On ke, 27 tammi 2021, Ronald Wimmer via FreeIPA-users wrote:
I would like an IPA user to be member of the local 'docker' group. Is this possible?
Yes. This is called 'group merging'. You need to have the following in your nsswitch.conf: # Allow initgroups to default to the setting for group. initgroups: sss [SUCCESS=merge] files Then create 'docker' group in IPA, add IPA user there. glibc on the host will merge groups membership from SSSD witht he group membership from 'files' provider. https://bugzilla.redhat.com/show_bug.cgi?id=1298975 https://sourceware.org/glibc/wiki/Proposals/GroupMerging https://sgallagh.wordpress.com/2016/01/28/remote-group-merging-for-fedora/ -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
