[Freeipa-users] GID, groups and ipa group-show
Prasun Gera
prasun.gera at gmail.com
Thu Jan 14 00:40:31 UTC 2016
This is an old thread, but I can confirm that this is still an issue on
RHEL 7.2 + 4.2. This creates problems when there are roles associated with
groups, but group membership through GID is broken. I had migrated all old
NIS accounts into ipa. I then added the host enrollment role to a
particular group. Now, unless I add the users to the group explicitly, they
won't get the role, even if their gid is the same as the gid of the group.
On Mon, Aug 24, 2015 at 5:01 AM, David Kupka <dkupka at redhat.com> wrote:
> On 21/08/15 15:21, bahan w wrote:
>
>> Hello !
>>
>> I contact you because I notice something strange with IPA environment.
>>
>> I created a group :
>> ipa group-add g1 --desc="my first group"
>>
>> Then I created a user with the GID of g1
>> GID1=`ipa group-show g1 | awk '/GID/ {printf("%s",$2)}'`
>> ipa user-add --first=u1 --last=u1 --homedir=/home/u1 --shell=/bin/bash
>> --gidnumber=${GID1} u1
>>
>> Then when I perform ipa group-show g1 command, I got the following result
>> :
>> ###
>> Group name: g1
>> Description: my first group
>> GID: <gid1>
>> ###
>>
>> Same for ipa user-show u1 :
>> ###
>> User login: u1
>> First name: u1
>> Last name: u1
>> Home directory: /home/u1
>> Login shell: /bin/bash
>> Email address: u1@<MYDOMAIN>
>> UID: <uid1>
>> GID: <gid1>
>> Account disabled: False
>> Password: False
>> Member of groups: ipausers
>> Kerberos keys available: False
>> ###
>>
>> These 2 commands does not see u1 as a member of g1.
>> When I try the command id u1, I can see the group :
>>
>> ###
>> id u1
>> uid=<uid1>(u1) gid=<gid1>(g1) groups=<gid1>(g1)
>> ###
>>
>> Is it the normal behaviour of these IPA commands ?
>>
>> Best regards.
>>
>> Bahan
>>
>>
>>
> Hello!
>
> I'm not sure if this is intended and/or correct behavior or not.
> Looking at /etc/passwd and /etc/group I see it behaves similarly in a way.
>
> You can have following entries in the aforementioned files
>
> [/etc/group]
> ...
> g1:x:<gid1>:
> ...
>
> [/etc/passwd]
> ...
> u1:x:<uid1>:<gid1>::/home/u1:/bin/bash
> ...
>
> Looking in /etc/group you can't see user 'u1' is member of group 'g1' but
> tools like id, groups, getent shows this information.
>
> On the other hand it would be useful to show these "implicit" members in
> group-show output.
> Could you please file a ticket (https://fedorahosted.org/freeipa/newticket
> )?
>
> --
> David Kupka
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160113/35e9677e/attachment.htm>
More information about the Freeipa-users
mailing list