct 25, 2012 at 12:35 PM, Dmitri Pal <dpal at redhat.com> wrote:
> On 10/25/2012 11:49 AM, KodaK wrote:
>> I've been having users use the "newgrp" command to change their
>> primary group on different machines.
>>
>> I've poked around in the docs a bit and I don't see this addressed.  I
>> know, I know: "if it works, use it" -- but I'm wondering if I'm just
>> missing a way to do it with IPA, or if there's another way to do it
>> that might be better.
>>
>> Any thoughts?
>>
>> Thanks,
>>
>> --Jason
>>
> By reading the description of the command it seems that it works only
> for local accounts.
> So I suspect it is not effective in any case when the users come from
> LDAP and not file.
>
> That brings the question: what is the use case and why you need it and
> subsequently is there any other way to solve the problem you are trying
> to solve with already existing means in SSSD?
>

I have users that need different primary groups on different machines.
 The newgrp command works -- unfortunately putting it in a login
script is a bad thing because newgrp reads those same login scripts,
creating an infinite loop.

We have many different development groups, but people can be members
of multiple groups.  For collaboration, they'd like it when creating a
file to have that file have a group ownership of "foo" on machine-A,
but "bar" on machine-B.  I'd like to help the end users do this
themselves so that I don't have to maintain separate files on each
machine (one of the reasons I put in IPA in the first place. :) )

Thanks,

--Jason