[Freeipa-users] GID, groups and ipa group-show
David Kupka
dkupka at redhat.com
Mon Aug 24 09:01:17 UTC 2015
On 21/08/15 15:21, bahan w wrote:
> Hello !
>
> I contact you because I notice something strange with IPA environment.
>
> I created a group :
> ipa group-add g1 --desc="my first group"
>
> Then I created a user with the GID of g1
> GID1=`ipa group-show g1 | awk '/GID/ {printf("%s",$2)}'`
> ipa user-add --first=u1 --last=u1 --homedir=/home/u1 --shell=/bin/bash
> --gidnumber=${GID1} u1
>
> Then when I perform ipa group-show g1 command, I got the following result :
> ###
> Group name: g1
> Description: my first group
> GID: <gid1>
> ###
>
> Same for ipa user-show u1 :
> ###
> User login: u1
> First name: u1
> Last name: u1
> Home directory: /home/u1
> Login shell: /bin/bash
> Email address: u1@<MYDOMAIN>
> UID: <uid1>
> GID: <gid1>
> Account disabled: False
> Password: False
> Member of groups: ipausers
> Kerberos keys available: False
> ###
>
> These 2 commands does not see u1 as a member of g1.
> When I try the command id u1, I can see the group :
>
> ###
> id u1
> uid=<uid1>(u1) gid=<gid1>(g1) groups=<gid1>(g1)
> ###
>
> Is it the normal behaviour of these IPA commands ?
>
> Best regards.
>
> Bahan
>
>
Hello!
I'm not sure if this is intended and/or correct behavior or not.
Looking at /etc/passwd and /etc/group I see it behaves similarly in a way.
You can have following entries in the aforementioned files
[/etc/group]
...
g1:x:<gid1>:
...
[/etc/passwd]
...
u1:x:<uid1>:<gid1>::/home/u1:/bin/bash
...
Looking in /etc/group you can't see user 'u1' is member of group 'g1'
but tools like id, groups, getent shows this information.
On the other hand it would be useful to show these "implicit" members in
group-show output.
Could you please file a ticket (https://fedorahosted.org/freeipa/newticket)?
--
David Kupka
More information about the Freeipa-users
mailing list